Tier-3 warns over P2P security.

Tier-3, the behavioural analysis IT security specialist, has warned file-sharing Internet users to be aware of the risks of their personal data falling into the wrong hands, following the arrest of a Seattle man in connection with allegedly using P2P networks to steal sensitive information. "Although some peer-2-peer clients allow users to restrict the directories which they share with other P2P users, the fact that the bulk of P2P transmissions involve copyrighted materials means that the networks are a breeding ground for the criminal element," said Geoff Sweeney, CTO of Tier-3.

Sweeney's warning comes after Gregory Kopiloff was arrested in Seattle, Washington, accused of using the Limewire and Soulseek P2P networks to commit identity theft.

Reports say that Kopiloff was arrested on charges of mail fraud, accessing a protected computer without authorisation and two counts of aggravated identity theft. If convicted, he faces up to 29 years in prison.

"Kopiloff's case acts as a stark warning to P2P file sharers, as he is alleged to have remotely scoured users' systems to look for income tax returns, student financial aid applications and credit reports," said Ben-Itzhak.

"The fact that he appears to be have been able to cherry-pick only those people earning more than $150,000 suggests he had a wealth of user files to choose from," he added.

According to the Tier-3 CTO, file sharing client software is frequently updated and, during the update process, it is relatively easy to accidentally allow access to a PC, or an organisations entire data network rather than just a few directories.

"The fact that P2P file sharing is used to exchange copyright materials means that using the software and P2P websites is in a legally grey area. I would urge any file sharers to think carefully about the possible security consequences of their actions before attempting to download the latest movies and music from the Internet. The IT departments of organisations should also ensue that they enforce a policy on P2P file sharing to prevent employees exposing themselves and their organisation to malware from cyber-criminals or legal action resulting from infringing others copyright." Sweeney continued, "The different types of threats facing modern IT managers are now so varied that a safety net approach--using behavioural analysis software--is now required to secure an IT system from the various attack vectors used by today's hacker-criminals.

www.tier-3.com