P2P file sharing 2008’s greatest identity theft threat?
According to the Identity Theft Assistance Center (ITAC), throughout 2008 “criminals will continue to exploit new technologies to commit identity theft.” At the top of their list of “major event” security breaches from 2007 is a case involving a peer-to-peer (P2P) file sharing network. The SANS Institute has identified file sharing applications as one of the most crucial internet security vulnerabilities.
Kids & Digital Content reports that 70 percent of kids ages 9 through 14 are downloading digital music and The NPD Group has stated, “high levels of illegal peer-to-peer (P2P) file sharing” are attributed as the source of those downloads.
The problem with many of the P2P applications is that they often lead to an individual sharing everything on his or her computer! Last month, Mary Engle of the Federal Trade Commission stated, “We’re concerned that consumers may accidentally share folders that contain private documents that they don’t intend to share.” The danger here is clear, as it is commonly acknowledged that criminals now troll file sharing networks for the sole purpose of finding sensitive data that can be used to commit identity theft.
Some examples of p2p problems concerning identity theft:
September 2007 — Over 5,000 social security numbers and other personal information on customers of Citigroup’s ABN Amro Mortgage Group were exposed over a P2P file sharing network. A former business analyst joined a file sharing network where people trade music and video. Work-related information that she had downloaded onto her personal computer was inadvertently shared.
June 2007 — Over 17,000 social security numbers of current and former Pfizer employees were exposed by a laptop owned by Pfizer and used by an employee. The employee’s spouse used a P2P file sharing program and inadvertently shared documents containing the personal information.