This situation occurs all too often, and now has become the
focus of the Denver District Attorney’s office.
“The Denver District Attorney’s Office is issuing an urgent alert to computer users who use file-sharing software, specifically LimeWire.”
“During the course of a routine identity theft investigation, the Denver Police Department executed a search warrant at a Denver apartment and recovered personal and financial information from approximately 75 different individual and business account names from all over the country. The information, which included tax records, bank account information, online bill paying records and other material, appears to have been stolen directly from computers that were using LimeWire, a filesharing software program.”
Considering this is a news alert from the Denver District Attorney’s office, it obviously indicates a very serious problem for the 75 individuals. How did this alleged malicious individual attempt to retrieve information on these people?
“It appears that the file-sharing program was exploited to enable someone sitting at a computer in Denver to illegally access everything – every file, every document – on computers across the country.”
Although the press statement indicates an ‘exploit’, there’s no specialized technique used – nor is this situation unique to LimeWire. Most sensitive documents are in standard text-based file formats, so any search query for a text related document will yield a plethora of results.
The end user may have the most current security updates, the latest Symantec upgrade, and a strong firewall. However this solves nothing – as LimeWire contains no viruses, spyware, and supports firewall-to-firewall transfers. In other words, these security techniques do not unshare an entire hard drive.
It’s incumbent on the end user to ensure the root directory, or the entire hard drive, is not being shared. The P2P newcomer should thoroughly read the
user guide provided by LimeWire.com, in addition to their
literature on using P2P safely. The end user must be vigilant of the power the Internet - and either share responsibly or not share at all.