Beware P2P Networks With A Tunnel To Confidential Data

Peer-to-peer networks could be more than a nuisance in the workplace, they might also be providing cyberthieves with a tunnel into your most confidential data. So says a new study of corporate data leaks released Tuesday by Dartmouth business school researchers.

"Many of the biggest breaches in recent years were inadvertent disclosures," says Eric Johnson, professor of operations management at Dartmouth's Tuck School of Business and director of the school's Glassmeyer/McNamee Center for Digital Strategies. Johnson co-authored the study along with Scott Dynes, a senior research fellow at Dartmouth's Institute for Security Technology Studies.

One of the major problems, they found, was that users were insufficiently protecting their files and data from peer-to-peer networks. "Like most people I talked to, I underestimated the scope of the problem," Johnson told InformationWeek. "The kinds of leaks coming out of these organizations would make their hair stand on end, in terms of both the amount and type of information leaked."

The Dartmouth study notes that there are an estimated 10 million users sharing music, video, software, and photos over peer-to-peer networks, up from about 4 million in 2003. This doesn't even include BitTorrent, a popular peer-to-peer application for video files that's difficult to monitor. Meanwhile, efforts by ISPs, corporations, and copyright holders to limit peer-to-peer through technology (such as site blocking, traffic filtering, and content poisoning) or through the courts (the most notable being the Recording Industry Association of America prosecution of individual users and file sharing firms) have prompted peer-to-peer developers to create decentralized, encrypted, anonymous networks that can find their way through corporate and residential firewalls.