Peer-to-Peer music transfer may not be as secure as you think for the rest of your sensitive files. A recent study by the Dartmouth College has exposed the risks associated with file sharing on the internet.
Did you know that sharing your music or your videos on the net could
expose you an entire network of criminals trying to access your
personal data? And while you may be smug in the feeling that you are
sharing just a few music files, you may well be sadly mistaken.
A study was recently conducted by Dartmouth College's Tuck School of
Business to examine the dangers of data disclosure inadvertently on
file-sharing networks. This study involved examination of data relating
to P2P searches and files of 30 top US banks. The period covered was a
shade under two months, from Dec 2006 to Feb 2007.
A search engine technology from Tiversa Inc. was used by the study
group to collect and scrutinize all the P2P traffic that mentioned the
banks under study by name, or mapped them to a particular digital
footprint that was created by the University for each of the financial
institutions that were being studied. Latest networks such as
BitTorrent, FastTrack, Gnutella and eDonkey were used to gather the
data for the study.
The study found that an exceedingly high number of consumers doing simple tasks such as sharing music software
on the P2P networks were inadvertently divulging sensitive data such as
bank account and credit card details to criminals lurking around for
such information. As per Eric Johnson, a study author and Professor of
Operations at the Dartmouth’s Center for Digital Strategies, a
significant number of individuals as well as firms face this risk from
the peer-to-peer file sharing networks.
What happens is this. When people share their files such as free music software
and just plain music also, they are inadvertently exposing the entire
contents of their computers to the entire network. This is quickly
lapped up by criminal minds lurking around for this very purpose.
The reason for the exposure is that the popular P2P clients like
BearShare, Limewire, Morpheus, Kaaza etc are specifically designed to
search for and retrieve certain types of media files on a user’s
system. If the music files have accidentally been included in another
folder, the contents of the entire folder would be exposed to the P2P
network. If this folder happens to contain sensitive information, then
be rest assured that all that sensitive information is going along with
the music recording
that you had done and wanted to share with your friends. Thus it
becomes extremely important to control the access of the folders being
Another reason for the exposure is the confusing interfaces of some of
these clients that may result in sharing of a folder that was not
intended to be shared. Wizards included with the clients often manage
to complicate the problem further, by searching for and recommending
sharing of all kinds of media files in the entire computer. Just one of
these files needs to be in a folder containing sensitive information.
While some of the information could be leaked inadvertently,
cybercriminals are increasingly using P2P networks to specifically
search for and harvest such data. A considerable portion of the search
terms that were analyzed appeared to be looking for account and user
information, databases, routing and PIN numbers and passwords.
It is the home users that account for a majority of the leaked
information – as high as 80% of the entire data came from them. Most
have limited knowledge of security systems that make them more
vulnerable to data theft. Other stolen data came from bank systems or
So whether you are a home or a business user, you need to be extra
vigilant the next time you decide to share some of your files with