Japanese cop exposes confidential information on 6,000 people using P2P (file-sharing) software

Japanese police car picture courtesy of Flickr

We spend a lot of MONEY protecting computer systems and the information in them. Despite this, information is stolen or compromised from computers, pretty frequently.

One reason for this is it only takes one person, with access to compromise a system and it's security.

Recently, Japan Today, disclosed that a policeman did just this by using P2P file sharing software:

Personal information on some 12,000 people related to criminal investigations has leaked onto the Internet from a computer of a Tokyo police officer via Winny file-sharing software, the Metropolitan Police Department said Friday. This is believed to be the largest volume of data leaked from the police on record, the department said.

In case you've never been exposed to P2P (file sharing) software, it's normally used to share porn, movie, or music files.

Wikipedia lists the dangers of using this type of software, of which there are many:

• poisoning attacks (e.g. providing files whose contents are different from the description)
  
  
• polluting attacks (e.g. inserting "bad" chunks/packets into an otherwise valid file on the network)
  
  
• defection attacks (users or software that make use of the network without contributing resources to it)
  
  
• insertion of viruses to carried data (e.g. downloaded or carried files may be infected with viruses or other malware)
  
  
• malware in the peer-to-peer network software itself (e.g. distributed software may contain spyware)
  
  
• denial of service attacks (attacks that may make the network run very slowly or break completely)
  

• filtering (network operators may attempt to prevent peer-to-peer network data from being carried)
  
  
• identity attacks (e.g. tracking down the users of the network and harassing or legally attacking them)
  

• spamming (e.g. sending unsolicited information across the network- not necessarily as a denial of service attack)

Using any of these services, normally slows a computer down to a slow crawl. It can even destroy your computer.

Besides that, it's illegal to share copyrighted material (I think it's considered stealing). Not a very good situation for a policeman to get caught up in. What was he thinking?

Japan Today story, here.

Here is another post, I wrote about the murky world of P2P last year:

How P2P Software like Limewire Compromises Personal and Financial Information

Attrition.org tracks how often information is compromised, and the reasons why, here.

How P2P Software like Limewire Compromises Personal and Financial Information

The Denver DA's office recently discovered a lot of personal and financial information exposed by users of P2P (peer to peer) software like "Limeware."

The concern is that this information might be "easily used" to steal identities and commit financial crimes, or worse.

Other well known peer to peer networks besides Limeware are WinMX, Kazaa, Azureus, Bearshare, Zango and Morpheus.

Parents should note that a lot of times, children often are lured into downloading P2P software. My personal experience was when when my daughter downloaded Kazaa on a home computer. Unfortunately, besides music, we got a lot of adware/spyware in the "package," also.

The end result was having to pay someone to "unclog" my system.

According to Wikipedia:

P2P technology as a computer "network that relies primarily on the computing power and bandwidth of the participants in the network rather than concentrating it in a relatively low number of servers. P2P networks are typically used for connecting nodes via largely ad hoc connections. Such networks are useful for many purposes. Sharing content files (see file sharing) containing audio, video, data or anything in digital format is very common, and realtime data, such as telephony traffic, is also
passed using P2P technology.

The dangers of P2P software have been well documented and the FTC has even issued a warning about the use of it, here.

If you insist on using it -- I would highly recommend reading an article by Thomas Mennecke at Slyck News -- where he explains exactly how users are compromised and how they might avoid the problem.

In his own words:

There’s little doubt the threat of identity theft continues to plague the online world – and has become highly focused on P2P. Yet this serious security threat is also the easiest to avoid. This threat to the security of the end user occurs for one reason, and one reason alone.

Link to story about Denver DA finding personal and financial information, here.

Link to Slyck article, here.

Here is a post I did - based on another post by Paul Young (fellow blogger) - on Zango:

Prying1 - Digging Up the Dirt on Zango and Who Advertises for Them