Japan’s Secret Spy Agency

Every week in Tokyo’s Ichigaya district, about three miles, northeast of the bright neon lights and swarming crowds in the heart of Shibuya, a driver quietly parks a black sedan-style car outside a gray office building. Before setting off on a short, 10-minute drive south, he picks up a passenger who is carrying an important package: top-secret intelligence reports, destined for the desks of the prime minister’s closest advisers.

Known only as “C1,” the office building is located inside a high-security compound that houses Japan’s Ministry of Defense. But it is not an ordinary military facility, it is a secret spy agency headquarters for the Directorate for Signals Intelligence, Japan’s version of the National Security Agency.

The directorate has a history that dates back to the 1950s; its role is to eavesdrop on communications. But its operations remain so highly classified that the Japanese government has disclosed little about its work, even the location of its headquarters. 

Most Japanese officials, except for a select few of the prime minister’s inner circle, are kept in the dark about the directorate’s activities, which are regulated by a limited legal framework and not subject to any independent oversight.

Now, a new investigation by the Japanese broadcaster NHK, produced in collaboration with The Intercept, reveals, for the first time, details about the inner workings of Japan’s opaque spy community. 

Based on classified documents and interviews with current and former officials familiar with the agency’s intelligence work, the investigation shines light on a previously undisclosed Internet surveillance program and a spy hub in the south of Japan that is used to monitor phone calls and emails passing across communications satellites.

According to the current and former officials, the Directorate for Signals Intelligence, or DFS, employs about 1,700 people and has at least six surveillance facilities that eavesdrop around the clock on phone calls, emails, and other communications. The NSA, in comparison, has said it has a workforce of more than 30,000 and Britain’s signals intelligence agency claims more than 6,000 staff. 

The communications collected at the spy facilities are sent back to analysts who work inside the C1 building, which has four underground floors and eight above ground.

“Very few people know what the DFS is doing and can enter the building,” according to an active-duty official with knowledge of the directorate’s operations, who spoke on condition of anonymity because they were not authorized to talk to the media. 
The official agreed to share details about the directorate after The Intercept and NHK last year revealed that the spy agency had obtained a mass surveillance system called XKEYSCORE, which is used to sift through copies of people’s emails, online chats, internet browsing histories, and information about social media activity. 

The official said that they believed the directorate’s use of XKEYSCORE was “not permissible” under the Japanese Constitution, which protects people’s right to privacy.

The directorate, known in Japanese as the “Denpa-Bu,” meaning “electro-magnetic wave section”, currently has 11 different departments, each focused on a different subject, such as information analysis, public safety and security, and cryptography. 
However, the departments are kept separate from each other and there is limited communication between them, the active-duty official said. Each department in the C1 building has a different lock installed on the rooms it uses, and these can only be accessed by a select group of people who have the appropriate security clearance, access codes, and identification. 

The directorate operates as the largest arm of Japan’s Defense Intelligence Agency, which has other divisions focused on, for example, analyzing satellite imagery, sources said.

Atsushi Miyata, who between 1987 and 2005 worked with the directorate and the Ministry of Defense, said that his work for the spy agency had involved monitoring neighboring countries, such as North Korea, and their military activities. 
But the agency’s culture of intense secrecy meant that it was reluctant to share information it collected with other elements of the Japanese government. “They did not share the data inside of [the] Defense Ministry properly,” said Miyata. “Even inside of the Defense Ministry, the report was not put on the table. So the people did not understand what we were doing.”
The directorate is accomplished at conducting surveillance, but has a tendency to be excessively secretive about its work, according to classified documents disclosed last year. 

A 2008 NSA memo described its Japanese counterparts as being “still caught in a Cold War way of doing business” and “rather stove-piped.” The US continues to work closely with Japan’s intelligence community, however, and collaborates with the country to monitor the communications of countries across Asia.

About 700 miles southwest of Tokyo, there are two small towns called Tachiarai and Chikuzen, which have a combined population of about 44,000 people. Japan’s military, known as the Self-Defense Forces, has a base situated on a patch of grassy farmland in between the towns. But the base is not used to train soldiers. It is one of the country’s most important spy hubs.

For years, the large antennae inside the secure compound, which are concealed underneath what look like giant golf balls, attracted concerns from local residents who were worried that the powerful radio waves they emitted might damage their health or interfere with their televisions. 

The Japanese government sent senior officials to reassure the locals that there would be no problems, and the government began paying the Chikuzen council an annual fee of about $100,000 as compensation for the disturbance caused by the base. But the function of the antennae was never revealed.

