More threads by David Baxter PhD

David Baxter PhD

Late Founder
P2P networks threaten home PC security
By Jeremy Brilliant and Holly Stephen, NBC News
Oct 18, 2007

Media-sharing software loaded by kids can expose trove of financial data

INDIANAPOLIS - Users of peer-to-peer platforms, also known as P2P networks, may be under attack from entertainment lawyers policing copyright violations, but they can also be an easy target for identity thieves. And they may never know about it if it?s their kids who load the software.

Take the Olsons, a typical Indiana family: Christopher and Tami have three daughters, as well as a family dog.

The dog?s name can?t yet be found online, but everyone else?s can, thanks to security holes in popular P2P music downloading software. So can their birthdates and the family?s income and banking information.

?Unbelievable ... how did it get out there?? asked Tami Olson, who pays bills and does her taxes online.

The Olsons? private data were found through LimeWire, a software program used to download music and videos. Within a matter of minutes, two of the Olsons? tax returns were available.

?Well, this is our entire tax history. It?s going to have, I imagine, the Social Security number of my husband, myself and our three children right there,? Tami Olson said.

She was right. In addition to the family?s income, the data included banking and routing numbers.

With the expansion of broadband service making it easier to share large media files, more than 60 million Americans have downloaded and used P2P services like LimeWire and Kazaa, according to the Federal Trade Commission and the Electronic Frontier Foundation, a digital-rights group.

The Olsons? oldest daughter unknowingly exposed the family?s personal and financial records after downloading LimeWire. ?She didn?t really think there was anything wrong with that,? her mother said. ?I told them to get it off immediately because I have a lot of personal info out there.?

Total exposure
Many users don?t realize that when they use file-sharing software, they are putting their hard drives on the network, to be shared with anyone else using the network.

Users can specify what files are private, but many don?t, said Eugene Spafford, a computer science professor at Purdue University and executive director of the Center for Education and Research in Information Assurance and Security.

?One problem with peer-to-peer is getting the settings wrong and sharing your entire disk or your entire personal file system, rather than simply the files you think you?re sharing,? Spafford said.

?We?ve created a culture and an expectation that you just install the software and you never bother to read that license that comes up or the warnings that come up,? he said.

Spafford said the Olsons? story was not unique.

?Parents don?t understand the technology well enough to talk to their kids,? he said.

Security experts say it?s easy to exploit such vulnerabilities because data can be found through simple search strings, like ?[bank name] July statement? or ?[bank name] routing information.?

?Giving criminals the keys to your computer?
Just this month, a Seattle man was charged with identity theft in a case that illustrates just how glaring such vulnerabilities are.

The man, Gregory Kopiloff, used LimeWire, the same software used by the Olsons, to dig into hundreds of hard drives, prosecutors said. He was accused of harvesting tax returns and student aid forms from at least 83 people and buying $73,000 in merchandise through fake credit card accounts he set up using the data.

Investigators said most of the victims had teenage children and did not know the software was even on their computers.

?If you are running file-sharing software, you are giving criminals the keys to your computer,? Assistant U.S. Attorney Kathryn Warma said. ?Criminals are getting access to incredibly valuable information.?

Not fully understanding the P2P risks can also open the door for others to use your hard drive to hide evidence of their own crimes.

?If you?ve got a machine, do you know what?s in every directory on your machine?? Spafford asked. ?Probably not.

?These criminals will take those machines and store the contraband material on them, because they know if a warrant is served on their home and they?re found with that on their disk, they can be prosecuted.?

Getting hit with the news that you?re a victim of identity theft is becoming more common. The Federal Trade Commission says as many as 9 million Americans? identities are stolen every year.

So how do you protect your computer files from P2P identity theft? Know what?s installed on your computer, and take the time to look at the security settings.

Tami Olson said she had learned the lesson.

?Obviously, I?m going to be more careful about what I store in my computer,? she said. ?If my kids are going to download in the future, I want to be there. I want to read what they?re downloading.?

David Baxter PhD

Late Founder
More risks with P2P networks

Comcast blocks some Internet traffic
By Peter Svensson
Oct 19, 2007

Tests confirm data discrimination by number 2 U.S. service provider

NEW YORK - Comcast Corp. actively interferes with attempts by some of its high-speed Internet subscribers to share files online, a move that runs counter to the tradition of treating all types of Net traffic equally.

The interference, which The Associated Press confirmed through nationwide tests, is the most drastic example yet of data discrimination by a U.S. Internet service provider. It involves company computers masquerading as those of its users.

If widely applied by other ISPs, the technology Comcast is using would be a crippling blow to the BitTorrent, eDonkey and Gnutella file-sharing networks. While these are mainly known as sources of copyright music, software and movies, BitTorrent in particular is emerging as a legitimate tool for quickly disseminating legal content.

The principle of equal treatment of traffic, called "Net Neutrality" by proponents, is not enshrined in law but supported by some regulations. Most of the debate around the issue has centered on tentative plans, now postponed, by large Internet carriers to offer preferential treatment of traffic from certain content providers for a fee.

Comcast's interference, on the other hand, appears to be an aggressive way of managing its network to keep file-sharing traffic from swallowing too much bandwidth and affecting the Internet speeds of other subscribers.

Number two provider
Comcast, the nation's largest cable TV operator and No. 2 Internet provider, would not specifically address the practice, but spokesman Charlie Douglas confirmed that it uses sophisticated methods to keep Net connections running smoothly.

"Comcast does not block access to any applications, including BitTorrent," he said. Douglas would not specify what the company means by "access" ? Comcast subscribers can download BitTorrent files without hindrance. Only uploads of complete files are blocked or delayed by the company, as indicated by AP tests.

