So far it has spilled military secrets and the private phone numbers of TV stars, airport security access codes and elementary school children’s grades.
And the dirty work of this computer virus may not be done.
With almost daily reports of more private information being pumped from personal computers and splashed over the Internet, there is a growing unease that Japan is under insidious attack from within.
The culprit is a digital worm that infects computers using the file-sharing Winny software, a Japanese computer program that, like the infamous Napster, was designed to allow people to easily swap music and movie files.
Normally such leaks would mean nothing more serious than acute embarrassment to victims whose personal photographs or private video collection gets uploaded onto the Web for anyone to see. But the particular danger of this virus, dubbed Antinny, stems from the fact that it has exploited what turns out to be a bad Japanese habit.
This is a country where millions of people are taking their work home with them. On personal computers.
Soldiers and securities traders, doctors and cops in Japan have become accustomed to loading job-related data onto their personal computers to work after hours. But with many of those computers also running Winny software, chunks of confidential data have been surreptitiously leaked online, where they are extremely difficult to expunge.
The list of betrayed secrets is long and getting longer: personal details of 10,000 prisoners from a Kyoto prison officer’s computer; information about crime victims, informants and statements from suspects uploaded from a policeman’s home computer; access codes to 29 airports from an airline pilot’s PC; and the details of surgical procedures on 2,800 patients at a private hospital from the computer of a clerk. All have found their way onto the Internet.
No one knows who developed the virus, though different versions of Antinny have been attacking computers for at least two years.
“The issue is not the quality of the virus,” says Takefumi Tanabe, a software advisor at Japan’s Ministry of Economy, Trade and Industry. “The issue is the quality of the information being leaked.”
Perhaps most embarrassing have been the leaks from Japan’s Self-Defense Forces, including data on surface-to-air missile tests and details of “Battle Scenario Training” for a simulated crisis on a transparently code-named “K Peninsula.”
The military reacted by ordering all personnel to remove Winny from their home computers and to stop taking military data home with them. That widespread practice within the military was caused by a shortage of computers, and defense officials said they would immediately buy 56,000 computers to help separate work from home use.
The Winny software is not illegal to download and install. But if the music or video files being shared are protected by copyright, users can be prosecuted.
In 2003, two users were jailed and prosecuted. Shortly thereafter, in May 2004, Kyoto police arrested Isamu Kaneko, now 34, an assistant professor at the University of Tokyo who had developed the peer-to-peer software two years earlier. He has been out on bail since June 2004, and his trial is ongoing. Facing up to three years in prison, he has become a martyr for advocates of an unfettered Internet.
Several technology companies have been developing anti-virus software for Winny, and the government has set up a hotline with dozens of experts available to take questions on how to rid PCs of it. But fears of more sensitive information flowing from home computers to the Internet prompted Shinzo Abe, the chief Cabinet secretary and second most powerful politician in government, to urge the Japanese public last week to stop using Winny altogether.
“We won’t be able to prevent information leaking unless every citizen is watchful and takes appropriate measures,” Abe said. “The surest measure is not to use Winny.”
Among those taking note are Japanese police departments, which have been embarrassed to admit that many of their officers stored police information on personal computers running Winny.
“Winny is a software that has been charged with breaching copyright rules, and to install that program into their own computers and use it means members of the police force are lacking in understanding of their own roles,” National Police Agency head Iwao Urushima said at a news conference this month.
The agency ordered its officers to stop using their own computers for work. One local police chief ordered his officers to sign a pledge that they wouldn’t use Winny.
But Kaneko, Winny’s developer, says he has the solution to everyone’s problems: an anti-virus patch that he claims to have developed and is trying to patent.
The only hitch: He is still in court, fighting his case.
“If I hadn’t been arrested, I could have dealt with it,” he said outside the Kyoto courtroom this month. “And this problem wouldn’t have happened.”
Hisako Ueno of The Times’ Tokyo Bureau contributed to this report.