Network Security & Hardware - eWeek


Battery 500 Project Charged Up over All-Electric Cars
Charting the Final Frontier--Google Maps for Indoors
Get Smarter Technology on Your Mobile!
  Network Security & Hardware


Cyber-criminals Use P2P Tools for Identity Theft, Security Analyst Warns



 By: Chris Preimesberger
2006-06-23
Article Rating:starstarstarstarstar / 2


There are 0 user comments on this Network Security & Hardware story.


Rate This Article:
Poor Best
Peer-to-peer networks aren't helping to quell the increase in crimes committed via the Internet, a nationally recognized cyber-security specialist says.

EAST PALO ALTO, Calif.—Cyber-criminals are multiplying quickly and becoming more sophisticated in the ways in which they take advantage of unwitting Internet individual users and companies, a nationally recognized cyber-security specialist told an SD Forum seminar audience June 22.

And peer-to-peer networks such as Limewire, Kazaa, Grokster and others arent helping to quell the increase in crimes committed via the Internet, he said.

"It used to be only burglaries from peoples homes and businesses," said Howard Schmidt, a former cyber-security adviser to the Bush administration, former chief information security officer at Microsoft and eBay, and now a principal in R&H Security Consulting in Issaquah, Wash.

"Those still happen, of course, but now, its so much more lucrative to break into peoples online information and steal someones identity, that a lot of bad people around the world are spending an awful lot of time learning to do it."

Schmidt, a co-architect of the national cyber-security policy presented to the presidents Critical Infrastructure Protection Board in 2003 by himself and then-Homeland Security Secretary Tom Ridge, prefers to call the Internet the "Evernet" and points to careless or ignorant use of P2P applications as a major part of the current identity theft problem.

Resource Library:
Click here to read more about the dangers of P2P.

The term Evernet has been used to describe the convergence of wireless, broadband and Internet telephony technologies that will result in peoples ability to be continuously connected to the Web anywhere using virtually any information device.

"We are connected today like weve never been connected before," Schmidt said.

"We depend on the Evernet like nothing we have before. And nobody—I repeat—nobody has privacy. Ever opened one of those offers to see your free credit report? If you havent, do it. You may be surprised to find whats in there, whether its right or wrong. And youre not the only one who can get to it, either. Its amazing how much information is available to anybody who really wants to look for it."

People who use P2P applications to download music, software, photos and other items may leave themselves wide open to identity theft by simply being unaware of their computer settings. Its like leaving the front door wide open for a burglar, Schmidt said.

"For example, one womans credit-card information was found in such disparate places as Troy, Mich., Tobago, Slovenia, and a dozen other places. Why? We found that the shared folder in her music-downloading application was in fact making readily available her entire My Documents folder to that apps entire P2P audience, 24 hours per day," Schmidt said.

Cyber-criminals are becoming more sophisticated about how to use search—especially within these P2P apps, Schmidt said.

"Were not just searching for music," Schmidt said with a laugh.

Simply by typing in common search terms such as "bank May statement," "stop payment," and others in Limewires search function, for example, valuable personal information is often getting into the wrong hands, enabling cyber-looting.

Another problem area involves online health records, Schmidt said.

"In one case of this sort, a criminal searched for and found 117,000 medical-record passwords—just by knowing how to search in a P2P app on the Web," Schmidt said.

For advice on how to secure your network and applications, as well as the latest security news, visit Ziff Davis Internets Security IT Hub.

Medical records by their very nature contain a great deal of information besides a persons health and medicine history; they include addresses, phone numbers, Social Security numbers, payment information, insurance information and much more, he said.

What can be done about closing these online security gaps?

Schmidt said there is a five-point national program in place for securing cyberspace:

  • a national cyberspace task force to track virus creators around the world;
  • a Threat and Vulnerability Reduction Program aimed at developers, "so that they will become more aware of writing tighter code and self-healing applications that will eventually be able to take care of these problems by themselves," Schmidt said;
  • a national awareness and training program, to teach people how to be more cognizant of their own security issues;
  • a Secure Government Systems program that works with U.S. government value-added resellers to raise awareness of these issues; and
  • an international cooperation program for all of the above.

