Crime-Related Police Documents Leaked out Via P2P Program
Tokyo's Metropolitan Police Department has confirmed the leakage of personal information on the Internet of approximately 12,000 people in connection with criminal investigations. The data slipped out from the infected computer of a police officer.
According to estimates, around 6,600 police documents have been compromised, consisting of reports on interrogation, statements from victims of different crimes, and classified placing of self-generated license plate readers. The files also contained a list of names, addresses and personal identifying information of 400 individuals belonging to the criminal gang, Yamaguchi-gumi yakuza.
The officer had installed the Winny file-sharing program on his computer. This software allowed a piece of malware to release the stored data to other PCs through peer-to-peer network without the knowledge of the officer.
Such incidents of data loss are important lessons for organizations, which need to maintain computer security on priority levels. If organizations allow their employees to store the company's sensitive data on their home PCs, there is an element of risk involved because home PCs may not be so well defended as those in businesses. Organizations should enforce policies to decide on the software that workers may be allowed to use, or run the risk on data security, said Graham Cluley, senior technology consultant for Sophos. Infozine reported this on July 17, 2007.
At the same time, when news of data leakage from the police officer's computer was announced, there was another announcement that nearly 15,000 bits of personal information belonging to students got circulated on the Net from a computer of a teacher of a high school in Ichinomiya.
This leakage was due to P2P file-sharing software. The teacher had compiled data, also of a batch of retired officers from the Air Self-Defense Force. The teacher was doing the compilation for his mother who had spent work time at their Kagamihara base.
The above incidents of data loss represent the seriousness of the situation in Japan. A survey that Sophos conducted in 2006 on similar problems highlighted the serious concerns of system administrators about uncontrolled application. 86.5% of the surveyed said they wanted to abandon P2P software with 79% saying the discard was essential.
Related article: Crime Server Controlled to Store Stolen Data
» SPAMfighter News - 27-07-2007