The fired policeman, who has not been named, worked for the Metropolitan Police Department in Tokyo which confirmed recently that personal information about 12,000 people related to criminal investigations had been distributed across the net from an officer's PC. The police officer had installed the Winny file-sharing software on his PC, and did not know that confidential data was being made available to other users via the P2P network.
About 6,600 police documents are said to have been compromised, including interrogation reports, statements from victims of crime, and classified locations of automatic license plate readers. Among the files was a list of the names, addresses and personal information about 400 members of the criminal Yamaguchi-gumi yakuza gang.
According to officials, the officer had claimed in an internal survey before the leak occurred that he was not using the Winny P2P software on his PC.
"The Japanese police force has taken a hard line against this officer for disobeying advice about not running peer-to-peer file-sharing software on his PC. The authorities have tried to enforce a ban following a number of similar embarrassing incidents in the past," said Graham Cluley, senior technology consultant for Sophos. "But what this case really does is underline the importance for all businesses to better control their users' behavior, and what programs they run on their computers. Firms need to ask themselves if their employees have a legitimate requirement to run applications like P2P software, and if not control their usage through technology."
The authorities are reported to be holding the officer's superiors partially responsible for the incident, and may reprimand up to 10 other people.
This was not the first occasion that information has leaked via peer-to-peer file-sharing networks:
- In May 2006, a virus had leaked power plant secrets via Winny for the second time in four months.
- The previous month, a Japanese anti-virus company admitted that internal documents and customer information had been leaked after one of its employees failed to install anti-virus software.
- Earlier in 2006, information about Japanese sex victims was leaked by a virus after a police investigator's computer had been infected.
- In June 2005, nuclear power plant secrets had been leaked from a computer belonging to an employee of Mitsubishi Electric Plant Engineering.
- The police force in Kyoto, Japan, were left with red faces after a virus spread information about their "most wanted" suspect list in April 2004.
- A survey conducted last year by Sophos reflects the serious concern that uncontrolled applications are causing system administrators. For example, 86.5 percent of respondents said they want the opportunity to block P2P applications, with 79 percent indicating that blocking is essential.
