Probably the worst nightmare of the data protection specialist is the idea of a trusted member of the organization loading confidential data onto a home machine that is connected to a P2P file sharing network. These events happen all the time and they are inevitable. The latest incident occurred in Hong Kong.
From the article:
“Hong Kong - A government investigation was underway Friday after it was revealed that confidential files from the Immigration Department had been mistakenly leaked on to the internet.
The list, which contained a list of the names of people for officers to watch, plus travel document information and travel records, has been available on the internet since Monday through a file-sharing programme called "Foxy."
The blunder occurred after a newly-recruited immigration officer working at the Lok Ma Chau border point took home some old classified files to study without authorisation.
His computer contained the "Foxy" programme and when he connected to the internet, the files were distributed without his knowledge.”
That information fits most people’s definition of “confidential”. It brings to mind the trip I took to one of the more distant US States. I met with the IT security folks for the State government. They informed me in no uncertain terms that their security was non-existent. They never expired user credentials when someone left the employ of the State. They had open terminals at DMV offices that anyone could access. It was scary. My next visit was to the police department in the State capital. They informed me that they were completely secure- no issues. On further questioning I learned that they felt this way because they had a single connection to the Internet behind a firewall protecting their web server. The only other network they were connected to (without a firewall) was the State’s! I also learned that officers kept the contact database of undercover police on their desktops which contained real names and home addresses. Talk about life and death data. Imagine if that data leaked onto a peer to peer network.
About Stiennon
Richard Stiennon is a security industry innovator. He is currently consulting, speaking and writing on all manner of security topics and has just announced the launch of Seccom Global, a Managed Security Service Provider focused on UTM. He was most recently chief marketing officer for Fortinet. He has served stints at PricewaterhouseCoopers, Gartner, and Netrex, the world's first managed security service provider.
|
|
Japan has many data loss incident by P2P
We have a lot of data loss incidents by Winny that is Japanese famous P2P software.
The url below is updating these incidents.
You can see a lot of cases, but sorry it is in Japanese.
http://www.geocities.jp/winny_crisis/
Japanese Government comments that Winny is an unwanted software.
The developer of winny was arrested because he helped illegal copy in the p2p network.
Some ISPs limit to use P2P by the support by Government.
Should P2P software be prohibited by Government?