IPA : IPA/ISEC Unauthorized Access Incident Report 1st Half (January

Unauthorized Computer Access Report for the 1st Half of 2010

July 16, 2010

IT Security Center
Information-technology Promotion Agency, Japan (IPA)

This is the report on unauthorized computer access for the first half of 2010 (from January to June), compiled by Information-technology Promotion Agency, Japan (IPA).

According to the reports filed to IPA in the first half of 2010, the latest trend mainly consisted of:

A Website being broken into by an attacker using a stolen ftp account information and a malicious script being embedded in Web pages (so called Gumblar)
A members-only site being logged on and used by a hacker impersonating a legitimate user
A server being hacked into by a hacker exploiting software vulnerability or carrying out password cracking attack; its files being altered or malicious code being embedded; and the server being used as a stepping stone for attacking other servers

By referring to the following sites, be sure to make appropriate security settings on your computer and to implement operational and management security measures on an ongoing basis.

IPA Security Center – Information for individual users (in Japanese)
http://www.ipa.go.jp/security/personal/
Information security educational materials (in Japanese)
http://www.ipa.go.jp/security/fy18/reports/contents/

1. Number of Cases Reported

The number of cases reported in the first half of 2010 (from January to June) was 100, up 14 cases, or 116 percent, from the second half of 2009. The number of cases involving actual damages was up 18 cases, or 135 percent, from the second half of 2009.

Note: The number in parenthesis shows the actual damage.

2.Breakdown by Type

The number of cases reported to IPA in the first half of 2010 was 100 (86 in the second half of 2009). Among them, 70 cases (52 cases in the second half of 2009) involved actual damages, accounting for 70 percent of all the cases reported. Actual damages in this context are caused by: "intrusion", "unauthorized mail relay", "Worm infection", "DoS", "spoofed address", "spoofing", "malicious code embedded" and "other factors (with damage)" and the number of cases involving actual damages is calculated by summing up each factor’s number of cases.

	The 1st half of 2008		The 2nd half of 2008		The 1st half of 2009		The 2nd half of 2009		The 1st half of 2010
Intrusion	23	37.1 %	32	34.4 %	16	25.4 %	20	23.3 %	36	36.0 %
Unauthorized Mail Relay	0	0.0 %	0	0.0 %	1	1.6 %	1	1.2 %	0	0.0 %
Worm Infection	0	0.0 %	0	0.0 %	0	0.0 %	0	0.0 %	0	0.0 %
DoS	6	9.7 %	5	5.4 %	4	6.3 %	1	1.2 %	2	2.0 %
Spoofed address	4	6.5 %	5	5.4 %	1	1.6 %	1	1.2 %	1	1.0 %
Spoofing	*		*		7	11.1 %	25	29.1 %	24	24.0 %
Malicous code embedded	*		*		12	19.0 %	0	0.0 %	3	3.0 %
Other factors (with damage)	16	25.8 %	29	31.2 %	3	4.8 %	4	4.7 %	4	4.0 %
Evidence of access (failed attempt)	5	8.1 %	16	17.2 %	19	30.2 %	33	38.4 %	26	26.0 %
Evidence of Worm	0	0.0 %	0	0.0 %	0	0.0 %	0	0.0 %	0	0.0 %
Others (Not Damaged)	8	12.9 %	6	6.5 %	0	0.0 %	1	1.2 %	4	4.0 %
Total	62		93		63		86		100

Note: shaded regions indicate the causes involving actual damages. All the ratios shown in the Table above are rounded to one decimal place, so they may not add up to 100 percent.

3. Cause of Damage

Of the 42 cases involving actual damages, 4 cases were caused by "Poor ID & password management", 3 cases by "Older version used/patch not applied" and 2 cases by "Setting error".

Note: If the reported damage was caused by multiple factors, one major factor is selected as representative and the count for the selected factor is incremented by 1.

4. Report Submitter

Breakdown of the report submitters are as follows:

Note:All the ratios shown in the Figure above are rounded to one decimal place, so they may not add up to 100 percent.

Inquiries to:

IT Security Center, Information-technology Promotion Agency, Japan (IPA/ISEC)
Kagaya/Hanamura/Ooura
Tel:+81-3-5978-7527
Fax:+81-3-5978-7518
E-mail:

Top Page