Cyber-criminals Use P2P Tools for Identity Theft, Security Analyst WarnsBy Chris Preimesberger | Posted 06-23-2006
EAST PALO ALTO, Calif.Cyber-criminals are multiplying quickly and becoming more sophisticated in the ways in which they take advantage of unwitting Internet individual users and companies, a nationally recognized cyber-security specialist told an SD Forum seminar audience June 22.
And peer-to-peer networks such as Limewire, Kazaa, Grokster and others aren't helping to quell the increase in crimes committed via the Internet, he said.
"It used to be only burglaries from people's homes and businesses," said Howard Schmidt, a former cyber-security adviser to the Bush administration, former chief information security officer at Microsoft and eBay, and now a principal in R&H Security Consulting in Issaquah, Wash.
"Those still happen, of course, but now, it's so much more lucrative to break into people's online information and steal someone's identity, that a lot of bad people around the world are spending an awful lot of time learning to do it."
Schmidt, a co-architect of the national cyber-security policy presented to the president's Critical Infrastructure Protection Board in 2003 by himself and then-Homeland Security Secretary Tom Ridge, prefers to call the Internet the "Evernet" and points to careless or ignorant use of P2P applications as a major part of the current identity theft problem.
The term Evernet has been used to describe the convergence of wireless, broadband and Internet telephony technologies that will result in people's ability to be continuously connected to the Web anywhere using virtually any information device.
"We are connected today like we've never been connected before," Schmidt said.
"We depend on the Evernet like nothing we have before. And nobodyI repeatnobody has privacy. Ever opened one of those offers to see your free credit report? If you haven't, do it. You may be surprised to find what's in there, whether it's right or wrong. And you're not the only one who can get to it, either. It's amazing how much information is available to anybody who really wants to look for it."
People who use P2P applications to download music, software, photos and other items may leave themselves wide open to identity theft by simply being unaware of their computer settings. It's like leaving the front door wide open for a burglar, Schmidt said.
"For example, one woman's credit-card information was found in such disparate places as Troy, Mich., Tobago, Slovenia, and a dozen other places. Why? We found that the 'shared' folder in her music-downloading application was in fact making readily available her entire 'My Documents' folder to that app's entire P2P audience, 24 hours per day," Schmidt said.
Read the full story on eWEEK.com: Cyber-criminals Use P2P Tools for Identity Theft, Security Analyst Warns