Tier-3 warns over P2P security threat, following Seattle arrest

1 min read

IT security specialist Tier-3 is warning file-sharing Internet users to be aware of the risks of their personal data falling into the wrong hands, following the arrest of a Seattle man in connection with allegedly using P2P networks to steal sensitive information.

Gregory Kopiloff was arrested in Seattle, Washington, accused of using the Limewire and Soulseek P2P networks to commit identity theft. Newswire reports say that he was arrested last Wednesday on charges of mail fraud, accessing a protected computer without authorisation and two counts of aggravated identity theft. If convicted, he faces up to 29 years in prison. “Although some peer-2-peer clients allow users to restrict the directories that they share with other P2P users, the fact that the bulk of P2P transmissions involve copyrighted materials means that the networks are a breeding ground for the criminal element,” asserts Geoff Sweeney, CTO of Tier-3. The company says the case should act as a stark warning to P2P file sharers, making the point that he is alleged to have remotely scoured users’ systems to look for income tax returns, student financial aid applications and credit reports. And it adds that the allegation that he appears to be have been able to cherry-pick only those people earning more than $150,000 suggests he had a wealth of user files to choose from. Sweeney suggests that file sharing client software is frequently updated and, during the update process, it is relatively easy to accidentally allow access to a PC, or an organisation’s entire data network, rather than just a few directories. “The fact that P2P file sharing is used to exchange copyright materials means that using the software and P2P websites is in a legally grey area,” he says. “I would urge any file sharers to think carefully about the possible security consequences of their actions before attempting to download the latest movies and music from the Internet. “The IT departments of organisations should also ensue that they enforce a policy on P2P file sharing to prevent employees from exposing themselves and their organisation to malware from cyber-criminals – or legal action resulting from infringing others copyright. The different types of threats facing modern IT managers are now so varied that a safety net approach – using behavioural analysis software – is now required to secure an IT system from the various attack vectors used by today’s hacker-criminals.”