|
| Confidential information about power plants has
been released onto the internet. |
Experts at SophosLabs™, Sophos's global
network of virus and spam analysis centers, have reminded internet
users of the importance of computer security after media reports
revealed that sensitive information about nuclear power plants has
been leaked onto the internet from a virus-infected computer.
According to the Japanese press, approximately 40MB of
confidential reports, related to nuclear power plant inspections
over several years, was leaked from a virus-infected computer
belonging to an employee of the Mitsubishi Electric Plant
Engineering (MPE). The data is said to have been distributed to
users of the Winny peer-to-peer file-sharing system. Winny is the
most popular file-sharing network in Japan, with over a quarter of
a million users.
According to officials, the leak occurred when a 30-year-old
engineer used his personal computer for company business. The PC
was infected with an unnamed computer virus which is said to have
enabled Winny users across Japan to access the sensitive
information. The exposed data included photographs of the insides
of the nuclear power plants, and the names and addresses of
inspecting engineers.
"It's bad enough when an individual has data stolen from them by
a malware attack, but a nuclear power station being the victim is a
real cause for concern," said Graham Cluley, senior
technology consultant at Sophos. "The fall-out from this breach
acts as an unpleasant reminder that all businesses need to take
computer security seriously."
Authorities have been quick to reassure the public that it does
not believe that the information leaked was directly related to
radioactive substances.
Sites referred to in the leaked data include Kansai Electric
Power's Mihama nuclear plant and a power station in Tsuruga, as
well as pressurised water reactors in Tomari and Sendai.
"If you allow your employees to put sensitive company data onto
their own home computers, you are running the risk that they will
not be as well defended as the PCs within your organization,"
continued Cluley. "Security at power plants should be at an
all-time high, but it needs to extend beyond the physicality of
barbed wire and high walls and encompass information security
too."
Sophos recommends companies protect their email gateways,
desktops and servers with an automatically updated consolidated solution to defend against the
threats of viruses and spam.