By Robert Siciliano, IDTheftSecurity.com
When Fonzie jumped the shark on his HOG, that spelt the end of Happy Days.
The FTC sending a warning to 100 companies and agencies that their employees are leaking client and sensitive data on the web via Peer to Peer file sharing (P2P) is the single most pathetic and embarrassing communication to come across the desk of an IT professional. It’s over, Johnny IT’S OVER!
The FTC certainly has their hands full with the mess of information security that we call identity theft. I’ve met some from the FTC. These are smart people who are doing the best they can with what they have to work with.
But government is usually the last to be on top of what is new and ahead of what is next. Especially, with technology issues. Generally, they are reactive and fix it after it’s broke. They step in when there is a problem and work to fix it so it’s not a problem in the future.
How is it that after hundreds of data breaches and numerous articles that all point to leaks via P2P, there are still companies who allow the installation of technology that opens a big hole in your network, big enough for a car bomb?
As Byron Acohido eloquently stated, “The Federal Trade Commission today finally voiced concern about the long-known problem of data leaking into criminal hands via LimeWire, BearShare, Kazaa and dozens of other peer-to-peer (P2P) file sharing networks.”
The operative word here being “FINALLY!” Why are we having this conversation?
For the under-a-rock crowed, P2P has been around since before the days of Napster. Peer-to-peer file sharing is a great technology used to share data over peer networks. It’s also great software to get hacked.
Last year the House Committee on Oversight and Government Reform responded to reports that peer to peer file sharing allows Internet users to access other P2P users’ most important files, including bank records, tax files, health records, and passwords.
This is the same P2P software that allows users to download pirated music, movies and software.
An academic from Dartmouth College found that he was able to obtain tens of thousands of medical files using P2P software. In my own research, I have uncovered tax returns, student loan applications, credit reports and Social Security numbers.
I’ve found family rosters which include usernames, passwords and Social Security numbers for entire family. I’ve found Christmas lists, love letters, private photos and videos (naughty ones, too) and just about anything else that can be saved as a digital file.
Installing P2P software allows anyone, including criminal hackers, to access your data. This can result in data breaches, credit card fraud and identity theft. This is the easiest and frankly, the most fun kind of hacking. I’ve seen reports of numerous government agencies, drug companies, mortgage brokers and others discovering P2P software on their networks after personal data was leaked.
Blueprints for President Obama’s private helicopters were recently compromised because a Maryland-based defense contractor’s P2P software had leaked them to the wild, wild Web.
- Don’t install P2P software on your computer.
- If you aren’t sure whether a family member or employee has installed P2P software, check to see whether anything unfamiliar has been installed. A look at your “All Programs Menu” will show nearly every program on your computer. If you find an unfamiliar program, do an online search to see what it is you’ve found.
- Set administrative privileges to prevent the installation of new software without your knowledge.
- If you must use P2P software, be sure that you don’t share your hard drive’s data. When you install and configure the software, don’t let the P2P program select data for you.
Copyright © 2008 To Present · Information-Security-Resources.com
Robert Siciliano is an expert on personal security and identity theft as the CEO of IDTheftSecurity.com.
Only registered users can write comments.
Please login or register.