Identity thieves lurking in P-to-P networks

A former White House security advisor warned that P-to-P networks are being used by identity thieves.

Users of P-to-P (peer-to-peer) file-sharing services may be sharing more than they bargained for, a former White House cybersecurity advisor warned Thursday.

Security researchers have found thousands of files with sensitive information by searching through file-sharing networks, said Howard Schmidt, chief executive officer at R&H Security Consulting. Schmidt, who has also worked as chief security officer for Microsoft, made the comments during an SDForum seminar in Palo Alto, California, on Thursday.

Medical records, financial information and router passwords have all popped up on P-to-P networks, often after users inadvertently share folders containing the data. "People don't realize you're not just sharing your music," Schmidt said. "You're sharing your personal files."

Millions of households still use P-to-P services, though the practice of illegally downloading music from these services has been on the decline, according to the NPD Group research firm.

And with all of those possible victims, criminals see an opportunity to search these networks for sensitive information, Schmidt said. "These are real live search strings the bad guys are using: bank such-and-such statement for August, bank such-and-such May statement, account summaries, account stop payment, Internet scams, bank routing information," he said.

Some of the P-to-P searches have been more ominous, he added. "We've actually found people out there searching for how to make sarin gas."

Tiversa, a security company in Wexford, Pennsylvania, conducted the research. Schmidt is an advisor to Tiversa.

Hackers have already evolved sophisticated techniques for using Google's search engine to unearth data that has accidentally been exposed on Web sites. But with P-to-P hacking, attackers can get access to data on a victim's desktop.

"You can set something up for an hour, search for it, and you're gone," Schmidt said. He estimates that there are nearly four times as many P-to-P searches conducted each day as there are Google searches.

Ironically, a U.S. law enacted to help fight identity theft may be helping the bad guys.

The Fair Credit Reporting Act allows U.S. consumers to request a free credit report once every 12 months, but some P-to-P users are inadvertently sharing this information, Schmidt said. "They will go to the [free credit report] Web site, do all the validations necessary, download it on their desktop," he said. "Well what does it contain?... Some of them have full date of birth and all this other stuff: your credit cards, places you've lived, spouses' names, and on and on."

Medical records are another source of concern. Researchers found one physician accidentally sharing 97 files with patient data on them, Schmidt said. "I don't think if I was his patient, I would want this information out on any network, let alone a peer to peer network."

Join the newsletter!

Error: Please check your email address.
Rocket to Success - Your 10 Tips for Smarter ERP System Selection
Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Robert McMillan

IDG News Service
Show Comments

Cool Tech

Breitling Superocean Heritage Chronographe 44

Learn more >

SanDisk MicroSDXC™ for Nintendo® Switch™

Learn more >

Toys for Boys

Family Friendly

Panasonic 4K UHD Blu-Ray Player and Full HD Recorder with Netflix - UBT1GL-K

Learn more >

Stocking Stuffer

Razer DeathAdder Expert Ergonomic Gaming Mouse

Learn more >

Christmas Gift Guide

Click for more ›

Most Popular Reviews

Latest Articles

Resources

PCW Evaluation Team

Edwina Hargreaves

WD My Cloud Home

I would recommend this device for families and small businesses who want one safe place to store all their important digital content and a way to easily share it with friends, family, business partners, or customers.

Walid Mikhael

Brother QL-820NWB Professional Label Printer

It’s easy to set up, it’s compact and quiet when printing and to top if off, the print quality is excellent. This is hands down the best printer I’ve used for printing labels.

Ben Ramsden

Sharp PN-40TC1 Huddle Board

Brainstorming, innovation, problem solving, and negotiation have all become much more productive and valuable if people can easily collaborate in real time with minimal friction.

Sarah Ieroianni

Brother QL-820NWB Professional Label Printer

The print quality also does not disappoint, it’s clear, bold, doesn’t smudge and the text is perfectly sized.

Ratchada Dunn

Sharp PN-40TC1 Huddle Board

The Huddle Board’s built in program; Sharp Touch Viewing software allows us to easily manipulate and edit our documents (jpegs and PDFs) all at the same time on the dashboard.

George Khoury

Sharp PN-40TC1 Huddle Board

The biggest perks for me would be that it comes with easy to use and comprehensive programs that make the collaboration process a whole lot more intuitive and organic

Featured Content

Product Launch Showcase

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?