Security news
Security news3 July 2007
Criminal investigation secrets leak onto internet by peer-to-peer file-sharing networks Student records also released onto the net by malware
Confidential student records were also leaked onto the internet.
Experts at SophosLabs™, Sophos's global network of virus and spam analysis centers, have reminded internet users of the importance of computer security after media reports revealed that sensitive information has been leaked onto the internet from virus-infected computers.
The Metropolitan Police Department in Tokyo has confirmed that personal information about 12,000 people related to criminal investigations has been distributed across the net from an officer's infected computer. The police officer, who had installed the Winny file-sharing software on his PC, did not realise that a piece of malicious code was making the confidential data available to other users via the peer-to-peer network.
About 6,600 police documents are said to have been compromised, including interrogation reports, statements from victims of crime, and classified locations of automatic license plate readers. Among the files was a list of the names, addresses and personal information about 400 members of the criminal Yamaguchi-gumi yakuza gang.
Coincidentally, as news of the police data leakage was announced it was also revealed that almost 15,000 pieces of personal information about students was leaked onto the internet from a PC belonging to a high school teacher in Ichinomiya. The 43-year-old teacher, who was running the Share P2P file-sharing program, had also been compiling a list of retired Air Self-Defense Force officers on behalf of his mother who had worked at their base in Kagamihara. This information also leaked onto the internet.
These are not the first occasions that malware has taken advantage of peer-to-peer file-sharing networks to steal information:
-
In May 2006, Sophos reported that a virus had leaked power plant secrets via Winny for the second time in four months.
- The previous month, a Japanese anti-virus company admitted that internal documents and customer information had been leaked after one of its employees failed to install anti-virus software.
- Earlier in 2006, Sophos described how information about Japanese sex victims was leaked by a virus after a police investigator's computer had been infected.
- In June 2005, Sophos reported that nuclear power plant secrets had been leaked from a computer belonging to an employee of Mitsubishi Electric Plant Engineering.
- The police force in Kyoto, Japan, were left with red faces after a virus spread information about their "most wanted" suspect list in April 2004.
"How many more times will we hear stories of police forces in Japan leaking information about criminal investigations because they have not stopped their officers from installing file-sharing software?" said Graham Cluley, senior technology consultant at Sophos. "All organizations can learn from these stories of data loss, and need to ensure that they are taking computer security seriously. If you allow your employees to put sensitive company data onto their own home computers, you are running the risk that they will not be as well defended as the PCs within your business. Organizations need to set and enforce policies as to what software their workers are allowed to run, or risk endangering data security."
A survey conducted last year by Sophos reflects the serious concern that uncontrolled applications are causing system administrators. For example, 86.5 percent of respondents said they want the opportunity to block P2P applications, with 79 percent indicating that blocking is essential.
Application Control is a feature of Sophos Anti-Virus, which customers can use at no additional charge.
- Read more about Application Control
- Listen to a Sophos podcast about how to control what applications your employees use on your network with Application Control
Sophos recommends companies automatically update their corporate virus protection, and run a consolidated solution to defend against viruses, spyware, hackers and spam.
About Sophos
Sophos enables enterprises all over the world to secure and control their IT infrastructure. Sophos's network access control, endpoint, web and email solutions simplify security to provide integrated defenses against malware, spyware, intrusions, unwanted applications, spam, policy abuse, data leakage and compliance drift. With over 20 years of experience, Sophos protects over 100 million users in nearly 150 countries with its reliably engineered security solutions and services. Recognized for its high level of customer satisfaction and powerful yet easy-to-use solutions, Sophos has received many industry awards, as well as positive reviews and certifications.
Sophos is headquartered in Boston, US and Oxford, UK. More information is available at www.sophos.com
