Search Slyck  
66,000 Names and Personal Details Leaked On P2P
April 29, 2006
Font Bigger Font Smaller
The personal details of 66,000 subscribers to a Japanese national newspaper have leaked online via file sharing software.

It is the latest in a long line of serious leaks in Japan, which have included sensitive military, police and medical records.

The newspaper, Mainichi Shimbun, has confirmed that names, addresses and phone numbers have all been leaked, but no financial information.

The information was originally part of a database being used by Mainichi Friend, who was an affiliate of the newspaper, according to the company. Mainichi Friend was managing a readers' club, which closed in late March.

The data emerged on a Japanese file sharing network called Share, which is being developed by an anonymous author as a successor to the popular Winny network. The developer of Winny was arrested in 2004.

Both Winny and Share use code based on the principles of Freenet to help obscure the link between IP addresses and shared folders, offering a certain level of anonymity.

The leak originated from an employee who moved the data onto his own computer, which had Share installed. Unknown to the employee, the computer also had a virus that shares the whole hard drive on the file sharing network.

Ironically, the leak was discovered by the paper’s own reporters, who were investigating cybercrime.

According to antivirus firm Trend Micro, it is the first major leak on the Share network, but is far from the first major leak in Japan.

Winny has recently been at the centre of a string of serious leaks, mostly due a virus called Antinny, which uploads files from private folders onto Winny’s distributed file cache.

Just last February, confidential information leaked from the personal computer of a petty officer in the Japanese Maritime Self-Defense Force (MSDF). As a result, the MSDF was forced to revise its random-number cipher codes for communications.

More recently, the U.S. military suffered when access codes to their Misawa base in Japan were leaked onto Winny by a Japanese interpreter, who worked for a military subcontractor. A daily report on warehouse repair work in the base also appeared on the network.

In November last year, access codes for restricted areas at 29 airports were leaked onto the network by an All Nippon Airways captain’s personal computer. Passwords for 17 airports were leaked a month later, this time from an infected copilot’s computer.

The worst two leaks came last month when the details of 3 years worth of investigations and 1,500 individuals leaked from a computer belonging to an Okayama Police investigator. Shortly afterwards, details of a further 4,400 people were leaked from a police inspector’s computer in the Ehime. The disclosed details of investigations date as far back as 1984. Again, the computer was running Winny and was infected with a virus which shared private folders. The exposed data includes the names of sex crime victims.

The police have apologized and launched a free telephone consultation service, but unlike airport security codes, the leaked information cannot simply be replaced.

Other leaks have involved confidential information on hospital patients in Toyama, more than 8,000 names and addresses from an advertising company’s database, corporate information about Yahoo! customers and even a list of supporters of a political party.

Once the data is on either the Winny or Share networks, it is very difficult to remove. To aid anonymity, files are automatically uploaded and cached within the network. Simply removing the infected computer will have little impact, even if no other users deliberately download or share the data.

Modern P2P networks do not automatically share folders which potentially contain sensitive information and the vast majority of these leaks were due to a virus, but the lessons from Japan are clear. Users should ensure they know what is being shared and regularly scan their computers for viruses and other malware.

The original version of this article stated that Winny and Share contained code from Freenet. As pointed out to by Freenet developers, this is not true. It is thought that Winny and Share were inspired by the design principles of Freenet, but do not contain any actual code and are both written in different programming languages. This article has been changed accordingly.

This story is filed in these Slyck News categories
File-Sharing/P2P Related :: Other

You can discuss this article here - 26 replies

© 2001-2019