The Yomiuri Shimbun
Jan. 9, 2007
Members of the Ground Self-Defense Force have inadvertently allowed
information to be exposed in 27 cases via the Winny file-sharing program
installed on their personal computers between fiscal 2002 and the end of
October, sources close the GSDF said Monday.
In addition to the 27 cases, four other cases have previously been
brought to light.
The Defense Agency has not released information about any of the data
breaches, including what had been disclosed, the sources said.
In four cases, information was exposed after the agency announced
measures in April to prevent further incidents.
The information leaks have brought to light lax informational security
controls on information the agency had put in place, despite the fact it
was to be upgraded to a ministry Tuesday.
According to the sources, GSDF members were involved in security
breaches related to Winny once in fiscal 2002, three times in fiscal
2003 and another three times in fiscal 2004, but the number of incidents
jumped to 20 in fiscal 2005.
In fiscal 2006, four such security breaches have been confirmed, the
The information leaks did not include classified documents, but in eight
cases, documents, including training data containing sensitive
information capable of impeding the execution of plans were disclosed.
Furthermore, data on general operations and personal information, such
as lists of GSDF members and related organizations that were compiled
and used by individual members, as well as photos were exposed.
Following the February revelation of information leaks on Maritime
Self-Defense Force destroyers, the agency immediately procured about
56,000 computers for use by SDF members and prohibited members from
using their own computers to handle SDF data.
An agency official said the agency's revelation that information had
been exposed could result in more people searching for--and perhaps
finding--compromised materials on the Internet, heightening the danger
such information could be found and maliciously used.
Subscribe to InfoSec News