But with "peer-to-peer" technology, users exchange files with each other, and one person's upload is another's download. That means Comcast's blocking of certain uploads has repercussions in the global network of file sharers.

Comcast's technology kicks in, though not consistently, when one BitTorrent user attempts to share a complete file with another user.

Each PC gets a message invisible to the user that looks like it comes from the other computer, telling it to stop communicating. But neither message originated from the other computer ? it comes from Comcast. If it were a telephone conversation, it would be like the operator breaking into the conversation, telling each talker in the voice of the other: "Sorry, I have to hang up. Good bye."

Matthew Elvey, a Comcast subscriber in the San Francisco area who has noticed BitTorrent uploads being stifled, acknowledged that the company has the right to manage its network, but disapproves of the method, saying it appears to be deceptive.

"There's the wrong way of going about that and the right way," said Elvey, who is a computer consultant.

All types of content
Comcast's interference affects all types of content, meaning that, for instance, an independent movie producer who wanted to distribute his work using BitTorrent and his Comcast connection could find that difficult or impossible ? as would someone pirating music.

Internet service providers have long complained about the vast amounts of traffic generated by a small number of subscribers who are avid users of file-sharing programs. Peer-to-peer applications account for between 50 percent and 90 percent of overall Internet traffic, according to a survey this year by ipoque GmbH, a German vendor of traffic-management equipment.

"We have a responsibility to manage our network to ensure all our customers have the best broadband experience possible," Douglas said. "This means we use the latest technologies to manage our network to provide a quality experience for all Comcast subscribers."

The practice of managing the flow of Internet data is known as "traffic shaping," and is already widespread among Internet service providers. It usually involves slowing down some forms of traffic, like file-sharing, while giving others priority. Other ISPs have attempted to block some file-sharing application by so-called "port filtering," but that method is easily circumvented and now largely ineffective.

Comcast's approach to traffic shaping is different because of the drastic effect it has on one type of traffic ? in some cases blocking it rather than slowing it down ? and the method used, which is difficult to circumvent and involves the company falsifying network traffic.

The "Net Neutrality" debate erupted in 2005, when AT&T Inc. suggested it would like to charge some Web companies more for preferential treatment of their traffic. Consumer advocates and Web heavyweights like Google Inc. and Amazon Inc. cried foul, saying it's a bedrock principle of the Internet that all traffic be treated equally.

To get its acquisition of BellSouth Corp. approved by the Federal Communications Commission, AT&T agreed in late 2006 not to implement such plans or prioritize traffic based on its origin for two and a half years. However, it did not make any commitments not to prioritize traffic based on its type, which is what Comcast is doing.

The FCC's stance on traffic shaping is not clear. A 2005 policy statement says that "consumers are entitled to run applications and services of their choice," but that principle is "subject to reasonable network management." Spokeswoman Mary Diamond would not elaborate.

Free Press, a Washington-based public interest group that advocates Net Neutrality, opposes the kind of filtering applied by Comcast.

"We don't believe that any Internet provider should be able to discriminate, block or impair their consumers ability to send or receive legal content over the Internet," said Free Press spokeswoman Jen Howard.

Paul "Tony" Watson, a network security engineer at Google Inc. who has previously studied ways hackers could disrupt Internet traffic in manner similar to the method Comcast is using, said the cable company was probably acting within its legal rights.

"It's their network and they can do what they want," said Watson. "My concern is the precedent. In the past, when people got an ISP connection, they were getting a connection to the Internet. The only determination was price and bandwidth. Now they're going to have to make much more complicated decisions such as price, bandwidth, and what services I can get over the Internet."

Several companies have sprung up that rely on peer-to-peer technology, including BitTorrent Inc., founded by the creator of the BitTorrent software (which exists in several versions freely distributed by different groups and companies).

Ashwin Navin, the company's president and co-founder, confirmed that it has noticed interference from Comcast, in addition to some Canadian Internet service providers.

"They're using sophisticated technology to degrade service, which probably costs them a lot of money. It would be better to see them use that money to improve service," Navin said, noting that BitTorrent and other peer-to-peer applications are a major reason consumers sign up for broadband.

BitTorrent Inc. announced Oct. 9 that it was teaming up with online video companies to use its technology to distribute legal content.

Affecting others
Other companies that rely on peer-to-peer technology, and could be affected if Comcast decides to expand the range of applications it filters, include Internet TV service Joost, eBay Inc.'s Skype video-conferencing program and movie download appliance Vudu. There is no sign that Comcast is hampering those services.

Comcast subscriber Robb Topolski, a former software quality engineer at Intel Corp., started noticing the interference when trying to upload with file-sharing programs Gnutella and eDonkey early this year.

In August, Topolski began to see reports on Internet forum from other Comcast users with the same problem. He now believes that his home town of Hillsboro, Ore., was a test market for the technology that was later widely applied in other Comcast service areas.

Topolski agrees that Comcast has a right to manage its network and slow down traffic that affects other subscribers, but disapproves of their method.

"By Comcast not acknowledging that they do this at all, there's no way to report any problems with it," Topolski said.


I have never used P2P as I feel its like letting strangers enter your house and have a look around, you don't know why they are realy there and they can leave a bad mess for you to clean up later.

Or even worse hide behind the curtains and steel things when your not looking :hissyfit:


Although in reality you are not letting the person in your entire house but only the rooms that you choose. You select what areas they are allowed to enter and what they are allowed to see and it is not considered stealing if you put it in their view with a pamphlet that says "free...take one".

Just my way of looking at P2P networking.


I don't use P2P after having some serious problems with Kazzaa a few years ago. I don't like the thought of giving anyone access to any part of my computer anymore.
Replying is not possible. This forum is only available as an archive.