http://www.yomiuri.co.jp/newse/20050624wo2a.htm The Yomiuri Shimbun June 24, 2005 Maintenance data on nuclear power plants were leaked and shown on the Internet after a computer virus attacked a personal computer of an employee of Mitsubishi Electric Corp.'s subsidiary in charge of plant inspections and maintenance, it was learned Thursday. Data equivalent to 31 floppy disks, including a draft report of power plant inspections, a repair manual, name lists of inspection workers and photographs of the inside of the plants, were leaked from the employee's privately owned PC. The plants included Tomari Nuclear Power Station of Hokkaido Electric Power Co., Sendai Nuclear Power Station of Kyushu Electric Power Co. and Mihama Nuclear Power Plant of Kansai Electric Power Co. As much of the information was confidential, the problem is expected to stir controversy over the security of information on nuclear power plants and other related facilities, nuclear experts said. Maintenance work on the plants was consigned by Mitsubishi Electric to its subsidiary, Mitsubishi Electric Plant Engineering Corp. based in Taito Ward, Tokyo. The company said the data leakage likely was caused by a computer virus that affected the laptop PC of an employee who was in charge of maintenance. The virus appears to be of a variety that infects Winny file-swapping software and reveals data through the software. Winny is free software available on the Internet with which users can share and swap documents, graphics, audio and other computer files stored on individual PCs via the Internet. Officials of the subsidiary said its employees were allowed to use privately owned PCs for work if they received permission from their superiors. They added that data-coding and other measures to prevent information leakage were not used on employees' private PCs. The Nuclear and Industrial Safety Agency has demanded the power companies submit a detailed report about the incident as soon as possible. Kazuo Matsunaga, director general of the agency, said, "Right now it hasn't been confirmed that information about nuclear material that is immediately legally problematic was leaked." The agency believes that there was no leakage of sensitive information that would constitute a violation of the Nuclear Reactor Regulation Law. Mitsubishi Electric said the leaked data included a draft report about checks on Tomari plant's No. 2 reactor and work manuals for repair work on Sendai plant's No. 1 reactor. The data also included a copy of an e-mail written by the employee to parent company officials that said he had discovered an abnormality in a part of a generator, but had not reported it to the power company. Mitsubishi Electric said it was investigating whether this apparent failure to report the incident to the company was true. A Mitsubishi Electric official said: "All the data were about power generators. They contained no information directly related to nuclear reactors." "We'll urgently confirm all details of the incident and totally reexamine information control systems," the official added. However, it is possible that highly secret information directly related to the safety of nuclear reactors could be leaked from private PCs belonging to employees. Information technology experts said the incident again confirmed lax information management in companies and government offices, and experts believe the problem likely will make the government and companies question whether their systems to control confidential and personal information are sufficient. There have been numerous incidences of information being leaked through Winny file-sharing. In addition, there are various methods to illegally obtain personal and confidential information via the Internet, such as hacking and phishing. Last year in Hokkaido, information on police investigations was leaked from a police officer's own PC. In March, names, health check results and other personal information on about 50 patients who had checkups at Tokyo Medical and Dental University Hospital in Bunkyo Ward, Tokyo, were found to have been leaked. Copyright 2005 The Yomiuri Shimbun _________________________________________ Attend the Black Hat Briefings and Training, Las Vegas July 23-28 - 2,000+ international security experts, 10 tracks, no vendor pitches. www.blackhat.com
This archive was generated by hypermail 2.1.3 : Thu Jun 23 2005 - 22:31:28 PDT