Search Slyck  
LimeWire Bears Brunt of Identity Theft Concerns
October 30, 2006
Thomas Mennecke
Font Bigger Font Smaller
There’s an ugly truth to being part of the online kingdom – the risk of identity theft. Although no formal study has ever indicated that P2P networking is inherently more dangerous than other forms of Internet computing, its widespread use has placed security concerns at the forefront of the many issues involving P2P.

For years, the Internet community has been warned that P2P programs could make the user susceptible to identity theft. Many articles have been written about Japanese file-sharers who’ve accidentally exposed sensitive military documents. Additionally, net users are constantly being warned that bank documents, tax information, and other sensitive documents can potentially be indexed for the entire file-sharing world to see.

There’s little doubt the threat of identity theft continues to plague the online world – and has become highly focused on P2P. Yet this serious security threat is also the easiest to avoid. This threat to the security of the end user occurs for one reason, and one reason alone.

When people install their favorite P2P program, whether it’s Morpheus, Kazaa, BearShare, Azureus, or WinMX, the installation process creates an empty shared sub-folder within the install folder. In other words, let’s assume the end user installs uTorrent on Windows XP. The program installs to the following: C:\Program Files\uTorrent. Now, it also creates a sub-folder for shared files, which is located at C:\Program Files\uTorrent\shared.

Inside of this “shared” folder is absolutely nothing. There are no music files, no movie files, and no sensitive tax/financial documents. The end user might have bank account information on his or her computer – complete with online passwords and withdrawal information on a Word document. Some clients such as LimeWire force the end user to manually pick the shared folder. Providing that document is not placed in the “shared” folder, it is metaphysically impossible for the document to be shared on any P2P network.

So how does a tax return document become indexed on, for example, the Gnutella network?

It’s very simple. The end user needs to physically change the empty shared folder that is already established by default. A more computer savvy individual picks a specific folder that contains only non-sensitive information. Unfortunately, not every Internet user is knowledgeable on security, and inadvertently shares the entire hard drive. Quite simply, the end user changes the shared folder to “C:\”. Now the entire hard drive is shared.

This situation occurs all too often, and now has become the focus of the Denver District Attorney’s office.

“The Denver District Attorney’s Office is issuing an urgent alert to computer users who use file-sharing software, specifically LimeWire.”

“During the course of a routine identity theft investigation, the Denver Police Department executed a search warrant at a Denver apartment and recovered personal and financial information from approximately 75 different individual and business account names from all over the country. The information, which included tax records, bank account information, online bill paying records and other material, appears to have been stolen directly from computers that were using LimeWire, a filesharing software program.”

Considering this is a news alert from the Denver District Attorney’s office, it obviously indicates a very serious problem for the 75 individuals. How did this alleged malicious individual attempt to retrieve information on these people?

“It appears that the file-sharing program was exploited to enable someone sitting at a computer in Denver to illegally access everything – every file, every document – on computers across the country.”

Although the press statement indicates an ‘exploit’, there’s no specialized technique used – nor is this situation unique to LimeWire. Most sensitive documents are in standard text-based file formats, so any search query for a text related document will yield a plethora of results.

The end user may have the most current security updates, the latest Symantec upgrade, and a strong firewall. However this solves nothing – as LimeWire contains no viruses, spyware, and supports firewall-to-firewall transfers. In other words, these security techniques do not unshare an entire hard drive.

It’s incumbent on the end user to ensure the root directory, or the entire hard drive, is not being shared. The P2P newcomer should thoroughly read the user guide provided by, in addition to their literature on using P2P safely. The end user must be vigilant of the power the Internet - and either share responsibly or not share at all.

This story is filed in these Slyck News categories
P2P Clients :: LimeWire
Technology News :: Security

You can discuss this article here - 20 replies

© 2001-2019