"There are now an estimated 840 million regular users of the Evernet," Schmidt said.

"Itll be up to 1 billion by next year. All those users cant do their security all by themselves—they need all the help they can get."

Check out eWEEK.coms for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEK.com Security Center Editor Larry Seltzers Weblog.



  Reader Comments: Cyber-criminals Use P2P Tools for Identity Theft, Security Analyst Warns
>>> Be the FIRST to comment on this article!
 

 
 
>>> More Network Security & Hardware Articles          >>> More By Chris Preimesberger
 


xv6(;^+(g٦xvKY-wk"[KݞwҢHHbLK?{8UMZӳOwb["PU( {$3!9)ٟ0O,zIj}ݻPAeFAUM7 JԶO7RM3i /4w7GlJ{'AT{j" xL5 ΚMH}ٚ7'x2)Xm$8z@'AjZw$6m(GJ{8KE!@׶cշ8>vP ߩUaÙO,}!*{>"e%k4݋ʏIGO(ɀYFz.Qu^V∌l׸ڮUX'[vR䅰Q(0F.Č/t#wJ;qy'Mr'f\Ñc7PpmׇVKTq3c}fݷt#Է@:S1)æI/#!꿩 ¥0~J V#vRe[]65]Gq;ݹcoE-2'l"R ?q7`JaCJ&5\_-׉"Sˑ,ft0eʆ}{ʡVWR\=Tʇ}`[©;ho~U)E@Blݹڎ6жF^׵vCq9{rvɣ b'H H7&LT*jZ*L@aBjLd:AXsr\獒A7nJ|XX+).c#-b|+0#ƌ_8rri gsKrоd>pri#|c9̠jPEf+52h^uܜ<_st.z7}r޻&gOvY; i fɗVk!-z??lrG,.iTW%32g6Ǔn$Y)K X-t[ۗRH }yp-? ,_0f k$LJF e":u PsƚfCt-Mn #dh&έFh- @ho*K>Lr &@Sk~$GM\sb.L22z)6-`i˫ TE嗋mESq>]Q4{3Bɝ`g@ɋ BD4?CC0!pl/\~L.ÓQwڪ9Q[ k+\M}0eя1-+}י4ۭ_.=t[0*>cq4Y`I-. \Է7Z01ß}52o+r%(NMf[ԑplPòǔIz=<g 6aϨ>|鎓z>:AGAtišh4?XnL-rӇtw@.~N{ݧn]?&tno/*AbG& ahh5 !F#m &>ql8d$(s>w[L,0( I#=ˋ0P6  2/?>aCxwݐA̞,jh8Yw$З^s_o2ES|Tn^ßf1_w\ճ&AB glC(b'pCfq^uiC@i6[Kͦ[1Tەa]jk-R:?![q5o|a׼1F]RYJKHDlHfc/XKkezlEMD*ô7еۡ`5p?\ReZȔm%yt~W4Eka^.<kp6X"@@7wM)kT!kT^GΧyд]"|> 7S=dgH~qf:>OH) zS7HpFa)e-'UmTHb|PFȸhFqm@XĞ/ϯm V!0\(zpT30`-e/6{ӞW+H>Z3@ٰZQJ~j"yd\s˰e0|j}]v)+ܸ^(yS+r! .