[ISN] Winny linked to more GSDF data breaches

From: InfoSec News (alerts@private)
Date: Wed Jan 10 2007 - 22:34:16 PST


The Yomiuri Shimbun
Jan. 9, 2007

Members of the Ground Self-Defense Force have inadvertently allowed 
information to be exposed in 27 cases via the Winny file-sharing program 
installed on their personal computers between fiscal 2002 and the end of 
October, sources close the GSDF said Monday.

In addition to the 27 cases, four other cases have previously been 
brought to light.

The Defense Agency has not released information about any of the data 
breaches, including what had been disclosed, the sources said.

In four cases, information was exposed after the agency announced 
measures in April to prevent further incidents.

The information leaks have brought to light lax informational security 
controls on information the agency had put in place, despite the fact it 
was to be upgraded to a ministry Tuesday.

According to the sources, GSDF members were involved in security 
breaches related to Winny once in fiscal 2002, three times in fiscal 
2003 and another three times in fiscal 2004, but the number of incidents 
jumped to 20 in fiscal 2005.

In fiscal 2006, four such security breaches have been confirmed, the 
sources said.

The information leaks did not include classified documents, but in eight 
cases, documents, including training data containing sensitive 
information capable of impeding the execution of plans were disclosed.

Furthermore, data on general operations and personal information, such 
as lists of GSDF members and related organizations that were compiled 
and used by individual members, as well as photos were exposed.

Following the February revelation of information leaks on Maritime 
Self-Defense Force destroyers, the agency immediately procured about 
56,000 computers for use by SDF members and prohibited members from 
using their own computers to handle SDF data.

An agency official said the agency's revelation that information had 
been exposed could result in more people searching for--and perhaps 
finding--compromised materials on the Internet, heightening the danger 
such information could be found and maliciously used.

Subscribe to InfoSec News

This archive was generated by hypermail 2.1.3 : Wed Jan 10 2007 - 22:39:49 PST