DISCLAIMER: Logging other people's keystrokes or breaking
into other people's computer without their permission can
be considered illegal by the courts of many countries.
The monitoring software reviewed here is ONLY for authorized
system administrators and/or owners of computers.
We assume no liability and are not responsible for any misuse
or damage caused by the keylogging software. The end user of
this software is obliged to obey all applicable local, state,
federal and other laws in his country of residence.
July 10, 2008
File-sharing breach at investment firm highlights dangers of P2P networks -- again
Wagner Resource Corp. recently learned the hard way what Pfizer Inc. and many other companies have similarly discovered in the past: installing peer-to-peer file-sharing software on corporate computers is a bad idea.
The Alexandria, Va.-based investment firm last week had to notify about 2,000 of its clients that their names, Social Security numbers and birthdates had potentially been exposed on the LimeWire P2P network, according to a story published Wednesday by The Washington Post. Among the individuals whose personal data was exposed in the Wagner compromise was Supreme Court Justice Stephen Breyer, according to the Post.
Wagner didn't immediately respond to a request for comment about the incident. But the Post reported that the compromise resulted from the use of LimeWire's file-sharing software by a Wagner employee. The employee apparently downloaded the software to his company-issued PC last year, so he could share music and other media files with fellow LimeWire users. But the software ended up exposing all of the contents on the employee's computer to other users of the P2P network.
The Post said that the leak wasn't discovered until last month, when one of its online readers found the data about Wagner's clients while using the LimeWire network.
Breaches such as the one at Wagner highlight the continuing dangers that companies face from employees using P2P software on their work computers, said Christopher Gormley, chief operating officer at Tiversa Inc., a Cranberry Township, Pa.-based P2P network monitoring firm that Wagner has hired to try to help it mitigate the data leak.
The P2P software offered on networks such as LimeWire and Kazaa is designed to help users easily share media files, and to aid them in finding files on the computers of other users. The problem is that if P2P users aren't careful, the software can expose not just the media files they want to share but almost everything else on their computers.
Numerous organizations have suffered data leaks as a result of such carelessness. Last year, for instance, the personal data of about 17,000 Pfizer employees was exposed after an employee installed unauthorized P2P software on her laptop. And at a Senate hearing last year, lawmakers heard testimony from several witnesses about the abundance of classified government and military documents as well as corporate data freely available on P2P networks.
The data said to be available included a full diagram of the Pentagon's secret backbone network infrastructure, complete with IP addresses and password-change scripts; contractor data on radio-frequency manipulation techniques for dealing with improvised explosive devices in Iraq; the complete minutes of a board meeting held at a large financial services company; and the detailed launch plan of a start-up company, complete with growth targets and other business forecasts.
Despite such examples, and the fact that the dangers of P2P networks have been talked about for several years now, there continues to be an almost startling lack of awareness of the threat that file-sharing software can pose to corporate data, Gormley said.
"There's a lack of awareness across the board," he said. Few companies know about either the need for or the existence of controls for preventing P2P data leaks from occurring, according to Gormley. In addition, companies often have a poor idea of the amount of sensitive data that is being taken beyond their network perimeters on corporate laptops or systems belonging to contractors, service providers and business partners, he said.
Further exacerbating the problem, Gormley said, is the increased searching and scouring of P2P networks by cybercriminals looking for data they can use to commit fraud or espionage. On average, about 1.5 billion searches take place on P2P networks daily compared to 180 million on Google, he claimed, adding that a growing number of the searches are being done for malicious purposes. Gormley said that Tiversa also has noticed the emergence of several data aggregators whose sole purpose seems to be collecting information on P2P networks for their own illegal uses or to resell to other miscreants.
The key to limiting P2P exposures is to have not just the proper controls in place but also policies for enforcing them, said Phil Neray, a vice president at database security software vendor Guardium Inc. in Waltham, Mass. It's hard to completely prevent employees from downloading P2P software, because some people will find a way around the controls, Neray said. So, he added, the focus should be more on monitoring and filtering the content that is traveling into and out of corporate networks, in order to stop sensitive data from leaking out.
Source: ComputerWorld
All news for October, 2008
All news for 2008 year
All news for 2007 year
All news for 2006 year
All news for 2005 year
All news for 2004 year
DONATION: Keylogger.org is an independent research
project supported by a team of enthusiasts. If you find this
project useful or would like to help foster its continued
development please consider making a donation using PayPal`s
online secure payment service. A PayPal account is not required.
All major credit cards are accepted (MasterCard/Eurocard,
Visa/Delta/Electron, American Express, Switch/Maestro, Solo).
Simply click the button below.
Any amount would be useful and appreciated!
Thanks in advance for your support!
|
