Robert Siciliano Identity Theft Expert
Computerworld reports the House Energy and Commerce Committee passed the Informed P2P User Act, a law that supposedly makes it safer to use peer-to-peer, or P2P, file-sharing software. Yawn.
The bill now goes to the House for one more round of approval. If passed, the bill requires developers to explain to users how their files will be made available for sharing with others on a P2P network.
The bill would make it illegal for P2P developers to make software that causes files from a computer to be inadvertently shared over a P2P network without a user’s knowledge.
Peer to peer file sharing allows Internet users to access other P2P users PCs and share files such as music, movies, software, games, and documents. Unfortunately many people don’t set up P2P programs correctly and they end up sharing their most important files including bank records, tax files, health records, and passwords. This is the same P2P software that allows users to download pirated music, movies and software.
This can result in data breaches, credit card fraud and identity theft. I’ve seen numerous reports of government agencies, drug companies, mortgage brokers and others discovering P2P software on their networks after personal data was leaked.
In my own research, I have uncovered tax returns, student loan applications, credit reports and Social Security numbers. I’ve found family rosters which include usernames, passwords and Social Security numbers for entire family. I’ve found Christmas lists, love letters, private photos and videos (naughty ones, too) and just about anything else that can be saved as a digital file.
Information on a U.S. Secret Service detail for the First Family was discovered via P2P.
Even if P2P were made illegal, P2P file sharing is a wild animal that can’t be tamed. There are already millions of P2P programs in circulation that can easily be set up inappropriately, and plenty of developers flying under the radar programming from countries all over the world unregulated by the US government.
There are millions of PCs loaded with P2P software, and users/parents/employers are usually clueless about the exposure of their data. P2P offers a path of least resistance into a person’s computer, so be smart and make sure you aren’t opening a door to identity thieves.
Savvy users lock down P2P to prevent someone else from tooling around with thier settings. If your IT abilities are scant then:
- Don’t install P2P software on your computer.
- If you aren’t sure whether a family member or employee has installed P2P software, check to see whether anything unfamiliar has been installed. A look at your “All Programs Menu” will show nearly every program on your computer. If you find an unfamiliar program, do an online search to see what it is you’ve found.
- Set administrative privileges to prevent the installation of new software without your knowledge.
- If you must use P2P software, be sure that you don’t share your hard drive’s data. When you install and configure the software, don’t let the P2P program select data for you.
- Get a credit freeze. Go to ConsumersUnion.org and follow the steps for your particular state. This is an absolutely necessary tool to secure your credit. In most cases, it prevents new accounts from being opened in your name.
- And invest in Intelius identity theft protection. Not all forms of identity theft protection can be prevented, but identity theft protection services can dramatically reduce your risk.
Robert Siciliano, identity theft speaker, discusses P2P hacks on Fox Boston.