Business & Finance
05:02 PM
Connect Directly
Repost This

Beware P2P Networks With A Tunnel To Confidential Data, Study Warns

Many of the biggest breaches in recent years were inadvertent disclosures, Dartmouth business school researchers found.

Peer-to-peer networks could be more than a nuisance in the workplace, they might also be providing cyberthieves with a tunnel into your most confidential data. So says a new study of corporate data leaks released Tuesday by Dartmouth business school researchers.

"Many of the biggest breaches in recent years were inadvertent disclosures," says Eric Johnson, professor of operations management at Dartmouth's Tuck School of Business and director of the school's Glassmeyer/McNamee Center for Digital Strategies. Johnson co-authored the study along with Scott Dynes, a senior research fellow at Dartmouth's Institute for Security Technology Studies.

One of the major problems, they found, was that users were insufficiently protecting their files and data from peer-to-peer networks. "Like most people I talked to, I underestimated the scope of the problem," Johnson told InformationWeek. "The kinds of leaks coming out of these organizations would make their hair stand on end, in terms of both the amount and type of information leaked."

The Dartmouth study notes that there are an estimated 10 million users sharing music, video, software, and photos over peer-to-peer networks, up from about 4 million in 2003. This doesn't even include BitTorrent, a popular peer-to-peer application for video files that's difficult to monitor. Meanwhile, efforts by ISPs, corporations, and copyright holders to limit peer-to-peer through technology (such as site blocking, traffic filtering, and content poisoning) or through the courts (the most notable being the Recording Industry Association of America prosecution of individual users and file sharing firms) have prompted peer-to-peer developers to create decentralized, encrypted, anonymous networks that can find their way through corporate and residential firewalls.

"These networks are almost impossible to track, are designed to accommodate large numbers of clients, and are capable of transferring vast amounts of data," the study says.

And now the bad news. Criminals are actively searching peer-to-peer networks for any personal information they can use to commit identity theft. There are several ways for confidential data to find its way to a peer network, including instances where users accidentally share folders containing such data, users store music and other data in the same folder that is shared, or users download malware that exposes their file directories to the network. A lot of identity theft victims "don't realize that their son was on LimeWire last night sharing their financial information," Johnson says. "Much of this software has interface designs that are confusing and even deceptive in a way that gets people to share, without knowing it, their whole hard drive."

1 of 2
Comment  | 
Print  | 
More Insights
The Agile Archive
The Agile Archive
When it comes to managing data, donít look at backup and archiving systems as burdens and cost centers. A well-designed archive can enhance data protection and restores, ease search and e-discovery efforts, and save money by intelligently moving data from expensive primary storage systems.
Register for InformationWeek Newsletters
White Papers
Current Issue
InformationWeek Elite 100 - 2014
Our InformationWeek Elite 100 issue -- our 26th ranking of technology innovators -- shines a spotlight on businesses that are succeeding because of their digital strategies. We take a close at look at the top five companies in this year's ranking and the eight winners of our Business Innovation awards, and offer 20 great ideas that you can use in your company. We also provide a ranked list of our Elite 100 innovators.
Twitter Feed
Audio Interviews
Archived Audio Interviews
GE is a leader in combining connected devices and advanced analytics in pursuit of practical goals like less downtime, lower operating costs, and higher throughput. At GIO Power & Water, CIO Jim Fowler is part of the team exploring how to apply these techniques to some of the world's essential infrastructure, from power plants to water treatment systems. Join us, and bring your questions, as we talk about what's ahead.