Security news3 July 2007
Criminal investigation secrets leak onto internet by peer-to-peer file-sharing networks Student records also released onto the net by malware
Confidential student records were also leaked onto the internet.
Experts at SophosLabs™, Sophos's global network of virus and spam analysis centers, have reminded internet users of the importance of computer security after media reports revealed that sensitive information has been leaked onto the internet from virus-infected computers.
The Metropolitan Police Department in Tokyo has confirmed that personal information about 12,000 people related to criminal investigations has been distributed across the net from an officer's infected computer. The police officer, who had installed the Winny file-sharing software on his PC, did not realise that a piece of malicious code was making the confidential data available to other users via the peer-to-peer network.
About 6,600 police documents are said to have been compromised, including interrogation reports, statements from victims of crime, and classified locations of automatic license plate readers. Among the files was a list of the names, addresses and personal information about 400 members of the criminal Yamaguchi-gumi yakuza gang.
Coincidentally, as news of the police data leakage was announced it was also revealed that almost 15,000 pieces of personal information about students was leaked onto the internet from a PC belonging to a high school teacher in Ichinomiya. The 43-year-old teacher, who was running the Share P2P file-sharing program, had also been compiling a list of retired Air Self-Defense Force officers on behalf of his mother who had worked at their base in Kagamihara. This information also leaked onto the internet.
These are not the first occasions that malware has taken advantage of peer-to-peer file-sharing networks to steal information:
-
In May 2006, Sophos reported that a virus had leaked power plant secrets via Winny for the second time in four months.
- The previous month, a Japanese anti-virus company admitted that internal documents and customer information had been leaked after one of its employees failed to install anti-virus software.
- Earlier in 2006, Sophos described how information about Japanese sex victims was leaked by a virus after a police investigator's computer had been infected.
- In June 2005, Sophos reported that nuclear power plant secrets had been leaked from a computer belonging to an employee of Mitsubishi Electric Plant Engineering.
- The police force in Kyoto, Japan, were left with red faces after a virus spread information about their "most wanted" suspect list in April 2004.
"How many more times will we hear stories of police forces in Japan leaking information about criminal investigations because they have not stopped their officers from installing file-sharing software?" said Graham Cluley, senior technology consultant at Sophos. "All organizations can learn from these stories of data loss, and need to ensure that they are taking computer security seriously. If you allow your employees to put sensitive company data onto their own home computers, you are running the risk that they will not be as well defended as the PCs within your business. Organizations need to set and enforce policies as to what software their workers are allowed to run, or risk endangering data security."
A survey conducted last year by Sophos reflects the serious concern that uncontrolled applications are causing system administrators. For example, 86.5 percent of respondents said they want the opportunity to block P2P applications, with 79 percent indicating that blocking is essential.
Application Control is a feature of Sophos Anti-Virus, which customers can use at no additional charge.
- Read more about Application Control
- Listen to a Sophos podcast about how to control what applications your employees use on your network with Application Control
Sophos recommends companies automatically update their corporate virus protection, and run a consolidated solution to defend against viruses, spyware, hackers and spam.
Free virus scan
- Free virus, spyware, and adware scan
- Test your existing anti-virus protection
- Find threats your anti-virus missed
About Sophos
More than 100 million users in 150 countries rely on Sophos as the best protection against complex threats and data loss. Sophos is committed to providing security and data protection solutions that are simple to manage, deploy and use and that deliver the industry's lowest total cost of ownership. Sophos offers award-winning encryption, endpoint security, web, email, and network access control solutions backed by SophosLabs - a global network of threat intelligence centers. With more than two decades of experience, Sophos is regarded as a leader in security and data protection by top analyst firms and has received many industry awards.
Sophos is headquartered in Boston, US and Oxford, UK. More information is available at www.sophos.com.
