Our P2P Investigation Turns Up Business Data Galore - InformationWeek
Business & Finance
11:15 AM

Our P2P Investigation Turns Up Business Data Galore

We search the Gnutella network and find hordes of personal and business information that could ruin more than a few lives and give lots of companies PR nightmares.

As I honed my technique, I got more reliable results. The search term "minutes" led me to what looked like the computer of a highly placed staffer of a state political party. There were files with the home and cell phone numbers of senators, confidential meeting notes, and fund-raising plans.

I came across a veterinary clinic, with listings of pets and their owners' billing information. A medical office revealed spreadsheets listing patients' names along with their HIV and hepatitis status. Wow. In between the vacation photos, there were piles of resumés, and one computer had a slew of court documents regarding a sticky divorce.

Among all this, a pattern emerged. Someone was sharing a large number of design specifications and orders for clothing, each labeled with the major retailer that had ordered the designs, along with correspondence between the suppliers and factories concerning the orders.

Another person appeared to be the owner of a cell-tower consulting firm. In front of me were files with site surveys and feasibility studies of various tower locations for several national carriers. Were I so inclined, I could probably buy up properties for which no suitable alternative locations were mentioned, then hold the phone company hostage for a high price.

After finding the RFPs and bids of a small consulting firm working for several government agencies, it hit me. Most large companies have security measures to prevent data leaks, but they work with many small suppliers and partners, entrusting them with confidential data. And it was mostly these small businesses, probably without any IT support or formal security policies, that were leaking the large companies' data.

Based on what I was able to find with simple tools in a short time, it's clear that there's really a lode of important corporate data coursing through P2P networks. It's essential that companies not just implement strong policies and pre- ventive measures covering their own computers and networks, but also address those used by employees at home and the practices of partners and suppliers.

Avi Baumstein is an information security analyst at the University of Florida's Health Science Center.
Write to him at abaumstein@nwc.com.

Photograph by Erica Berger

Return to the story:
Your Data And The P2P Peril

2 of 2
Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
How Enterprises Are Attacking the IT Security Enterprise
How Enterprises Are Attacking the IT Security Enterprise
To learn more about what organizations are doing to tackle attacks and threats we surveyed a group of 300 IT and infosec professionals to find out what their biggest IT security challenges are and what they're doing to defend against today's threats. Download the report to see what they're saying.
Register for InformationWeek Newsletters
White Papers
Current Issue
IT Strategies to Conquer the Cloud
Chances are your organization is adopting cloud computing in one way or another -- or in multiple ways. Understanding the skills you need and how cloud affects IT operations and networking will help you adapt.
Twitter Feed
InformationWeek Radio
Archived InformationWeek Radio
Join us for a roundup of the top stories on InformationWeek.com for the week of November 6, 2016. We'll be talking with the InformationWeek.com editors and correspondents who brought you the top stories of the week to get the "story behind the story."
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Flash Poll