News
News
7/25/2007
08:45 AM
Connect Directly
RSS
E-Mail
50%
50%
Repost This

P2P Networks Turn Up Sensitive Corporate, Government Documents

A House committee hearing shows that the security dangers of file sharing over peer-to-peer networks is still a major problem.

The House Oversight and Government Reform committee thought a hearing it held four years ago about the security dangers of file sharing over peer-to-peer networks had sufficiently addressed the problem. Clearly it hadn't. The committee convened a follow-up hearing Tuesday after an informal investigation into P2P security recently turned up files containing the corporate strategies of Fortune 500 companies, military operation orders, and other sensitive information.

The committee had a strong interest in "national security and leaks bubbling out of the government," Eric Johnson, director of Dartmouth's Glassmeyer/McNamee Center for Digital Strategies and a professor of operations management at Dartmouth's Tuck School of Business, told InformationWeek after testifying before the committee Tuesday.

Some members of the committee want to crush P2P file sharing out of existence, "but that game has been played and there are only two large players left in North America," Johnson said, referring to LimeWire and Morpheus. "Most of the others come from outside the U.S., so shutting them down is not a really viable approach."

The primary outcome of the hearing is that committee members are starting to better understand the security risks that arise when government and business workers engage in file sharing from computers that contain sensitive information. "Today's hearing was one of saying, look, this problem has been around for a few years and it's getting worse," Johnson said. "There are a lot of government and corporate documents leaking out, and we need to do something."

Committee members know this first hand. Using the LimeWire P2P program, committee staffers ran a series of basic searches prior to Tuesday's hearing. "What we found was astonishing: personal bank records and tax forms, attorney-client communications, the corporate strategies of Fortune 500 companies, confidential corporate accounting documents, internal documents from political campaigns, government emergency response plans, and even military operation orders," committee chairman Rep. Henry Waxman, D-Ca., said to open the hearing. "All these files were found in unpublished, Microsoft Word document format. All were found in limited searches over the past month. It is truly chilling to think of what private information an organized operation or a foreign government could acquire with additional resources."

Robert Boback, CEO of Tiversa Inc., which provides technology for monitoring P2P networks, testified Tuesday that his company has come across numerous sensitive documents freely available through P2P networks. This includes a corporate disclosure by an attorney whose clients are the world's largest pharmaceuticals manufacturers. The document "disclosed 436 sensitive and confidential files related to those clients," Boback said. This information included pending litigation.

One of the documents Tiversa found, dated April 2007, labeled "confidential," and addressed to Waxman and the committee's ranking member Rep. Tom Davis, R-Va., "appears to address questions regarding drug trials" of a particular pharmaceutical company, Boback said, adding, this is a "clear example of extended enterprise risk."

One of the problems with controlling P2P networks is that it's hard for many people to understand how it works, Johnson said. "So getting clear in their minds what it is and why it's a threat was one of the more successful outcomes of today." Johnson speculates that, as the government comes to better understand this issue it will enforce existing restrictions against putting government data on personal computers, particularly those accessible via P2P networks.

Comment  | 
Print  | 
More Insights
The Agile Archive
The Agile Archive
When it comes to managing data, donít look at backup and archiving systems as burdens and cost centers. A well-designed archive can enhance data protection and restores, ease search and e-discovery efforts, and save money by intelligently moving data from expensive primary storage systems.
Register for InformationWeek Newsletters
White Papers
Current Issue
InformationWeek Government, May 2014
NIST's cyber-security framework gives critical-infrastructure operators a new tool to assess readiness. But will operators put this voluntary framework to work?
Video
Slideshows
Twitter Feed
Audio Interviews
Archived Audio Interviews
GE is a leader in combining connected devices and advanced analytics in pursuit of practical goals like less downtime, lower operating costs, and higher throughput. At GIO Power & Water, CIO Jim Fowler is part of the team exploring how to apply these techniques to some of the world's essential infrastructure, from power plants to water treatment systems. Join us, and bring your questions, as we talk about what's ahead.