Ц ֈiDU„,Zag #ؚyް<~lL4w"5w.Bā'h,pu,Tn]wbSIBo%E>5؉b]Tz@4dD pHE&A|Zhp  *Ozq -b (h bAzp3E+o `bIu?a1:C>5>z_=2dB4]Uf L|%`?<y3GGu"M."́<08h#2"􅞒_`n /I7a9Ln:RJ r=cte>ugc5NZ:<*Cz)cʜe/(SYmq'&F.҂^]fRvQLlvLTSdTRaƭrV/\f8C+`WRjjv L*Go&ŏh(urmv=HC~=բ,A%MTjjEIz, :wVkm`WPF4`W&{\x&\_sK(bo)Q^a T]Zx*+iQ/ dw! $&if q4;aʿ[&iYyڴiD@kXJ7eVV5XI0iuI+KZ 2aӣ>U}?*\%Iv3ҿn BGDo0|=^% R#Zִ2hw ĶVU %}D.,q=C IZP+),%~W9@` |ZUj rF22@BZNb.x<'߾b[D mpLaV*S7xoA!Rē#+cI`GUI8x J*1/ȟ-1=N п"}QL apفbßyc(m@ޏcﻛ)ilw9[#<d¼zODzΠӻ<|L>;? {=kq ,}U\qD*-}<:m~1LAIP 4 7=&Y#OeUs^0lg `yB蕓`лp.Z;Kߧn;&e[J:7]w9&!G,= YG#BvۭlFS̠o2XGz~0<㥑a+"m@TK}͙C9ki.Dz=t_5g0YT x#)ۯcoc8 Z`!1ߐtxPVc (ʱ=`` 鈳N .^k rm D785C*QW22EhiA&O{-xz|-r/HUɉڎ"^,})Fy*}y:}_exL+'B0g56IgO= $uSPC6C z?&Y^3_w jEާ5pZIS"9oթ-xOӖO|BQJ;THQ:Su?IkuYԺ[&͘#xI3:%Iib 5m$jZ3fj# $_:HI"v+6hl$lAW jSÚ]e /.\߹m|`L`ql)ZQ"|Nr a9mu@P)V<(m1> QZ4ղoeW!= \Cp0S`(#PTzaU&̱0@tH.\<;n{ WS漊eFon_apϲl^ta9b|;t='5]{ 1% /s3 {:`AO[up߁؁H*Er o5 &N˜аu|S5L`aE8F<.%-;-QL#g=rVwо&σIW$ tD#(o[7۸{.z|(=}!G&zE>qF.Zٿwo e's CNA}i^w7-UFᆎxB J~l/t6D(jEWc[{#9VȪ̅S.R؋'G#3~`q8-:`tH_/lFǵwD Z2fP:;f׍[qGecF0XoW{ U"t?h3i8~JMicVD)]Kĵ"v%KJIn,IQ)"{"F%t`5o14НLl*z>;-35&i 1N6;xo :l0̰@ b@Vf7\8 9SP`-ݺܭ)³$`DI@RgigA j(l ڄ0\f> V*OJWc+YT>9b_2Yl2d]}ױV4M9*yp&y&GE!,aRh/Qo)~EW%̩苪4mZM1tnb;]ٮGwҚQ2 {h~0[&'Lė2ϒZfCU%VEoYşn1 BK58pi^z. &:ӏJ8kZG0Xv XcRXklAFXkI'amb/Fψ/FKAډӫKix\U!XV ( )@0U' 5mk*uI)KZe[V)8Z O:;iadR&ڤ.,xn,0K D@8}8|@.vX7mks;1MMTSe+ΤהgĴ?'n64DǓtBآd Ex ܊ µM],mRʆeѥ3zGmC+RnJ=a !$]SPJJε)@PVsLd" cH0DUD+**tԫ,"H|뻯4e[=k ˵5+S)9=Y]Ăfaǜ .