Users of P2P (peer-to-peer) file-sharing services may be sharing more than they bargained for, a former White House cybersecurity advisor has warned. Security researchers have found thousands of files with sensitive information by searching through file-sharing networks, said Howard Schmidt, CEO at R&H Security Consulting. Schmidt, who has also worked as chief security officer for Microsoft, made the comments during an SDForum seminar.
Medical records, financial information and router passwords have all popped up on P2P networks, often after users inadvertently share folders containing the data. "People don't realise you're not just sharing your music," Schmidt said. "You're sharing your personal files."
Millions of households still use P2P services, though the practice of illegally downloading music from these services has been on the decline, according to the NPD Group research firm. And with all of those possible victims, criminals see an opportunity to search these networks for sensitive information, Schmidt said. "These are real live search strings the bad guys are using: bank such-and-such statement for August, bank such-and-such May statement, account summaries, account stop payment, internet scams, bank routing information," he said.
News source: Macworld UK
Medical records, financial information and router passwords have all popped up on P2P networks, often after users inadvertently share folders containing the data. "People don't realise you're not just sharing your music," Schmidt said. "You're sharing your personal files."
Millions of households still use P2P services, though the practice of illegally downloading music from these services has been on the decline, according to the NPD Group research firm. And with all of those possible victims, criminals see an opportunity to search these networks for sensitive information, Schmidt said. "These are real live search strings the bad guys are using: bank such-and-such statement for August, bank such-and-such May statement, account summaries, account stop payment, internet scams, bank routing information," he said.
News source: Macworld UKSome of the P2P searches have been more ominous, he added. "We've actually found people out there searching for how to make sarin gas." Tiversa, a security company in Wexford, Pennsylvania, conducted the research. Schmidt is an advisor to Tiversa.
Hackers have already evolved sophisticated techniques for using Google's search engine to unearth data that has accidentally been exposed on websites. But with P2P hacking, attackers can get access to data on a victim's desktop. "You can set something up for an hour, search for it, and you're gone," Schmidt said. He estimates that there are nearly four times as many P2P searches conducted each day as there are Google searches.
Ironically, a US law enacted to help fight identity theft may be helping the bad guys.
The Fair Credit Reporting Act allows US consumers to request a free credit report once every 12 months, but some P2P users are inadvertently sharing this information, Schmidt said. "They will go to the [free credit report] website, do all the validations necessary, download it on their desktop," he said. "Well what does it contain? Some of them have full date of birth and all this other stuff: your credit cards, places you've lived, spouses' names, and on and on."
Medical records are another source of concern. Researchers found one physician accidentally sharing 97 files with patient data on them, Schmidt said. "I don't think if I was his patient, I would want this information out on any network, let alone a peer-to-peer network."
Computer security is no ones reposability but your own
Computer security is no ones reposability but your own
People get screwed over with things like this because they don't know any better. Nobody keeps their credit card info or financial/personal information unprotected because "they don't care" about their security, it's because they don't know any better, they didn't know they were sharing it in the first place. Nobody wants to be a victim of this kind of thing.
It's common sense; don't do it if you don't konw, and if you don't know ask someone who does.
People who don't know any better shouldn't be using P2P networks. They probably shouldn't be using the Internet either. I'm sure a person could ask a friend to educate them or take a class at a community college or something.
But in my experience some people are just stupid dopes that shouldn't be allowed near a computer and definitly not on the Internet for their own protection.
Computer security is no ones reposability but your own
People get screwed over with things like this because they don't know any better. Nobody keeps their credit card info or financial/personal information unprotected because "they don't care" about their security, it's because they don't know any better, they didn't know they were sharing it in the first place. Nobody wants to be a victim of this kind of thing.
still, people ring me up and pay me to clear up the mess thats caused afterwards.
I guess there will always be business for me
Computer security is no ones reposability but your own
People get screwed over with things like this because they don't know any better. Nobody keeps their credit card info or financial/personal information unprotected because "they don't care" about their security, it's because they don't know any better, they didn't know they were sharing it in the first place. Nobody wants to be a victim of this kind of thing.
still, people ring me up and pay me to clear up the mess thats caused afterwards.
I guess there will always be business for me
Very true, security and spyware make up so much of the business from repair nowadays. The funny thing is someone who knows nothing about security or how to use a computer is soooo unsafe infront of a Windows machine on the Internet. Amazingly enough for a non-geek to be in front of a Linux or Mac OS box they are probably safer. But like you said, there is lots of money to be made off of unknowing people!
