We deeply apologize for the significant inconvenience caused by the information security incident that occurred at our university from September 2022 to May of this year.
We hereby release the "Investigation Report on Unauthorized Access to the Information Systems of the National Graduate Institute for Policy Studies," which has been compiled by external experts who assisted us with the recovery from the incident.

 

The incident occurred on August 29, 2022. In response, we promptly shut down network connections and conducted a thorough investigation and recovery operation. By May 8, 2023, internet services were restored. During the period of internet service suspension, we established an alternative internet connection, ensuring the continuation of cloud service, research and educational activities such as online classes and online meetings—albeit with certain limitations.

 

Throughout the recovery process, we worked in close collaboration and cooperation with various stakeholders, including the Ministry of Education, Culture, Sports, Science, and Technology, the Personal Information Protection Commission, and the police.

 

It is important to note that no personal information breaches and no ransomware incidents were identified in relation to this incident. Since the hacker had gained knowledge of the network configurations and vulnerabilities were discovered within the information system, comprehensive organizational and technical measures were undertaken before the restoration of network communications, so as to ensure robust security measures. (Note: details of the measures taken are available in Chapter 10 of the report.)

 

We sincerely acknowledge the content of this report and are committed to making every effort to prevent any recurrence. The external experts (Advisory Board) who have compiled the report are as follows:

 

Satoshi Matsuura (Professor, Global Scientific Information and Computing Center, Tokyo Institute of Technology)

Security Advisor, National Graduate Institute for Policy Studies

 

Yutaka Nakamura (Professor, Information Science and Technology Center, Kyushu Institute of Technology)

Security Advisor, National Graduate Institute for Policy Studies

 

Hiroshi Kawaguchi (Representative Director, Kawaguchi Sekkei, Inc.)

Deputy Chief Information Security Officer, National Graduate Institute for Policy

---

〇Full Report Available Here(Japanese only)

〇Apology from the President of the National Graduate Institute for Policy Studies

 

[Summary of the Incident Report]

 

1. Incident Overview

On August 29, 2022, a system administrator discovered suspicious logs on the university's internal server and promptly reported the matter to the executive. As an urgent response measure, the web server was immediately halted. Subsequently, the Security Operation Center (SOC) reported additional instances of suspicious access, leading the Chief Information Security Officer (CISO) and the Computer Security Incident Response Team (CSIRT) to decide, on September 3, to isolate the university's internet connection by means of a firewall. An emergency response headquarters was established under the direction of the president, and deliberations regarding appropriate measures were initiated.

 

2. Extent of Damage

Investigation by a security company determined that the attacker had compromised 10 servers and 2 terminals using a web shell. This breach resulted in (a) the exposure of ID and password credentials of all university users, and (b) the scanning of the university's network configuration, by which the attacker gained knowledge of the system architecture. The identity of the attacker has not been ascertained.

 

Furthermore, an internal investigation carried out in collaboration with the advisory board concluded that audit logs from the file server were generated through routine user activities, which negated the possibility of confidential or personal information leakage. This finding was duly reported to the Personal Information Protection Commission.

 

3. Key Factors and Measures for Prevention

The primary factors contributing to the incident include organizational aspects, particularly a shortage of information systems personnel; and the absence of robust mechanisms for system and security operations. Additionally, technical factors such as inadequate vulnerability management within the system and insufficient utilization of security devices such as firewalls were also identified as contributing factors. To address these factors, it is essential to implement preventive measures encompassing both organizational and technical aspects, particularly reinforcement of the information systems team; establishment of a vulnerability management framework; and establishment of ongoing comprehensive operation and management of security equipment.

 

 

 

For inquiries about this information

PR team, General Affairs Division

kouhougrips.ac.jp