Identity theft and peer to peer filesharing

If you are an identity thief, you probably already know that P2P filesharing is a great way to steal someones personal information.

Peer to peer file sharing is a great technology used to share data over peer networks. It’s also great software to get hacked.

The House Committee on Oversight and Government Reform is responding to reports that peer to peer file sharing allows Internet users to access other P2P users’ most important files, including bank records, tax files, health records, and passwords. This is the same P2P software that allows users to download p2p pirated music, movies and software.

What’s interesting is that they didn’t already realize this was going on. Most of the committee members probably have kids, and their own home PCs probably have P2P software installed.

An academic from Dartmouth College found that he was able to obtain tens of thousands of medical files using P2P software. In my own research, I have uncovered tax returns, student loan applications, credit reports and Social Security numbers. I’ve found family rosters which include usernames, passwords and Social Security numbers for entire family. I’ve found Christmas lists, love letters, private photos and videos (naughty ones, too) and just about anything else that can be saved as a digital file.

Installing P2P software allows anyone, including criminal hackers, to access your data. This can result in data breaches, credit card fraud and identity theft. This is the easiest and, frankly, the most fun kind of hacking. I’ve seen reports of numerous government agencies, drug companies, mortgage brokers and others discovering P2P software on their networks after personal data was leaked.

Blueprints for President Obama’s private helicopters were recently compromised because a Maryland-based defense contractor’s P2P software had leaked them to the wild, wild web.

The House Committee on Oversight and Government Reform sent letters to the Attorney General and FTC Chairman, asking what the Department of Justice is doing to prevent the illegal use of P2P. Which is kind of ridiculous, because it’s not illegal to use P2P programs. Even if it were made illegal, P2P file sharing is a wild animal that can’t be tamed.

The letter also asks what the government is doing to protect its citizens. Okay. I’ve sat with both the FTC and the DoJ. These are not dumb people. I‘ve been very impressed by how smart they are. They know what they are doing and they see the major issues we face. But they are not in a position to prevent an Internet user from installing a free, widely accessible software, and subsequently being stupid when setting it up and unintentionally sharing their C-drive with the world. No government intervention can prevent this. The House Committee on Oversight and Government Reform should focus more on educating the public about the use of P2P file sharing.

Politicians are most likely being lobbied and funded by the recording and motion picture industries to put pressure on the providers of such software. Letters and government noise p2p-image will not do anything to stop file sharing. While there have been plenty of witch hunts leading to prosecutorial victories, the public will always be vulnerable. It is up to us, as individuals, to protect ourselves.

Don’t install P2P software on your computer.
If you aren’t sure whether a family member or employee has installed P2P software, check to see whether anything unfamiliar has been installed. A look at your “All Programs Menu” will show nearly every program on your computer. If you find an unfamiliar program, do an online search to see what it is you’ve found.
Set administrative privileges to prevent the installation of new software without your knowledge.
If you must use P2P software, be sure that you don’t share your hard drive’s data. When you install and configure the software, don’t let the P2P program select data for you.

Robert Siciliano Identity Theft Speaker video hacking P2P getting lots of fun data.

Tags: filesharing, identity, p2p, peer, theft, to

Add a Comment

You need to be a member of Geeks! to add comments!

Join this Ning Network

Comment by Identity Theft Expert Robert Siciliano on May 3, 2009 at 6:34am: Yes Bret. Please forward this.

Robert

Comment by Bret Spector on May 2, 2009 at 12:13pm: This is a great article. Good job getting this out to the people. I did not know this until you just now brought it to my attention. That link though with the letter addressed to the attorney general is proof enough, right?

Bret

Comment by AD on April 30, 2009 at 4:29pm: Goes to show you that people who don't take the time to learn how to use the technology they have are their own worst enemies. P2P is lame anyway, Bittorrent rocks!

Comment by tommy on April 30, 2009 at 10:09am: It's simple to just create a new folder on the desktop.And always check what's running at startup.And when finish downloading turn the program off and clean out your shared folder.It's strange that many dont know what's running at startup.Somethings dont appear by the clock.So it's hide.Do the run and msconfig then click start up.And if in doubt what you see,just do a google.I feel some need a computer course.Or get Geeky like us and read and learn what's going on.

Comment by Identity Theft Expert Robert Siciliano on April 30, 2009 at 8:45am: System001, good points. Many people have their P2P running when their PC starts up and they aren't watching the client all day, watching what is being uploaded from their PC. People who have their data being pulled from a P2P aren't smart enough to prevent it never mind turn sharing off. The point is in the wrong hands, P2P can be devastating to many people.

Comment by system001 on April 30, 2009 at 8:31am: in my view if someone is too stupid to setup there p2p correctly so only certain files and folders can be viewed they get get what they asked for. i have been using p2p for about a decade now without ever having my personal information accessed. what is missing from this article is the fact that you can see what is being uploaded. also missing from this article is the fact if push comes to shove uploading in these apps can be blocked completely.

Comment by Olrik on April 30, 2009 at 6:14am: Great Article Robert!
I will definitely bookmark this and show this to a couple of unsuspecting users ;)

Regards,
Olrik

Comment by Identity Theft Expert Robert Siciliano on April 30, 2009 at 2:48am: Thanks Ya'll!

Comment by Firebird7 on April 30, 2009 at 2:02am: Great article - Thanks for the info.

Comment by SassySweetBren on April 29, 2009 at 8:00pm: As always, you have written an excellent article. If only people would take more care in what they do online, there would be less identity theft.

I am not comfortable even using my main email address when online. In fact, I use an alias. The more I learn, the more I am aware of what can happen as a result of being careless.

This is something that all people need to read and adhere to. Thank you for posting it.