{}3A'^Þ_FDJvdMRJ9C3~S/^3G-X{qy7777wVTVy4W/EDAYk~;&Nx8"KΖ-Ef;о1#CH-Q{Al*IJُ|Kfex滺1%!0WS*]̹Cښ,*]A$b,"Y(H nf[KUȕԓ)|[\y$7A)eEZؗ.X&bzp{Ĉ8FȄC&ς/Adk-9>Nq|90R1,g/N@X)ҵ;K-k 1 KXl$0@$z/IaܩQymMi()USnI䅯y~jU_{έ;P"`sxBPj<]P 38x+3|Utu$\!Hp -FH[W$*Q bH! l߻OGB~ir6_,^{Ř;Y@ڱ]9OV'mv oS 919M%|WB4&_wig&NV꼙<].tN]Z46|j]s[> TSXɪڢ)۾ ]|&& hVp7E^ K`o~/B$MO$a0'w~G~!te}[1sߍ/ ]nwDf{9#̷@x/NM.`{RGk"1gx#HaM"BjF hoksۚ܀6d}}ªz)LVOtGX#9BURdAR4+~^*/@PϧN ^&( 4rQ[2S>:x N@sTN!@FKc%-++u IV:,>qwΛ=H^{|ïHONK!vpםI;QoT ?q$aJǨd.JV;bWrL]$Unޠ>*Zi);v!OKz;fnzrDR|7 =ƿ(/Woiu_$n{cTSZh~ul66&S<^iI-=ڶ/h P|F0-c ɢxQ|ȪhF̊>wt%mۼRCrWjp,șu ]c~CP2o2@44I/NlȢ&8Ǧp͒ьSqDg/zңXy"J"G+)z^&=_}ǜ,|Ms-EM~do^"Ҷ8~}ߒ`2FZNړYİO:XG~I8O:&dQ?(p Ao{I'Hr#tE<{쒖DЇQ>*F]{N9-( /*n?fGX*R^q dPb-@4#znv@]o?Q]я TmS_^|=iEYaZ0m+`GScWF%3z J 0CX^qS3&IB{~4Gcu\_SS[Zm[#rd! `,%7vEa_`8(ĒI |$h#8YL˃3^A=sf41%!]q>ƘKjt]VSR%J,w%[dLox?B鞐ք1bx*B 'UٜAGuk/DZ!դ9޵Hq5&@ mNhCy<Vz^3!X;b=Vڹ農q)y,ys&37:USy Ñ;McOnH)ϼp찌g?1R7W3%1lA&} lkTp*Cק6:̽OemMD0K*;JJEV^3tq='5*>5BYQ7jMP'bT5 :/}ZrY$XkO:Vga^N0wRʥz5y[f_,6K&Gf0Y.6飏ji'TJ m0;,soa>:(-^awUKpjY\- zvMh@JH 㽻WԄm% DXce؞Ntxљ H$Z۠[dнj 4Zu,u'b^o9f0؞bH3,9+#KxfVVTm}qV.k'ҔAJNa Awt1c<:Iߣg /Hk4Dad+nϪ5 TLlGLm W1ՔZvN۠{e 5kL(7?ǘ"xxaj aV gfٝ7gSٿ[!VWrѕC*3;mBlϦ!O"q2oV0%wAG>p2zSRU%=ahxqـjEl~%:tdKG6ɝN>&&s?w1g\NL!_K_߰VIm{d72[ $}n?Z,D1% I}ntem>zxX2bv-9k `.