Danger Lurking Behind Those Innocent Client Servers

Did you know that sharing your music or your videos on the net could expose you an entire network of criminals trying to access your personal data? And while you may be smug in the feeling that you are sharing just a few music files, you may well be sadly mistaken. A study was recently conducted by Dartmouth College's Tuck School of Business to examine the dangers of data disclosure inadvertently on file-sharing networks. This study involved examination of data relating to P2P searches and files of 30 top US banks. The period covered was a shade under two months, from Dec 2006 to Feb 2007. A search engine technology from Tiversa Inc. was used by the study group to collect and scrutinize all the P2P traffic that mentioned the banks under study by name, or mapped them to a particular digital footprint that was created by the University for each of the financial institutions that were being studied. Latest networks such as BitTorrent, FastTrack, Gnutella and eDonkey were used to gather the data for the study. The study found that an exceedingly high number of consumers doing simple tasks such as sharing music software on the P2P networks were inadvertently divulging sensitive data such as bank account and credit card details to criminals lurking around for such information. As per Eric Johnson, a study author and Professor of Operations at the Dartmouth’s Center for Digital Strategies, a significant number of individuals as well as firms face this risk from the peer-to-peer file sharing networks. What happens is this. When people share their files such as free music software and just plain music also, they are inadvertently exposing the entire contents of their computers to the entire network. This is quickly lapped up by criminal minds lurking around for this very purpose. The reason for the exposure is that the popular P2P clients like BearShare, Limewire, Morpheus, Kaaza etc are specifically designed to search for and retrieve certain types of media files on a user’s system. If the music files have accidentally been included in another folder, the contents of the entire folder would be exposed to the P2P network. If this folder happens to contain sensitive information, then be rest assured that all that sensitive information is going along with the music recording that you had done and wanted to share with your friends. Thus it becomes extremely important to control the access of the folders being shared. Another reason for the exposure is the confusing interfaces of some of these clients that may result in sharing of a folder that was not intended to be shared. Wizards included with the clients often manage to complicate the problem further, by searching for and recommending sharing of all kinds of media files in the entire computer. Just one of these files needs to be in a folder containing sensitive information. While some of the information could be leaked inadvertently, cybercriminals are increasingly using P2P networks to specifically search for and harvest such data. A considerable portion of the search terms that were analyzed appeared to be looking for account and user information, databases, routing and PIN numbers and passwords. It is the home users that account for a majority of the leaked information – as high as 80% of the entire data came from them. Most have limited knowledge of security systems that make them more vulnerable to data theft. Other stolen data came from bank systems or banks’ partners. So whether you are a home or a business user, you need to be extra vigilant the next time you decide to share some of  your files with your friends.