A man in Seattle has been sentenced to three years in prison for identity theft. Identity theft requires, obviously, personal information. There are many ways of getting this information, but in the case of the Seattleite, he used Limewire, a file-sharing application. An easy way to counter such data breaches is via the use of document encryption software like AlertBoot. (An even easier way would be not to use P2P software, but we’ll assume that’s not an option.)
How the Seattleite Got Caught
The man mentioned above, Frederick Wood, searched for words like “tax return” and “account” in Limewire, which returned any files that were set to be shared on other people’s computers. He also did searches for college financial aid applications. I imagine that he also did searched for other obvious terms such as “finance,” “portfolio,” and “stocks.”
He probably would have gotten away with it if it had not been for a relatively stupid mistake: he sold someone on Craigslist a computer. Once the buyer opened the box, he found books and a vase. He alerted the police, and they took Wood in. Subsequent investigations showed that Wood was involved in more than selling fictional computers.
Had it not been for the above, there’s a good chance that Wood would never have been caught.
Data Breaches Via P2P Software
So, how do these breaches occur? And what’s a P2P program? A P2P application allows individual computers to share contents. Essentially, anyone is able to gain access to the contents of your computer. If you let them, that is.
When installing and setting up a P2P file-sharing program on your computer, one of the steps (usually) is to select which folders are available for sharing. In the past, the default option was to share everything in on a computer, or everything in a often-used folder, say, the “My Documents” folder–and people would just click through it without looking at what they were doing.
This was a great way to seed a disaster because plenty of people also saved all of their files to “My Documents,” the default folder for saving filed in the Windows Operating System. And, of course, sharing everything on a computer was even worse, since it would give random strangers access to data saved outside of the My Docs folder.
Nowadays, due to instances like the above–which happens a lot: even information related to the President’s security have been found in P2P networks–the usual default settings are not to share data except for the ones you download from the network itself.
But that doesn’t stop breaches from happening, even corporate ones.
File Encryption – Protecting Sensitive Data
As I mentioned at the beginning of this post, one of the best and easiest ways of preventing a P2P-based breach is to not use P2P to begin with. While there are legitimate reasons for using P2P, I’d have to agree that most people use it for pirating content, be it music and movies or something else. Within a company, I’d say that generally there isn’t a need for P2P software (I assume that an internal LAN is available and would take care of any needs for distributing electronic documents).
But, even if P2P apps are banned from corporate computers, the reach of a company cannot extend beyond its walls. What if an employee sends some sensitive files to his personal e-mail account, so he can do a little extra work from the comfort of his home?
He downloads the attachment to a folder that is set to have its contents shared via P2P.
One way to get around such a scenario would be to encrypt files if the file contains sensitive information–a payroll document, or maybe the latest recipe for the next blockbuster food to be marketed around the globe.
By encrypting files, it doesn’t matter if the files end up being available via a website, on a P2P network, or stored in a stolen USB memory stick, since the data will remain safe.
Related Articles and Sites: