-
See the Archives
- May 2012
- April 2012
- March 2012
- February 2012
- January 2012
- December 2011
- November 2011
- October 2011
- September 2011
- August 2011
- July 2011
- June 2011
- May 2011
- April 2011
- March 2011
- February 2011
- January 2011
- December 2010
- November 2010
- October 2010
- September 2010
- August 2010
- July 2010
- June 2010
- May 2010
- April 2010
- March 2010
- February 2010
- January 2010
- December 2009
- November 2009
- October 2009
- September 2009
- August 2009
- July 2009
- June 2009
- May 2009
- February 2009
-
Filter by Category
- Business at risk
- Citadel in the news
- Citadel Information Security Guides
- Citadel: Guide to Blog
- Citadel: Thinking about Security
- Cloud Security
- Combatting Cybercrime
- Consumers at risk
- Cost of Cybercrime
- Cost of Piracy
- Credit card fraud
- Culture Change
- cyber security learning community
- Cyber Security Management
- Cyber War
- events
- Financial systems security
- Future of Cyberspace
- Healthcare
- Identity theft
- Information at Risk
- Insurance
- Internet badlands
- ISSA-LA
- Law Firms
- Legal
- Miscellany
- mobile banking
- mobile internet
- Mobile Security
- national security
- Not-for-Profit
- Online Privacy
- OWASP
- Privacy Matters
- Ray of Sunshine
- School security
- Security Alert: Vulnerability Management
- Security management
- Security Research
- Security Surveys
- Social Engineering
- Social networks
- Virtual Currency
Wikileaks Serves as Reminder of Dangers of Peer to Peer (P2P) Networks
A few days ago, the security firm Tiversa announced that Wikileaks obtained private and classified documents from peer to peer (P2P) networks. Tiversa, which specializes in monitoring P2P networks, stated that Wikileaks obtained a portion of the documents it released last November by searching popular file sharing services like Kazaa and Limewire—an allegation that Wikileaks vigorously denies. Notwithstanding, the security firm provides further evidence that many documents from earlier leaks were similarly sourced.
In an article from Wired Magazine, Tiversa CEO Robert Boback suggests that over the past several years, Wikileaks might have obtained up to half of its documents from popular music and file sharing networks.
We’ve warned against P2P networks on numerous occasions; this story brings the point home in a way with national security consequences. Assuming Tiversa’s findings are accurate, simple file searches on P2P applications have disclosed sensitive documents from organizations like the Pentagon and the Department of Defense.
It should serve as a reminder even to smaller organizations that allowing P2P software like Kazaa and Gnutella puts them at significant risk. The risk includes not just the loss of sensitive information, but subsequent legal and regulatory costs as well. It cost a company we know more than $150,000 to respond to an FTC investigation following the loss of employee social security numbers via a P2P leak.
It’s not enough for an organization to prohibit P2P. In the situation leading to the FTC investigation, social security numbers were lost when an employee with a P2P on his home computer accessed a corporate file from home.
Two Take Aways from WikiLeaks and P2P:
- Management should prohibit P2P applications at work.
- Management should make their employees aware of the dangers of P2P at home and deny remote access to a home computer unless there is assurance that there is no P2P software on the home computer.
