Student records also released onto the net by malware
Experts at SophosLabs, have reminded internet users of the importance of computer security after media reports revealed that sensitive information has been leaked onto the internet from virus-infected computers.
The Metropolitan Police Department in Tokyo has confirmed that personal information about 12,000 people related to criminal investigations has been distributed across the net from an officer’s infected computer. The police officer, who had installed the Winny file-sharing software on his PC, did not realise that a piece of malicious code was making the confidential data available to other users via the peer-to-peer network.
About 6,600 police documents are said to have been compromised, including interrogation reports, statements from victims of crime, and classified locations of automatic license plate readers.
Coincidentally, as news of the police data leakage was announced it was also revealed that almost 15,000 pieces of personal information about students was leaked onto the internet from a PC belonging to a high school teacher in Ichinomiya. The 43-year-old teacher, who was running the Share P2P file-sharing program, had also been compiling a list of retired Air Self-Defense Force officers on behalf of his mother who had worked at their base in Kagamihara. This information also leaked onto the internet.
These are not the first occasions that malware has taken advantage of peer-to-peer file-sharing networks to steal information:
* In May 2006, Sophos reported that a virus had leaked power plant secrets via Winny for the second time in four months.
* The previous month, a Japanese anti-virus company admitted that internal documents and customer information had been leaked after one of its employees failed to install anti-virus software.
* Earlier in 2006, Sophos described how information about Japanese sex victims was leaked by a virus after a police investigator’s computer had been infected.
* In June 2005, Sophos reported that nuclear power plant secrets had been leaked from a computer belonging to an employee of Mitsubishi Electric Plant Engineering.
* The police force in Kyoto, Japan, were left with red faces after a virus spread information about their “most wanted” suspect list in April 2004.
“How many more times will we hear stories of police forces in Japan leaking information about criminal investigations because they have not stopped their officers from installing file-sharing software?” said Graham Cluley, senior technology consultant at Sophos. “All organizations can learn from these stories of data loss, and need to ensure that they are taking computer security seriously. If you allow your employees to put sensitive company data onto their own home computers, you are running the risk that they will not be as well defended as the PCs within your business. Organizations need to set and enforce policies as to what software their workers are allowed to run, or risk endangering data security.”
A survey conducted last year by Sophos reflects the serious concern that uncontrolled applications are causing system administrators. For example, 86.5 percent of respondents said they want the opportunity to block P2P applications, with 79 percent indicating that blocking is essential.