Virus makes classified data go online
File-share can be a dangerous business, or so Japanese government agencies are finding out the hard way.
Two weeks after the country's Maritime Self-Defense Force found out that some highly classified information had been posted on the World Wide Web for all to read as a result of a programming error in its file-sharing Winny system, a slew of other agencies are finding similar problems.
Winny itself is a peer-to-peer file-sharing program that has been charged with violating copyright laws in Japan. It has, however, proved to be popular with much of the population because of its cheap cost and user-friendly format, many of whom have installed the software onto their own personal computers, including bureaucrats. But the use of their personal computers for official business has proved to be particularly hazardous when dealing with government data.
Some of the information from the defense force that was posted onto the Internet included warfare training information and call signals. They had found their way into cyberspace after a force member used his personal computer to input the classified data, which then got infected by a computer virus.
Similarly, the Ministry of Justice reported in mid-February that personal information on an estimated 10,000 inmates had been leaked online as a result of a prison officer's computer being infected with a virus. In that particular case, information that was stored onto a compact disc by a prison staff member in Kagoshima, in southern Japan, was handed over to a staff member at the Kyoto prison. That staff member then left the disc inside his personal computer and the data was leaked as a result of a virus infection via the Winny program that had been installed in the computer.
More recently, the police agency too has found information being leaked and made public as a result of the software program being installed in the personal computers of members of the police force. According to the agency, at least 40 percent of the force has used their own personal computers for official business.
As a result, the agency issued a warning to all employees Wednesday that they are no longer to use their own privately owned computers for their work, especially when they are connected onto the Internet.
Meanwhile, National Police Agency head Iwao Urushima told reporters in Tokyo at a news briefing Thursday that there had to be more awareness of the perils of getting connected and the potential of computer attacks.
"Winny is a software that has been charged with breaching copyright rules. To install that program into their own computers and use it means that members of the police force are lacking in understand their own roles. I can't believe it," Urushima said. At the same time, he added that while the agency will check that employees no longer have the software installed, "once a computer is linked to the Internet, there is always the danger of getting infected with a virus, and to prevent another occurrence of the attack depends on the sense of responsibility by each member."
Japanese financial daily Nihon Keizai Shimbun pointed out that there was still not enough attention being paid by the government to information security and that users needed to be better educated on the downside risks of getting connected in cyberspace.
Still, government agencies are far from alone in being victims of Winny. On Wednesday a public elementary school in Gunma prefecture reported that private information on 422 of its students was posted on the Internet as a result of the software, while earlier this week a hospital in Toyama said data on 2,800 patients that have had operations was leaked.
Copyright 2006 by United Press International
