Experts at SophosLabsâ„¢, Sophos's global
network of virus, spyware and spam analysis centers, have
questioned whether courts worldwide are giving consistent sentences
to hackers following the news that a Japanese man has escaped jail,
despite admitting writing a virus that wiped music and movie files
on innocent users' computers.
24-year-old Masato Nakatsuji, who was revealed to be the first
ever virus writer to be arrested in Japan when he was apprehended in
January, admitted writing the malware which displayed images of
popular TV anime characters while destroying data on third party
computers. The malicious code was spread via the controversial
Winny file-sharing system in Japan last year.
Today, Nakatsuji, a graduate student at Osaka
Electro-Communication University, was found guilty in Kyoto
District Court and sentenced to two years in jail. However, as the
sentence is suspended for three years he will not have to serve any
time in prison.
The Pirlames
Trojan was distributed via Winny and displayed cartoon images
from the animated TV show 'Clannad'.
|
"Masato Nakatsuji has been found guilty of copyright
infringement rather than for the damage his movie and
music-munching malware caused," said Graham Cluley, senior
technology consultant for Sophos. "One has to wonder whether if he
had been apprehended in another country then he would have been
charged with a more conventional cybercrime and might have got a
more serious sentence."
Nakatsuji has claimed that he wrote his malware to try and
punish people who downloaded copyrighted material from peer-to-peer
file-sharing networks.
"If movies and animated films are illegally downloaded, TV
networks will stop showing these programs in the future," Nakatsuji
said during the trial, trying to explain his behavior. "My hobby is
to watch recorded TV programs, so I was trying to stop that."
However, Sophos believes that it is wrong for internet users to
take the law into their own hands.
"There are enough cybercriminals out there causing harm and
stealing money and identities with malicious code - the last thing
we need are vigilantes entering the mix, writing malware to try and
put right what they believe to be wrong," says Cluley. "If someone
sees the law being broken on the net - go to the authorities. Don't
write malware. This man is frankly lucky to have got away without a
more serious punishment."
Coincidentally, Isamu Kaneko, the author of the Winny
file-sharing program, was fined by a Japanese court in December
2006 for assisting in copyright violation. The rights and wrongs of
the case have been widely debated on the internet.
Controlling use of P2P file-sharing networks wihin an
organization
A survey
conducted in 2006 by Sophos reflected the serious concern that
uncontrolled applications are causing system administrators. For
example, 86.5 percent of respondents said they want the opportunity
to block P2P applications, with 79 percent indicating that blocking
is essential.
"Businesses are increasingly looking to control users' access to
P2P file-sharing software not just because they can eat up
bandwidth or infringe copyright laws, but also because they can
present a security risk to your corporate data," explained
Cluley.
Application Control is an optional feature of Sophos
Endpoint Security and Control, available to both new and
existing customers at no additional charge. It allows system
administrators to set a policy as to which applications users are
allowed to run.
Simply click on the arrow above to stream the
podcast through your browser. Alternatively you can download it to
your MP3 player.
Winny: A history of close-calls with malware
Sophos experts note that this is not the first time that the
Winny file-sharing network has been troubled by malware:
- In May 2006, Sophos reported
that a virus had leaked power plant secrets via Winny for the
second time in four months.
- The previous month, a Japanese anti-virus company admitted that internal
documents and customer information had been leaked after one of its
employees failed to install anti-virus software.
- Earlier in 2006, Sophos described
how information about Japanese sex victims was leaked by a virus
after a police investigator's computer had been infected.
- In June 2005, Sophos reported
that nuclear power plant secrets had been leaked from a computer
belonging to an employee of Mitsubishi Electric Plant
Engineering.
- The police force in Kyoto, Japan, were left with red faces
after a virus spread
information about their "most wanted" suspect list in April
2004.
Sophos recommends companies protect themselves with a consolidated solution which can control network access
and defend against the threats of spam, hackers, spyware and
viruses.
Sophos is headquartered in Boston, US and Oxford, UK. More information is available at www.sophos.com.