Businesses have been warned to control employees' unauthorized use
of P2P file-sharing software.
Experts at SophosLabsâ„¢, Sophos's global
network of virus and spam analysis centers, have reminded companies
of the importance of computer security and control after it was
revealed that a policeman has lost his job for using file-sharing
peer-to-peer (P2P) software.
The fired policeman, who has not been named, worked for the
Metropolitan Police Department in Tokyo which confirmed
recently that personal information about 12,000 people related
to criminal investigations had been distributed across the net from
an officer's PC. The police officer had installed the Winny
file-sharing software on his PC, and did not know that confidential
data was being made available to other users via the P2P
network.
About 6,600 police documents are said to have been compromised,
including interrogation reports, statements from victims of crime,
and classified locations of automatic license plate readers. Among
the files was a list of the names, addresses and personal
information about 400 members of the criminal Yamaguchi-gumi yakuza
gang.
According to officials, the officer had claimed in an internal
survey before the leak occurred that he was not using the Winny P2P
software on his PC.
"The Japanese police force has taken a hard line against this
officer for disobeying advice about not running peer-to-peer
file-sharing software on his PC. The authorities have tried to
enforce a ban following a number of similar embarrassing incidents
in the past," said Graham Cluley, senior
technology consultant for Sophos. "But what this case really does
is underline the importance for all businesses to better control
their users' behavior, and what programs they run on their
computers. Firms need to ask themselves if their employees have a
legitimate requirement to run applications like P2P software, and
if not control their usage through technology."
The authorities are reported to
be holding the officer's superiors partially responsible for the
incident, and may reprimand up to 10 other people.
Sophos notes that this was not the first occasion that
information has leaked via peer-to-peer file-sharing networks:
- In May 2006, Sophos reported
that a virus had leaked power plant secrets via Winny for the
second time in four months.
- The previous month, a Japanese anti-virus company admitted that internal
documents and customer information had been leaked after one of its
employees failed to install anti-virus software.
- Earlier in 2006, Sophos described
how information about Japanese sex victims was leaked by a virus
after a police investigator's computer had been infected.
- In June 2005, Sophos reported
that nuclear power plant secrets had been leaked from a computer
belonging to an employee of Mitsubishi Electric Plant
Engineering.
- The police force in Kyoto, Japan, were left with red faces
after a virus spread
information about their "most wanted" suspect list in April
2004.
A survey
conducted last year by Sophos reflects the serious concern that
uncontrolled applications are causing system administrators. For
example, 86.5 percent of respondents said they want the opportunity
to block P2P applications, with 79 percent indicating that blocking
is essential.
Application Control is a feature of Sophos Anti-Virus, which
customers can use at no additional charge. It allows businesses to
prevent their employees from using unauthorized software.
Sophos recommends companies protect their desktops, servers and
gateways with a consolidated solution to
thwart the threats of viruses, spyware, hacking, phishing and
spam.
More than 100 million users in 150 countries rely on Sophos as the best protection against complex threats and data loss. Sophos is committed to providing security and data protection solutions that are simple to manage, deploy and use and that deliver the industry's lowest total cost of ownership. Sophos offers award-winning encryption, endpoint security, web, email, and network access control solutions backed by SophosLabs - a global network of threat intelligence centers. With more than two decades of experience, Sophos is regarded as a leader in security and data protection by top analyst firms and has received many industry awards.
Sophos is headquartered in Boston, US and Oxford, UK. More information is available at www.sophos.com.