The Business Software Alliance's October report called Online Software Scams: A Threat to Your Security reveals the dangers of buying or downloading pirated software. Sadly, pirated software doesn't always advertise that it is counterfeit and often appears to be the "real thing" to the untrained eye. This poses a clear and present danger to anyone shopping for software, whether it be on a e-commerce site, peer to peer (P2) site or at a more traditional shopping venue.
In the report's introduction it points to an actual example of how a misguided employee of the Wagner Resource Group of McLean Virginia used his office computer to download video and music files using Limewire and exposed the entire corporation to the dark side of the Internet. "In this case, the Wagner employee’s action set off a terrible chain reaction, opening up the firm’s computers to outsiders and exposing the names, dates of birth, and Social Security numbers of about 2,000 of the firm’s clients, including US Supreme Court Justice Stephen Breyer, according to the report.
Although many view downloading a video or music file as a victimless crime, the consequences can become personal when cyber criminals add a little malicious software (often referred to as crimeware) to the mix. Specifically, it can lead to identity (information) theft or turn a user's machine into a zombie, which is controlled remotely and used to commit other misdeeds on the Internet.
It is estimated that one-third of all software is counterfeit. In 2008, a study was conducted that revealed that if software piracy could be reduced by 10 percent in the United States it would generate 32,000 new jobs, 41 billion in economic growth and 7 billion in tax revenues.
A lot of pirated software is sold via downloads. When this occurs, the normal form of payment is a credit or debit card. This means that the person, who buys pirated software is providing this information to a criminal, who in turn might use it again or sell it to a third party. Like pirated software, credit/debit card information is sold on the Internet in underground chat rooms.
The report also covers another area, where Internet crime is known to flourish, or auction sites. In 2005, a study was done on software sold on eBay and roughly 50 percent of the items purchased had malicious/unwanted elements or had been tampered with.
While auction sites have worked with outside industries on preventing theft and abuse, they generally disclaim any responsibility for what occurs on their site. Additionally, there is little to no protection for the consumer buying these products (my opinion).
Because of this, the BSA is calling for auction sites to assume responsibility, step up the warning process on their sites and slow the process down by eliminating the "buy it now" process, which makes monitoring illegal sales nearly impossible.
The software industry isn't the only industry calling out issues with auction sites. In August, two bills were introduced to combat crime on auction sites, which were largely supported by the National Retail Federation. The sale of stolen or counterfeit goods in general has long been an issue on these sites. A good resource to learn about the danger of counterfeit goods in general is the International Anticounterfeting Coalition.
The BSA offers a lot of tips for consumers on how to avoid becoming a victim in their recently released report. It also offers a more visual means of learning by offering a video on the subject.
Suspected piracy can also be reported at http://www.bsacybersafety.com/ or by calling 1-888-NO-PIRACY.
Showing posts with label p2p. Show all posts
Showing posts with label p2p. Show all posts
Tuesday, October 07, 2008
Thursday, October 18, 2007
P2P under Congressional scrutiny - FTC to investigate
Although there are legitimate uses for P2P (peer to peer) software, there is no doubt that there are a lot of dangers to using it, also.
Officially, the concerns are how this exposes people to identity theft -- but this costs the entertainment industry (who probably have a few lobbyists dedicated to this matter) a lot of money when they don't get their royalties (money) on music and videos -- which people download for free using P2P.
Now Congress is asking the Federal Trade Commission to take a deeper look into the matter.
Still worried that peer-to-peer filesharing networks like Lime Wire are causing users to "inadvertently" expose sensitive documents, posing potential security risks, members of Congress are now asking for a formal investigation into the phenomenon.I've written a little about why it isn't a good idea to use some of the P2P networks out there:
The latest concern from the House of Representatives Committee on Oversight and Government Reform, judging by a 7-page letter (click for PDF) dated Wednesday to Federal Trade Commission chairwoman Deborah Majoras, appears to be this: Peer-to-peer networks may make unsuspecting consumers vulnerable to identity theft.The same group of politicians, led by Reps. Henry Waxman (D-Calif.) and Tom Davis (R-Va.), suggested earlier this summer that peer-to-peer networks can pose a "national security" threat by allowing users to expose sensitive information unwittingly. (Some politicians, particularly those with entertainment industries in their districts, also took the opportunity once again to condemn unlawful transfer of copyrighted content via the networks.)
Japanese cop exposes confidential information on 6,000 people using P2P (file-sharing) software
How P2P Software like Limewire Compromises Personal and Financial Information
Besides being a potential national security threat and an identity theft venue, most of this software is liable to do a lot of damage to your system. And unless you are pretty technically inclined, you will probably have to spend a little of your hard-earned money to fix the damage it will cause!
CNet news blog story, here.