A top-secret document from the directorate offers unprecedented insight into some of the Tachiarai base’s activities. The document, an English-language PowerPoint presentation, appears to have been shared with the NSA during a meeting in February 2013, at which the Japanese spy agency’s then-deputy director was scheduled to discuss intelligence-gathering issues with his American counterparts. 

The presentation was contained in the archive of classified files provided to The Intercept by Edward Snowden. No internal documents from Japan’s surveillance agency have ever been publicly disclosed before. According to the presentation, Japan has used Tachiarai for a covert internet surveillance program code-named MALLARD. As of mid-2012, the base was using its antennae to monitor communications passing across satellites. 

Each week, it collected records about some 200,000 internet sessions, which were then being stored and analysed for a period of two months. Between December 2012 and January 2013, Tachiarai began using the surveillance technology to collect information about potential cyberattacks. 

As a result, its data collection rapidly increased, and it began sweeping up information about 500,000 internet sessions every hour – 12 million every day. 

Despite this, the directorate indicated that it was only able to detect a single email that was linked to an apparent cyberattack. It struggled to cope with the amount of data it was harvesting and asked the NSA for help. “We would like to see processing procedure which the U.S. side employs in order not to affect traditional SIGINT collection,” the directorate told the NSA, “and would appreciate your technical assistance.”

Chris Augustine, a spokesperson for the NSA, declined to answer questions about the agency’s cooperation with Japan, saying in a statement that he would “neither confirm nor deny information concerning potential relationships with foreign intelligence services.” He added: “Any cooperation among intelligence services is conducted lawfully, in a manner that mutually strengthens national security.”

The directorate’s work at Tachiarai appears to focus on monitoring the activities of foreign countries in the region. It is unclear whether it collects Japanese citizens’ communications, either deliberately or incidentally, through dragnet programs like MALLARD. 

The law in Japan prohibits wiretapping landlines without a court order, but monitoring communications as they are being transmitted wirelessly across satellites is a gray area, Japanese legal experts say, because there are no legal precedents in the country that place limitations upon that kind of surveillance, though there is a general right to privacy outlined in the constitution.

According to Richard Tanter, a professor at the University of Melbourne who specialises in researching government surveillance capabilities, more than 200 satellites are “visible” from Tachiarai, meaning the base can intercept communications and data passing between them using its surveillance systems. 

Of the 200-plus satellites, said Tanter, at least 30 are Chinese and potential targets for ongoing surveillance. Moreover, he added, “satellites owned or operated by Russia, South Korea, Taiwan, and even the United States or European states may be targeted” by the Tachiarai facility.

Snowden, who worked at a US military base in Japan as an NSA contractor between 2009 and 2012, told The Intercept that Japanese spies appeared to have targeted “entire Internet service providers, not just any one customer.” Referencing the MALLARD program, he said that there were not “500,000 terrorist communications happening in one year, much less one hour. … Is this authorized in law in a way that’s well-understood, that’s well-regulated, to make sure they are only targeting bad guys and not simply everything that they see?”

A spokesperson for Japan’s Ministry of Defense refused to discuss MALLARD, but said that the country’s “information-gathering activities” are necessary for national security and “done in compliance with laws and regulations.” 

The spokesperson acknowledged that Japan has “offices throughout the country” that are intercepting communications; however, he insisted that the surveillance is focused on military activities and “cyber threats” and is “not collecting the general public’s information.” 

When pressed to explain how the country’s spy systems distinguish ordinary people’s communications from those related to threats, the spokesperson would not provide details on the grounds that doing so “may be a hindrance to effective future information activities.”

In October 2013, the Directorate for Signals Intelligence was planning to launch an operation aimed at what it described as the “Anonymous internet,” according to the 2013 presentation. 

This suggests that the directorate wanted to collect data about people’s usage of privacy tools such as Tor, which allows people to mask their computer’s IP address while they browse the Internet. 

Tor is often used by journalists and dissidents to evade government surveillance; however, it is also used by child abusers and other criminals to plan or carry out illegal acts. In April 2013, it was reported that Japanese police were urging Internet service providers to find ways to block people who were using Tor to commit crimes. 

In 2012, the country’s police investigators were repeatedly thwarted by a hacker known as the “Demon Killer,” who posted a series of death threats online. The hacker used Tor to successfully evade detection for seven months, which was a major source of embarrassment for Japanese police, and likely fueled demand for new surveillance capabilities.The directorate’s activities at Tachiarai and elsewhere are aided by an organization called J6, which is a specialist technical unit connected to Japan’s Ministry of Defense, according to sources familiar with its operations. 

