Congress Breached via P2P Filesharing

Congress is still considering the Informed P2P User Act, a law that would supposedly make it safer to use peer-to-peer file sharing software, an effort that is similar to banning mosquitoes from sucking blood. It just isn’t happening. The only foolproof way to prevent accidental data leaks via file sharing programs is for IT administrators to lock down networks and prevent the installation of rogue software.

Congress suffered another embarrassing P2P breach last week, after a confidential memo regarding an ethics investigation into the conduct of thirty House members was leaked, thanks to file sharing software installed by a junior staff member. This follows similar leaks that occurred earlier this year, which revealed sensitive details regarding the security of the First Family. House leaders have ordered an “immediate and comprehensive assessment” of congressional cybersecurity policies. Rep. Zoe Lofgren, chairman of the ethics committee, pointed out that “individual error and sloppiness is always the Trojan horse of cybersecurity.”

Peer-to-peer file sharing allows users to access each other’s computers in order to share music, movies, software, and other files. Unfortunately, many people don’t set up their P2P programs correctly, and they unintentionally end up sharing their most important and sensitive files, including bank records, tax files, health records, and passwords. (This is the same P2P software that allows users to download pirated music, movies and software.) This can result in data breaches, credit card fraud and identity theft. I’ve seen numerous reports of government agencies, drug companies, mortgage brokers, and others discovering P2P software on their networks after sensitive data was leaked.

Savvy users lock down their file sharing software to prevent others from tooling around with their settings. If your IT abilities are scant, you should take the following precautions:

• Don’t install P2P software on your computer.
• If you aren’t sure whether a family member or employee has installed P2P software, check to see whether anything unfamiliar has been installed. A look at your “All Programs Menu” will show nearly every program on your computer. If you find an unfamiliar program, do an online search to see what it is.
• Set administrative privileges to prevent the installation of new software without your knowledge.
• If you must use P2P software, be sure that you don’t share your entire hard drive. When you install and configure the software, don’t let the P2P program select data for you.
• Make sure your PC has recently updated Internet security software. P2P networks are riddled with viruses.
• Get a credit freeze. Go to ConsumersUnion.org and follow the steps for your particular state. This is an absolutely necessary tool to secure your credit. In most cases, it prevents new accounts from being opened in your name.

• And invest in identity theft protection. Not all forms of identity theft protection can be prevented, but identity theft protection services can dramatically reduce your risk.