Business & Finance
11:15 AM

Our P2P Investigation Turns Up Business Data Galore

We search the Gnutella network and find hordes of personal and business information that could ruin more than a few lives and give lots of companies PR nightmares.

As I honed my technique, I got more reliable results. The search term "minutes" led me to what looked like the computer of a highly placed staffer of a state political party. There were files with the home and cell phone numbers of senators, confidential meeting notes, and fund-raising plans.

I came across a veterinary clinic, with listings of pets and their owners' billing information. A medical office revealed spreadsheets listing patients' names along with their HIV and hepatitis status. Wow. In between the vacation photos, there were piles of resumés, and one computer had a slew of court documents regarding a sticky divorce.

Among all this, a pattern emerged. Someone was sharing a large number of design specifications and orders for clothing, each labeled with the major retailer that had ordered the designs, along with correspondence between the suppliers and factories concerning the orders.

Another person appeared to be the owner of a cell-tower consulting firm. In front of me were files with site surveys and feasibility studies of various tower locations for several national carriers. Were I so inclined, I could probably buy up properties for which no suitable alternative locations were mentioned, then hold the phone company hostage for a high price.

After finding the RFPs and bids of a small consulting firm working for several government agencies, it hit me. Most large companies have security measures to prevent data leaks, but they work with many small suppliers and partners, entrusting them with confidential data. And it was mostly these small businesses, probably without any IT support or formal security policies, that were leaking the large companies' data.

Based on what I was able to find with simple tools in a short time, it's clear that there's really a lode of important corporate data coursing through P2P networks. It's essential that companies not just implement strong policies and pre- ventive measures covering their own computers and networks, but also address those used by employees at home and the practices of partners and suppliers.

Avi Baumstein is an information security analyst at the University of Florida's Health Science Center.
Write to him at

Photograph by Erica Berger

Return to the story:
Your Data And The P2P Peril

2 of 2
Comment  | 
Print  | 
More Insights
Register for InformationWeek Newsletters
White Papers
Current Issue
InformationWeek Elite 100 Digital Issue, April 2015
The 27th annual ranking of the leading US users of business technology
Twitter Feed
InformationWeek Radio
Archived InformationWeek Radio
Join us for a roundup of the top stories on for the week of April 19, 2015.
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.