“We found more than 200 classified government documents in a few hours search over Peer-2-Peer networks,” said Retired General Wesley K. Clark at a recent Government Reform Committee hearing (7-24-07). Describing it as the new national security risk Clark said, “We found everything from Pentagon network server secrets to other sensitive information on P-2P networks hackers dream about.”
Clark, now the chairman and CEO, of Wesley K. Clark & Associates, and a board member of Tiversa, Inc., which conducts 350 million searches per day, compared to Google’s 150 million daily searches.
“If everyone knew the scope of the risk of P2P networks, America would be outraged and demand solutions” Clark suggested regulation and mandatory defensive active monitoring programs, especially for sensitive government documents. “If you wait for the lawsuit, you have waited too long.” Clark noted that many of our national information security leaks were fresh, complete and often were distributed on home computers over P2P networks.
Chairman Henry Waxman (D) investigating the P2P networks invited LimeWire and StreamCast to testify along with other interested experts on illegal filesharing before the U.S. Houses of Representatives Committee on Oversight and Government Reform. Last March, United States Patent and Trademark Office released a study revealing that inadvertent file-sharing continued to threaten individual privacy and national security.
“This is the new threat to Homeland Security,” CEO Robert Boback, told the hearing. “We found thousands of corporate cases from banking statements, server passwords, financial data, public company data, human resources, medical records and fortune 500 company minutes on compliance.”
“One of the defining characteristics of contaminated networks is that users rarely ever know that they are sharing the files on their computer with other users on the network,” said SafeMedia Corporation Chairman Safwat Fahmy in his written testimony on how SafeMedia’s technology was developed to address illegal sharing of copyrighted materials on contaminated P2P networks. “Our technology eliminates all the identity theft and security risks of contaminated P2P networks that affect consumers, students, businesses and our national security.”
Fahmy also stated in his written testimony to the Committee that, “P2P networks, in order to work and survive, requires that all users share files. If users are unable to share files to be downloaded, then the network would be pointless and cease to exist. So, the developers of the P2P software create a directory on the user’s computer called “shared” to be uploaded on demand to any user on the entire network most often without the user knowledge, at the time of installation.”
Other startling testimony surfaced from Professor M. Eric Johnson, director, Center for Digital Strategies, Tuck School of Business, Dartmouth College. To illustrate the threat of P2P file sharing, his researchers ran a set of “honey-pot” experiments. They posted the text of an email message containing an active VISA (debit) number and an AT&T phone card in a music directory in a contaminated P2P network that was shared via Limewire.
“It appears that two takers of the card were able to obtain funds as the activity was split into two groups,” Johnson told the hearing. And it happened, “because one taker used Paypal, which is more US-centric, while the other used Nochex, which is UK-centric. Within another week, the calling card was also depleted. Examining the call records of the card, all of the calls were made from outside of the US to two US area codes - 347 (Bronx, NY) and 253 (Tacoma, WA), illustrating the P2P threat both within and outside of the US. Even more interesting, long after we stopped sharing the file, we observed the file continuing to move to new clients as some of the original takers leaked the file to others.”
In a second study, researchers examined bank-related documents and found circulating sensitive data as bank statements, credit reporting agency records, user ID and password lists and tax returns were inadvertently "shared" with millions of people. There was also evidence of sensitive government information being distributed through P2P networks over a two-month period.
“At SafeMedia, we have developed business solutions combining P2P Disaggregator technology (P2PD) and a Digital Internet Distribution Solution (DIDS) that prevents contaminated P2P networks from indiscriminately being accessed by users’ computers,” explained Fahmy. “Our solutions utilize advanced technologies such as: Adaptive Fingerprinting and DNA markers; Adaptive network patterns; Intelligent libraries; Remote update and Self-healing to effectively drop all contaminated P2P traffic with No Invasion of User Privacy. P2PD is fully effective at forensically discriminating between contaminated and non-contaminated P2P traffic with no false positives whether encrypted or not: P2PD operates at network speed with little or no latency.”
Fahmy added “The purpose of P2PD technology is not to shut down P2P networks or inhibit P2P technology. “We allow traffic from non contaminated P2P to pass to its destination we only drop traffic to and from contaminated P2P networks.
“Many users now are enjoying the protection of their identity and safety of their network from contaminated P2P network by using SafeMedia’s products which are available now for immediate implementation in DSL/Cable modems or as a standalone network appliance named” Clouseau” said Fahmy.
[Editors note: For more information about SafeMedia Corporation product line visit the company website listed before or call 561-989-1934. To hear today’s testimony from the U.S. House Of Representatives Committee on Oversight and Government Reform, on the” Inadvertent Filesharing Over Peer-To-Peer Networks Hearing,” please visit the first link below labeled "Congressional Hearing."]