P2P App Causes Police Security Disaster

A police officer in Japan has been sacked after a P2P application on his PC caused highly confidential information on criminal investigations to reach the Internet.

The unnamed Tokyo Metropolitan Police Department officer is reported to have been using the Winny file-sharing software, not realizing that by doing so a host of data files on his PC were being publicly “shared” with other users of the system.

A total of 6,600 documents are believed to have been accidentally leaked, including the reports of interrogations and victim statements from up to 12,000 people, as well as information on the location of city license-plate readers used to track criminal movements. The documents also contained the names and addresses of 400 members of a criminal “Yakuza” gang.

The officer appears to have made matters worse for himself, officials said, by denying in an internal audit prior to the leak that his PC had the Winny program loaded. A number of his police colleagues also face official reprimand.

This is not the first time that Winny has caused problems for Japanese organizations. Last year, the same P2P application compromised security at one of the country’s nuclear power stations, run by the Chubu Electric Power Company. As with the latest leak, the consequences are potentially serious.

“The authorities have been trying to enforce a ban following a number of similar embarrassing incidents in the past,” said Sophos security guru Graham Cluley. “But what this case really does underline is the need for all businesses to better control their users’ behavior, and limit the programs they can run on their computers.”

Sophos has pioneered the idea of offering all users of its corporate antivirus software a free upgrade to block the running of specified unauthorized applications—including Winny—on protected PCs.

— John E. Dunn, Techworld.com