Confidential student records were also leaked onto the
internet.
Experts at SophosLabsâ„¢, Sophos's global
network of virus and spam analysis centers, have reminded internet
users of the importance of computer security after media reports
revealed that sensitive information has been leaked onto the
internet from virus-infected computers.
The Metropolitan Police Department in Tokyo has confirmed that personal
information about 12,000 people related to criminal investigations
has been distributed across the net from an officer's infected
computer. The police officer, who had installed the Winny
file-sharing software on his PC, did not realise that a piece of
malicious code was making the confidential data available to other
users via the peer-to-peer network.
About 6,600 police documents are said to have been compromised,
including interrogation reports, statements from victims of crime,
and classified locations of automatic license plate readers. Among
the files was a list of the names, addresses and personal
information about 400 members of the criminal Yamaguchi-gumi yakuza
gang.
Coincidentally, as news of the police data leakage was announced
it was also revealed that
almost 15,000 pieces of personal information about students was
leaked onto the internet from a PC belonging to a high school
teacher in Ichinomiya. The 43-year-old teacher, who was running the
Share P2P file-sharing program, had also been compiling a list of
retired Air Self-Defense Force officers on behalf of his mother who
had worked at their base in Kagamihara. This information also
leaked onto the internet.
These are not the first occasions that malware has taken
advantage of peer-to-peer file-sharing networks to steal
information:
- In May 2006, Sophos reported
that a virus had leaked power plant secrets via Winny for the
second time in four months.
- The previous month, a Japanese anti-virus company admitted that internal
documents and customer information had been leaked after one of its
employees failed to install anti-virus software.
- Earlier in 2006, Sophos described
how information about Japanese sex victims was leaked by a virus
after a police investigator's computer had been infected.
- In June 2005, Sophos reported
that nuclear power plant secrets had been leaked from a computer
belonging to an employee of Mitsubishi Electric Plant
Engineering.
- The police force in Kyoto, Japan, were left with red faces
after a virus spread
information about their "most wanted" suspect list in April
2004.
"How many more times will we hear stories of police forces in
Japan leaking information about criminal investigations because
they have not stopped their officers from installing file-sharing
software?" said Graham
Cluley, senior technology consultant at Sophos. "All
organizations can learn from these stories of data loss, and need
to ensure that they are taking computer security seriously. If you
allow your employees to put sensitive company data onto their own
home computers, you are running the risk that they will not be as
well defended as the PCs within your business. Organizations need
to set and enforce policies as to what software their workers are
allowed to run, or risk endangering data security."
A survey
conducted last year by Sophos reflects the serious concern that
uncontrolled applications are causing system administrators. For
example, 86.5 percent of respondents said they want the opportunity
to block P2P applications, with 79 percent indicating that blocking
is essential.
Application Control is a feature of Sophos Anti-Virus, which
customers can use at no additional charge.
Sophos recommends companies automatically update their corporate
virus protection, and run a consolidated
solution to defend against viruses, spyware, hackers and
spam.
More than 100 million users in 150 countries rely on Sophos as the best protection against complex threats and data loss. Sophos is committed to providing security and data protection solutions that are simple to manage, deploy and use and that deliver the industry's lowest total cost of ownership. Sophos offers award-winning encryption, endpoint security, web, email, and network access control solutions backed by SophosLabs - a global network of threat intelligence centers. With more than two decades of experience, Sophos is regarded as a leader in security and data protection by top analyst firms and has received many industry awards.
Sophos is headquartered in Boston, US and Oxford, UK. More information is available at www.sophos.com.