WikiLeaks P2P Searching Claims Highlight File-Sharing Security Risks | eWeek

WikiLeaks P2P Searching Claims Highlight File-Sharing Security Risks

Écrit par
Brian Prince
Brian Prince
Jan 21, 2011
3 minute read
eWeek Le contenu et les recommandations de produits sont indépendants de la rédaction. Nous pouvons gagner de l'argent lorsque vous cliquez sur des liens vers nos partenaires. En savoir plus

Allegations against WikiLeaks have spotlighted a key avenue for data leaks: peer-to-peer (P2P) networks.

According to Tiversa, which specializes in monitoring P2P networks, WikiLeaks has mined popular applications such as Kazaa and LimeWire for data in the past-despite statements from WikiLeaks that it does not actively search for information. As an example, Tiversa contends that on Feb. 7, 2009, it detected four machines in Sweden searching and downloading information via P2P.

Those searches ultimately led to a computer in Hawaii with a survey of the Pentagon’s Pacific Missile Range Facility there, Bloomberg News reported. Tiversa reportedly captured the download of the PDF file by one of the Swedish computers. According to Bloomberg News, the document exposed details of infrastructure changes involved in adding a new sensor system. The document was reportedly renamed and posted on WikiLeaks in April 2009.

There were other examples as well, such as Army intelligence documents posted by WikiLeaks in 2009 that were exposed to searching on P2P networks in September 2008. Then there was a spreadsheet posted by WikiLeaks in late 2009 detailing potential targets of terrorism in Fresno County, Calif. The document was reportedly exposed accidentally by a California state employee in August 2008.

WikiLeaks denied Tiversa’s claims in an e-mail to Bloomberg News. Regardless, this was hardly the first time P2P networks were found to be home to sensitive information. In February 2010, the U.S. Federal Trade Commission notified nearly 100 organizations that personal information, including customer and employee data, had been shared from the organizations’ computer networks and was available on P2P file-sharing networks.

“The massive exposure of sensitive data on P2P networks is not a new issue; however, the awareness of its breadth is,” said Scott Harrer, brand director at Tiversa.

Organizations of every size need to be diligent about file-sharing use, he said, adding that large brands with armies of suppliers or a dispersed workforce need to have proactive tools in place to detect and mitigate data loss via P2P.

“Over 90 percent of the data disclosures that we see on P2P emanate from suppliers, partners and remote employees,” he said.

Some organizations look to data leak prevention (DLP) technologies to solve the problem.

“Historically, the way to deal with protecting against data leaks over P2P was simply to shut it down with old-style application control products,” said Robert Hamilton, senior product marketing manager for DLP at Symantec. “Now, with the consumerization of IT and the blending of work and personal life, it has become harder to simply turn off P2P. Increasingly, people are expecting and asking for access to P2P applications and are using them on personal time. So the new goal is to allow employees to use the P2P applications, just not with confidential data.”

There is however no shortage of organizations willing to ignore the issue of insider data loss or theft, said Mike Spinney, a senior privacy analyst at the Ponemon Institute.

“The focus is too much on technology and not enough on people,” he said. “In 2009 we did a study on data loss that occurs, for example, when employees are fired, laid off or voluntarily change jobs. It was very high. Fifty-nine percent of those with whom we spoke said they took information with them when they left a job.

“Granted, some people will do this anyway-they will regard proprietary information as their parting gifts-but for most people it wasn’t a malicious act but simple ignorance,” he continued. “They weren’t aware of any policy forbidding them from taking the information, and they felt entitled because they had a role in creating it. So, I can’t stress enough the importance of creating meaningful use and governance policies, communicating the policies effectively across all corporate strata, and enforcing the policies.”

eWeek Logo

eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site's focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

Propriété de TechnologyAdvice. © 2026 TechnologyAdvice. Tous droits réservés

Divulgation publicitaire : Certains des produits qui apparaissent sur ce site proviennent d'entreprises dont TechnologyAdvice reçoit une compensation. Cette compensation peut influencer la façon dont les produits apparaissent sur ce site, notamment l'ordre dans lequel ils apparaissent. TechnologyAdvice n'inclut pas toutes les entreprises ou tous les types de produits disponibles sur le marché.