P2P: Prevent To Protect

In February, the US Federal Trade Commission, no less, sent letters to almost 100 organizations advising them that personal information had been "shared" on peer-to-peer file-sharing networks. This is not the first time P2P software has been blamed for disclosing sensitive information and other information security incidents, and I'm sure it won't be the last. I wonder what those 100 organizations did about it?

Come to that, what about the millions of other organizations that missed out on their FTC notices, oh and not forgetting the millions of individual home users using LimeWire, BearShare, Kazaa and dozens of other peer-to-peer file sharing networks?

“It sounds preposterous, but sensitive information leaking out unintentionally like this is amazingly common,” says Eric Johnson, director of digital strategies at Dartmouth’s Tuck School of Business. “Look at the file sharing networks and you’ll find people exposing things all the time.” In fact, data leakage via P2P networks has become so commonplace that there are cybercrime gangs who specialize in continually searching P2P sites for sensitive work documents. FTC investigators easily found health-related information, financial records, drivers’ license and social security numbers accessible on P2P networks — “the kind of information that could lead to identity theft,” says Leibowitz.

So how would you recommend people to limit their P2P risks? Here are some suggestions from US-CERT.