({ng}Ph0oH+bQ6uE)dػ0wCGE~g.clк|ŧtS_#m#!k^KΑf,6Vho~+J ԝ8p4.pgj5T%PH9 dU A_}&>K % ‚ 5"  B-n#BLk<3D װÞ1;my^p/$d%Ss%%H"V|8snj}J1lb_$F@s "PV: 1n Q&@Ԕu7SI8mL6 s`EPf00a|LoE}a~2?y :Qs̬Hzy6t(QS1U&F&,n rPh$`x=9aic>ta~X{SL Bh),f,՚RD&u]C !2,S=V1I3@]ÀUҠYU^&*Ӕ^*BI] / (HZ W}GCHIP`;fh]]u?5iv?O;WN]}>\;LLG_ͮ,Ǜ,# r~ٺh3;eNq(gM B*rKn:KwE 3@cqy^ Lۥ;'Q~tE_CĸҫSe0LGήO֖C|~ƫx]jy5sλژyӦ?h Jc>4 5N>Mo )nmH]hF&5+;vs_r_sʯzsi 8Sރ^N9r`sଝS~ 姛ρ>9yBCgsyC:9CL2/B~Ng( 9ak^ȃȡ">E9yyß(9_~O9CNߠo9P~S{3 ?9s w3~=/=?/WW9q_ s?}?P>'(W}Sn&&oonr/=IR<9k]T$RhK "S^9,.s'{'sg+i,]a芫-5n ǤZuvņ^_A5KHe^ۛLZ#GP/<.Y}Mʱ 4rk 7[yDYII{2}tEi>riDLwe<_[nNJ>s\ȜHǣWɴ&Vی 3ƼYAD1KAA0_w9ݧ,O5;H_ẽxĿ+NÙgݞރ}nC7fFn@x` ~iMogG\Fpyk;O΋kwյ ~3b 5y?'OtVf 4;) fi3q*7ýEy278 0׀[Nxj'܌3Xۧ;i7i__ë6{gd닰Yʪ9(Ѱ~HWEjorx s)螉 9jhN_i{@$ߛ,@$ R#ZִZjVU %k5 = E2&Q5YUdN*jURL3BAyG l]{ۦ̾ZCO3CX)ḇ̺nk %<tb9U|y3K aw8cokx;r$I ]{,(s[^Fel]B#Vyx;Vic 6%bn1vuʿ.гpȝG ? 3ɕByMܩ-ĪG9ШswˡB~22VHg'ՇoB 0 lJ//ݳGx#KQ,V. k`VϹer-c6O-5U,%w|t;NDkuErby0%60wHPcV}/"0 ;VWӄ.a+&s8*&-waEvHg샴s#i^zIMP-̸.ȼxL´kT?WmĴ`5H]㣭A{=4FӴo"9ݜţ:aѡ(Yc{XmD82s 2&6u;ݹɮ\ؓʞq}|8=;zlF"&]ݸ3CϤK5 D =bw1Y1L? Ѥ Id b2O|e'0OqA@Vf}^$u60H-x w-gny@>;os_`&<aOV,|v/G&`#׽~rh`=E(gQO \ѐ` W,){+1¢_i u ME\kυx{pJpxcʢvs0cT_AGR$ʙz-ă n}toyj&zu x$.7=k"1: gK“J'kw[oӅ^\D)R%&/{jw[E0Rۙ,`'/2^;'g\Xl=l%Q@EikI/?H3軉Wd쥽%}Yq v.}xFʫu\z$rnRV\wц|7(6؋|%O' ϿayH )t&Ig`NSA>X[c.,s(ŬBSd<)O'[nEG\<>ai$xyc<DO`7@#>&rd{Go/%]M:۳|?OGe Lt4/o90kn>7q$L i!zQˬ`+슧q?d|E#b[p!@pM5f*QTĻ KQ)Yj%xd㜙gm稥ŖWv:yDt] E hymӵx92 FWVJrX}P?)W:OOgsZh_Hv!,{QFbVC#q얢unD,lp/>cwϏq`2[﮳~ηp2$Ӿ82#" $$zIW{{Q0&iEȓl`Cv_)~ph;?҈YA wVǰ-XF!&ۅ ?O80Ux|-h\};X\e,8Lg񸜺ނ"?X=c1}0-X+0V_mkASkLeU|t#GYEL`&;]+ NJ߮9=O9N*BX6c?rCf *$7@˽ō]^g*a?:#/ah~q> /F"@Ԃ'g"e})IDy)/́/($3}E.tʢ^IQEeiAђuzg,!ջju.ߧ+e={`os g>p7*Ѡ,jU z' 4mEgl3W'J^R۽wz"f/ROa6%s|N1Kik^ϦO*L kq>lgLp -ϱeRZ`l/Z6*