P2P Networks Turn Up Sensitive Corporate, Government Documents - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.


P2P Networks Turn Up Sensitive Corporate, Government Documents

A House committee hearing shows that the security dangers of file sharing over peer-to-peer networks is still a major problem.

The House Oversight and Government Reform committee thought a hearing it held four years ago about the security dangers of file sharing over peer-to-peer networks had sufficiently addressed the problem. Clearly it hadn't. The committee convened a follow-up hearing Tuesday after an informal investigation into P2P security recently turned up files containing the corporate strategies of Fortune 500 companies, military operation orders, and other sensitive information.

The committee had a strong interest in "national security and leaks bubbling out of the government," Eric Johnson, director of Dartmouth's Glassmeyer/McNamee Center for Digital Strategies and a professor of operations management at Dartmouth's Tuck School of Business, told InformationWeek after testifying before the committee Tuesday.

Some members of the committee want to crush P2P file sharing out of existence, "but that game has been played and there are only two large players left in North America," Johnson said, referring to LimeWire and Morpheus. "Most of the others come from outside the U.S., so shutting them down is not a really viable approach."

The primary outcome of the hearing is that committee members are starting to better understand the security risks that arise when government and business workers engage in file sharing from computers that contain sensitive information. "Today's hearing was one of saying, look, this problem has been around for a few years and it's getting worse," Johnson said. "There are a lot of government and corporate documents leaking out, and we need to do something."

Committee members know this first hand. Using the LimeWire P2P program, committee staffers ran a series of basic searches prior to Tuesday's hearing. "What we found was astonishing: personal bank records and tax forms, attorney-client communications, the corporate strategies of Fortune 500 companies, confidential corporate accounting documents, internal documents from political campaigns, government emergency response plans, and even military operation orders," committee chairman Rep. Henry Waxman, D-Ca., said to open the hearing. "All these files were found in unpublished, Microsoft Word document format. All were found in limited searches over the past month. It is truly chilling to think of what private information an organized operation or a foreign government could acquire with additional resources."

Robert Boback, CEO of Tiversa Inc., which provides technology for monitoring P2P networks, testified Tuesday that his company has come across numerous sensitive documents freely available through P2P networks. This includes a corporate disclosure by an attorney whose clients are the world's largest pharmaceuticals manufacturers. The document "disclosed 436 sensitive and confidential files related to those clients," Boback said. This information included pending litigation.

One of the documents Tiversa found, dated April 2007, labeled "confidential," and addressed to Waxman and the committee's ranking member Rep. Tom Davis, R-Va., "appears to address questions regarding drug trials" of a particular pharmaceutical company, Boback said, adding, this is a "clear example of extended enterprise risk."

One of the problems with controlling P2P networks is that it's hard for many people to understand how it works, Johnson said. "So getting clear in their minds what it is and why it's a threat was one of the more successful outcomes of today." Johnson speculates that, as the government comes to better understand this issue it will enforce existing restrictions against putting government data on personal computers, particularly those accessible via P2P networks.

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
State of the Cloud
State of the Cloud
Cloud has drastically changed how IT organizations consume and deploy services in the digital age. This research report will delve into public, private and hybrid cloud adoption trends, with a special focus on infrastructure as a service and its role in the enterprise. Find out the challenges organizations are experiencing, and the technologies and strategies they are using to manage and mitigate those challenges today.
8 AI Trends in Today's Big Enterprise
Jessica Davis, Senior Editor, Enterprise Apps,  9/11/2019
IT Careers: 10 Places to Look for Great Developers
Cynthia Harvey, Freelance Journalist, InformationWeek,  9/4/2019
Cloud 2.0: A New Era for Public Cloud
Crystal Bedell, Technology Writer,  9/1/2019
Register for InformationWeek Newsletters
Current Issue
Data Science and AI in the Fast Lane
This IT Trend Report will help you gain insight into how quickly and dramatically data science is influencing how enterprises are managed and where they will derive business success. Read the report today!
White Papers
Twitter Feed
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Sponsored Video
Flash Poll