However, the cooperation between the directorate and J6 has been inhibited by the extreme secrecy that is pervasive within the Japanese government, with each agency apparently reluctant to open up to the other about its respective capabilities. In the 2013 presentation, Japanese officials from the directorate described J6’s role to the NSA, but admitted that they had relied on “assumptions” to do so, because “J6 function is not disclosed to us.”

According to the presentation, the directorate’s role is to carry out surveillance and analyse intelligence. The role of J6 includes analyzing malware and developing counter-measures, such as firewalls, to prevent hacks of Japanese computer systems. 

A third organisation, called the Cabinet Intelligence and Research Organisation, or CIRO, is the ultimate beneficiary of intelligence that is collected. Headed by a powerful figure named Shigeru Kitamura, it oversees the work of both the directorate and J6 and is connected to the prime minister’s office, based out of a building known as “H20,” a short walk from the prime minister’s official residence in Tokyo’s Chiyoda district.

Between 2000 and 2005, prior to development of the MALLARD Internet surveillance program, expansion work took place at the Tachiarai facility. At that time, the then-town council chair, Hitoshi Miyahara, was shown a map of the construction plans, which revealed that a tunnel was being built below the base. 

Miyahara was allowed to visit the construction site, he said, but was prevented from entering the underground area. The current town council chair, Tsutomu Yano, had a similar experience. He visited the facility about four years ago and was shown around a gymnasium, a cafeteria, and a conference room. 

He was prevented from accessing the underground tunnel and a space he was told was used for “communications.” Yano said he repeatedly questioned the Self-Defense Forces about the Tachiarai facility’s function. But he never received any answers.

The Intercept

You Might Also Read:

Australia’s Sharp Turn To Information Warfare:

The Swedish Kings of Cyberwar:

 


 

« N Korean Cyber Attacks Continue Despite Peace Talks
GDPR Is Now Effective »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

Watch this webinar to hear security experts from Amazon Web Services (AWS) and SANS break down the myths and realities of what an NGFW is, how to use one, and what it can do for your security posture.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

Picasso

Picasso

The Picasso project is focused on ICT Policy, Research and Innovation for a Smart Society: towards new avenues in EU-US ICT collaboration.

Abusix

Abusix

Abusix specializes in Internet security, network abuse handling, antispam and fraud prevention.

Idaptive

Idaptive

Idaptive delivers Next-Gen Access through a zero trust approach. Idaptive secures access everywhere with single sign-on, adaptive MFA, EMM and analytics.

Findings

Findings

Findings (formerly IDRRA) is a scalable AI powered assessment platform that streamlines security compliance across sectors, jurisdictions and regulatory frameworks.

TeskaLabs

TeskaLabs

TeskaLabs is a software vendor of cybersecurity and data privacy products.

Norma Inc.

Norma Inc.

Norma provides the secured wireless environment (WiFi and Bluetooth) with the unauthorized AP detection, and secures your IoT assets from various threats.

CACI International

CACI International

CACI is at the forefront of developing and delivering technological breakthroughs that transform and optimize government operations.

Fusion Risk Management

Fusion Risk Management

Fusion Risk Management focuses on operational resilience encompassing business continuity, risk management, IT risk, and crisis and incident management.

European Cybersecurity Competence Centre (ECCC)

European Cybersecurity Competence Centre (ECCC)

The ECCC aims to increase Europe’s cybersecurity capacities and competitiveness, working together with a Network of National Coordination Centres to build a strong cybersecurity Community.

NetCentrics

NetCentrics

NetCentrics leverages an innovative, agile, ‘what’s-next’ approach to our customers’ IT and cyber challenges.

Aptum

Aptum

Aptum is a global hybrid multi-cloud managed service provider delivering complex and high-performance cloud solutions with an integrated secure network.

Brightworks Group

Brightworks Group

BrightWorks Group offer comprehensive technology operations and security operations consulting services, tailored to meet your specific needs.

ZEUSS

ZEUSS

ZEUSS is a diversified data center, cybersecurity, and green energy company.

Gogolook

Gogolook

Gogolook is a leading TrustTech company. With "Build for Trust" as its core value, it aims to create an AI- and data-driven global anti-fraud network as well as Risk Management as a Service.

Realm.Security

Realm.Security

Realm.Security is pioneering the creation of an easy-to-implement, simple-to-use security fabric solution that is purpose-built for cybersecurity.

Rite-Solutions

Rite-Solutions

Rite-Solutions is an award-winning software development, systems engineering, and information technology firm.