Edit: Also, its stories like these that help to make people aware of the risks of using p2p, that is basically to remember what you are sharing and keep your files organized so you know what exactly you are making public to the world
People who don't know any better shouldn't be using P2P networks. They probably shouldn't be using the Internet either. I'm sure a person could ask a friend to educate them or take a class at a community college or something.
But in my experience some people are just stupid dopes that shouldn't be allowed near a computer and definitly not on the Internet for their own protection.
No crusade against them, just saying that they should be made aware of the risks instead of not being allowed near a computer. Maybe it's up to the people that make the P2P software to start including warnings when you select your shared folders. Anything to alert someone who might not know better I would think. I don't think it's about calling someone stupid and saying you don't think they should be allowed online, it's all about educating people and warning them so they know better
its not like the folders are auto setup to share it by default
Try searching for tax documents, or account information. You may be surprised at the number of results...
They're implying that P2P programs leak your personal information to the world, and that's just not true.
Yes, if you go and put your credit report out there in a torrent then it is available, but it won't be a popular item... who want's to look at your boring old credit report?
If I sound to some of you as if I am an elitist, fine, maybe I am, but I have earned the right to be.
Last edited by roadwarrior on 26 Jun 2006 - 20:13
Lots of people do. Connect to LimeWire or other similar P2P programs and you will see that there are still millions of active users. That is the whole point of this article.
Usually you're even presented with a wizard where you select the folders to share, and people still mess up... :p
Maybe they should just not sit infront of a computer, much less store anything important on it.
"But with P2P hacking, attackers can get access to data on a victim's desktop. "You can set something up for an hour, search for it, and you're gone"
M4D_sKi11z involved in being able to search on kazaa and the alike when theres enough morons out there who share the whole of their c: drive.
There was something every similar to this on BBC or ITV news a while and was full of just as much BS.
It's basically like saying: "There are hundreds of thousands of thieves who pillage homes that aren't properly locked!". Really, Neowin should change its motto to "Where unprofessional journalism and sensationalism looks better", for even a nice part of the "geek population" take everything that's said here as 100% truthful.
Not that I have anything against that, it makes good entertainment!
More education is needed but more importantly, more sources for music. It will put anyone off saying "you must download itunes, then go to the music store, put in your credit card details, pay. Oh and by the way, you cant use that music on your iriver or creative."
Stupidness
LMAO I'm sure this is true. Pirating music is so last year.
LMAO I'm sure this is true. Pirating music is so last year.
Pirating was so not last year, I only ever pirated PS1 games and when was that out?
oh lets try and scare people into not downloading from p2p now... nice... i wonder whats next
#20 Posted by Scutley on 26 Jun 2006 - 20:06
this article is just trying to scare people from p2p, don't fall for it
EXACTLY what i was thinking just by looking at the title. wonder if the mpaa originally made up this report lol
As web geeks, we all know the what to do and what not to do's for security and safety online. The majority of the people who do set their p2p up and don't realize they've shared their entire HDD are the one's at risk here. But like anything on the web lately, along with anything offline...it's all a matter of security. This article, in my opinion, is nothing more than a pathetic attempt from the Whitehouse to push more scare tactics to average joe blow on the web. Keep them in fear is all it is. You scare people into thinking that p2p programs are the root of all evil with regards to personal security online and voila, all the sheep stop using the program. Too bad the Whitehouse doesn't realize that it really doesn't work that way on the web.
If anything, the Whitehouse should set a bill that bans the bundling of bloatware and shady software onto new systems that are being purchased in the states and they should be working on passing the anti-spyware bill with stiff penalties for companies both home and abroad. Too bad that both of these things add up to huge revenues that are turned around and used to fund certain campaigns etc...within the states. Why would I try and stop something if I'm benefiting from it, right?
Security is essential on the web, but above all that education is. People figure they are protected because they have an antivirus or some sort of software security suite. That's fine and dandy, but I would rather learn to fish than have someone give me the fish. Education is the key for a safer world wide web. As it stands right now, it's just the wild wild web.
Just my two bits.
Commenting has either been disabled on this article or you are not logged in. Click here to login or register, its free!
Note: Anonymous commenting is disabled in order to keep the quality of responses to a high standard.