The Dangers of Peer 2 Peer Software

It seems people still don’t get it.  Those nifty little peer 2 peer (P2P) applications that allow you to download free music also allow others to download music or any other type of file from your machine.  This includes files containing sensitive information such as SSNs, bank information, medical records and virtually anything else stored on your hard disk.  P2P software such as Limewire, Kazaa, Bearshare and BitTorrent can allow anyone access to any file on your computer that is being shared by the application.  And by default, these applications are rather generous in what they decide to share, often including everything under the My Documents folder.

In order to demonstrate the ease with which one can find and download documents with sensitive information using P2P software, I fired up Limewire and performed a document search for files with the string “tax” in the name.  In a matter of minutes it had found hundreds of documents including a PDF file that looked like it might be a tax return.  I downloaded it and after opening it up I was staring at the 2007 United States tax return of someone from Louisiana who was unknowingly sharing this file with the entire online world. 

And in case you think I have just let the cat out of the bag, I only wish this were true.  In fact this tactic has been known for several years and certainly anyone willing to commit identity theft already knows how to search for sensitive documents in this manner.  So take heed.  The best defense is not to install P2P software in the first place and if you already have it installed, remove it.  You shouldn’t be downloading music and movies illegally anyway, right?  If you have an actual need for one of these applications be sure to restrict what it shares so that you don’t end up fighting to regain your identity.

Comments are closed.