Cyber Safety

In the first case in the US that involved peer-to-peer file sharing programs, a Seattle resident was indicted by a federal grand jury for mail fraud, two counts of aggravated identity theft and accessing a protected computer without authorization to perpetrate further fraud.

The indictment alleged that the man used file sharing programs (including the “Limewire” program) to invade the computers of other people to get access to their income tax returns, bank statements, credit reports and student financial aid applications.

The man then used these identities and records to open credit accounts over the Internet, and afterwards made fraudulent online purchases, had the goods shipped to various mailboxes, and then sold the merchandise at half the retail value. The man had victimized at least 80 people and fraudulently earned more than $70,000.

The US Attorney’s Office asked executives of a computer security firm to provide information on the growing threat that file sharing programs pose to consumers. The executives said that millions of consumers expose sensitive personal information when they use peer-to-peer (P2P) file sharing networks. This enables thousands of potential criminals every day to search and obtain this information, and to commit identity theft and fraud.

Many experts have warned against the use of P2P networks and software. P2P networks tend to expose computer hard drives to foul-play. It is very easy for identity thieves to gain unauthorized entry into people’s computers through the unsecured P2P networks.

This arrest brings to mind the research report published by Dartmouth University’s business school. The report said there were strong indications that breaches in corporate data systems could be traced back to P2P network usage by employees.

The study said that P2P users reached 4 million people in 2003, but by the time the report was published in May 2007, the number was estimated to have increased at least two times. The more alarming finding was that despite efforts of corporate officers and network security officers to monitor and discourage the use of P2P networks in the workplace, many employees continue to violate the rules and, at the same time, it was difficult to keep pace with the P2P networks’ swiftly evolving nature.

Organizations that operate computer networks should be aware of the risks involved in P2P programs. The employees’ use of P2P networks to share files exposes the employers’ proprietary databases to P2P hackers. Databases storing sensitive information such as employees’ birth dates, Social Security numbers and credit card numbers become the prime targets.