Free Submission Public Relations & NewsPR-inside.com
 
DeutschEnglish

Get the latest news
with our RSS feed
rss feed
Add to My Yahoo!
More information
Finance

Sharing MP3s may mean sharing far more than just music


Print article Print article
Refer this article Refer to a friend
© AP
2007-06-06 21:23:52 -

NEW YORK (AP) - For consumers and banks wondering how sensitive information leaks out to identity thieves, the answer may be blowing in the «digital wind.
In two forthcoming studies, Eric Johnson, a professor at Dartmouth College's Tuck School of Business, warns that investors, bank employees and companies that do work for banks may be
releasing more than just music files on peer-to-peer file-sharing networks. They may be sharing their financial information, too. Even harmless searches can turn up those sensitive documents in a phenomenon Johnson calls «digital wind.
Johnson's studies, funded by grants from the U.S. Department of Homeland Security, looked at the results of searches for the top 30 U.S. banks and tracked sensitive financial documents as they moved through three popular peer-to-peer networks: Gnutella, FastTrack and eDonkey.
Among documents he found: loan applications, bank statements, dispute letters, wire transfer authorizations, credit reporting agency records, user ID and password lists, and tax returns.
Many of those documents included information like Social Security numbers, credit card numbers or signatures _ information that would make life easy for someone looking to commit identity theft.
Peer-to-peer networks _ many of which sprouted after the demise of the original Napster file-sharing business _ allow users to share music, videos, software and photos. Typically, users offer up their own files in exchange for access to other people's files. Although lawsuits have abounded about the legality of peer-to-peer file sharing, some are now operating legally.
The problem, Johnson said, is that the 10 million people using peer-to-peer networks do not necessarily know to limit what they're making available. So even though someone might want to share just his MP3 collection, he might be giving other users access to his «My Documents» folder.
Once a file is shared, it disseminates quickly, Johnson said, either by chance or by intent. Johnson has shared his findings with some of the banks either directly or at industry conferences.
Over the course of seven weeks, Johnson had Tiversa Inc., a company that works with financial institutions and government agencies to prevent inadvertent data breaches, conduct searches related to the country's largest banks. In just over a month, they found more than half a million searches that somehow incorporated bank names.
Some searches imply that people are scouring peer-to-peer networks specifically for financial documents: Searches for «Citibank August statement,» for example, or «PIN Bank of America» are «not something you'd expect in a music-sharing network,» Johnson said, and therefore are suspicious.
But another trend, the one Johnson calls digital wind, also poses a threat: Even legitimate searches turn up sensitive files. For example, someone searching for music by rapper PNC might turn up documents from the bank of the same name. Similarly, a search for the song «Wells Fargo Wagon» from the musical «The Music Man» could lead to someone's Wells Fargo bank statements.
«The bad news for a bank is if (someone) is searching for Madonna's performance at the Wachovia Center...the search is going to bring up a lot of things that people have on their hard drives related to Wachovia,» Johnson said.
Even if a person searching for concert recordings does not open a bank statement that mistakenly turns up, she might inadvertently share someone else's bank statement in the future.
«Digital wind isn't harmless because it does turn up sensitive documents,» Johnson said. «People download it; they're not sure what it is. Often when they have it, they re-disclose it.
As part of one of the studies, Johnson demonstrated the speed of the network by sharing a fake email designed to look like correspondence between a father and daughter: «Sara, Grandma sent you a $25 prepaid Visa card and telephone calling card in the mail for Christmas. ... Here's the info from the cards.
Within a week, the money card was empty, and it took another week for the phone card to be used up.
«Proliferation is definitely an issue once a file is out there,» said Chris Gormley, chief operating officer for Tiversa. «These networks are designed to move them quickly.
Consumers aren't the only people revealing their private information into a very public arena. Although Johnson's studies discovered that 79 percent of bank-related documents found on the peer-to-peer networks came from consumers, 11 percent came from banks' internal networks and 10 percent came from companies that do work for the banks.
Among some of those documents that Johnson found from banks or their contractors: personnel performance evaluations, a spreadsheet with 23,000 business accounts' contact information and account numbers, and a detailed manual of a bank's security review process.
What's most disturbing about the wealth of bank information on peer-to-peer networks is that many people _ both consumers and bank employees _ have no idea they're leaking the documents. Banks' controls don't necessarily account for what programs an outside consultant might have running on his computer.
Jaime Levy Pessin is a correspondent for Dow Jones Newswires.

 
Disclaimer: This news article is copyrighted by Associated Press and published by PR-inside.com. If you have any questions regarding information in this article please contact ap-online.com. PR-inside can not assist or help you giving information about this News articles.


Terms & Conditions | About us | Contact PR-inside.com