When FTC sends a warning, data theft has jumped the shark

• Tweet

March 3rd, 2010 - Posted by Robert Siciliano

Robert Siciliano is a NextAdvisor.com Expert Guest Blogger

When Fonzie jumped the shark, that spelt the end of Happy Days.

The FTC's warning to 100 companies and agencies, that their employees are leaking client and sensitive data on the web via Peer to Peer file sharing (P2P), is the single most pathetic and embarrassing communication to come across the desk of an IT professional. This is old news, and the FTC seems far behind. As Trautman tells Rambo, "it's over, Johnny, it's over!"

The FTC certainly has their hands full with the mess of information security that we call identity theft. I've met some from the FTC. These are smart people who are doing the best they can with what they have to work with. But government is usually the last to be on top of what is new and ahead of what is next. Especially, with technology issues. Generally, they are reactive and fix it after it's broke. They step in when there is a problem and work to fix it so it's not a problem in the future.

How is it that after hundreds of data breaches and numerous articles that all point to leaks via P2P, there are still companies who allow the installation of technology that opens a big hole in your network?It's a hole big enough for a car bomb.

As Byron Acohido eloquently stated, "the Federal Trade Commission today finally voiced concern about the long-known problem of data leaking into criminal hands via LimeWire, BearShare, Kazaa and dozens of other peer-to-peer (P2P) file sharing networks." The operative word here being "finally." Why are we having this conversation?

For the under a rock crowed, P2P has been around since before the days of Napster. Peer to peer file sharing is a great technology used to share data over peer networks. It's also great software for getting your computer hacked.

Last year the House Committee on Oversight and Government Reform responded to reports that peer to peer file sharing allows Internet users to access other P2P users' most important files, including bank records, tax files, health records, and passwords. This is the same P2P software that allows users to download pirated music, movies and software.

An academic from Dartmouth College found that he was able to obtain tens of thousands of medical files using P2P software. In my own research, I have uncovered tax returns, student loan applications, credit reports and Social Security numbers. I've found family rosters which include usernames, passwords and Social Security numbers for an entire family. I've found Christmas lists, love letters, private photos and videos (naughty ones, too) and just about anything else that can be saved as a digital file.

Installing P2P software allows anyone, including criminal hackers, to access your data. This can result in data breaches, credit card fraud and identity theft. This is the easiest and frankly, the most fun kind of hacking. I've seen reports of numerous government agencies, drug companies, mortgage brokers and others discovering P2P software on their networks after personal data was leaked.

Blueprints for President Obama's private helicopters were recently compromised because a Maryland-based defense contractor's P2P software had leaked them to the wild, wild web.

Here's how to stay out of the P2P mess:

• Don't install P2P software on your computer.

• If you aren't sure whether a family member or employee has installed P2P software, check to see whether anything unfamiliar has been installed. A look at your "All Programs Menu" will show nearly every program on your computer. If you find an unfamiliar program, do an online search to see what it is you've found.

• Set administrative privileges to prevent the installation of new software without your knowledge.

• If you must use P2P software, be sure that you don't share your hard drive's data. When you install and configure the software, don't let the P2P program select the shared data for you.

Robert Siciliano Identity Theft Speaker video hacking P2P getting lots of fun data.

Robert Siciliano is CEO of IDTheftSecurity.com, an identity theft expert, professional speaker, security analyst, published author and television news correspondent. Siciliano works with Fortune 1000 companies and startups as an advisor on product launches, branding, messaging, representation, SEO and media. Siciliano's thoughts and advice on all these matters appear often in both the televised and print news media including CNN, MSNBC, CNBC, FOX, Forbes and USA Today. He has 25 years of security training as a member of the American Society of Industrial Security. He is the author of two books, including The Safety Minute: Living on High Alert; How to take control of your personal security and prevent fraud. He's also partnered with Intelius to help raise awareness about the growing threat of identity theft and to provide tips on how you can protect yourself.