Saturday, June 30, 2007
Japanese cop exposes confidential information on 6,000 people using P2P (file-sharing) software
Japanese police car picture courtesy of FlickrWe spend a lot of MONEY protecting computer systems and the information in them. Despite this, information is stolen or compromised from computers, pretty frequently.
One reason for this is it only takes one person, with access to compromise a system and it's security.
Recently, Japan Today, disclosed that a policeman did just this by using P2P file sharing software:
One reason for this is it only takes one person, with access to compromise a system and it's security.
Recently, Japan Today, disclosed that a policeman did just this by using P2P file sharing software:
Personal information on some 12,000 people related to criminal investigations has leaked onto the Internet from a computer of a Tokyo police officer via Winny file-sharing software, the Metropolitan Police Department said Friday. This is believed to be the largest volume of data leaked from the police on record, the department said.
In case you've never been exposed to P2P (file sharing) software, it's normally used to share porn, movie, or music files.
Wikipedia lists the dangers of using this type of software, of which there are many:
Wikipedia lists the dangers of using this type of software, of which there are many:
- poisoning attacks (e.g. providing files whose contents are different from the description)
- polluting attacks (e.g. inserting "bad" chunks/packets into an otherwise valid file on the network)
- defection attacks (users or software that make use of the network without contributing resources to it)
- insertion of viruses to carried data (e.g. downloaded or carried files may be infected with viruses or other malware)
- denial of service attacks (attacks that may make the network run very slowly or break completely)
- filtering (network operators may attempt to prevent peer-to-peer network data from being carried)
- identity attacks (e.g. tracking down the users of the network and harassing or legally attacking them)
- spamming (e.g. sending unsolicited information across the network- not necessarily as a denial of service attack)
Using any of these services, normally slows a computer down to a slow crawl. It can even destroy your computer.
Besides that, it's illegal to share copyrighted material (I think it's considered stealing). Not a very good situation for a policeman to get caught up in. What was he thinking?
Japan Today story, here.
Here is another post, I wrote about the murky world of P2P last year:
How P2P Software like Limewire Compromises Personal and Financial Information
Attrition.org tracks how often information is compromised, and the reasons why, here.
Tuesday, October 31, 2006
How P2P Software like Limewire Compromises Personal and Financial Information
The Denver DA's office recently discovered a lot of personal and financial information exposed by users of P2P (peer to peer) software like "Limeware."
The concern is that this information might be "easily used" to steal identities and commit financial crimes, or worse.
Other well known peer to peer networks besides Limeware are WinMX, Kazaa, Azureus, Bearshare, Zango and Morpheus.
Parents should note that a lot of times, children often are lured into downloading P2P software. My personal experience was when when my daughter downloaded Kazaa on a home computer. Unfortunately, besides music, we got a lot of adware/spyware in the "package," also.
The end result was having to pay someone to "unclog" my system.
According to Wikipedia:
If you insist on using it -- I would highly recommend reading an article by Thomas Mennecke at Slyck News -- where he explains exactly how users are compromised and how they might avoid the problem.
In his own words:
Here is a post I did - based on another post by Paul Young (fellow blogger) - on Zango:
Prying1 - Digging Up the Dirt on Zango and Who Advertises for Them
The concern is that this information might be "easily used" to steal identities and commit financial crimes, or worse.
Other well known peer to peer networks besides Limeware are WinMX, Kazaa, Azureus, Bearshare, Zango and Morpheus.
Parents should note that a lot of times, children often are lured into downloading P2P software. My personal experience was when when my daughter downloaded Kazaa on a home computer. Unfortunately, besides music, we got a lot of adware/spyware in the "package," also.
The end result was having to pay someone to "unclog" my system.
According to Wikipedia:
P2P technology as a computer "network that relies primarily on the computing power and bandwidth of the participants in the network rather than concentrating it in a relatively low number of servers. P2P networks are typically used for connecting nodes via largely ad hoc connections. Such networks are useful for many purposes. Sharing content files (see file sharing) containing audio, video, data or anything in digital format is very common, and realtime data, such as telephony traffic, is alsoThe dangers of P2P software have been well documented and the FTC has even issued a warning about the use of it, here.
passed using P2P technology.
If you insist on using it -- I would highly recommend reading an article by Thomas Mennecke at Slyck News -- where he explains exactly how users are compromised and how they might avoid the problem.
In his own words:
There’s little doubt the threat of identity theft continues to plague the online world – and has become highly focused on P2P. Yet this serious security threat is also the easiest to avoid. This threat to the security of the end user occurs for one reason, and one reason alone.
Link to story about Denver DA finding personal and financial information, here.
Link to Slyck article, here.Here is a post I did - based on another post by Paul Young (fellow blogger) - on Zango:
Prying1 - Digging Up the Dirt on Zango and Who Advertises for Them
Subscribe to:
Posts (Atom)
