P2P slammed as 'new national security risk'

Peer to peer technology (P2P) has been described as the “new national security risk” by a retired general at a recent Government Reform Committee hearing.

Retired General Wesley K. Clark, who is now a board member of Tiversa, a company that trawls P2P networks for sensitive information, said, "We found more than 200 classified government documents in a few hours search over P2P networks.

"We found everything from Pentagon network server secrets to other sensitive information on P2P networks that hackers dream about," he added.

At the committee hearing, Clark suggested regulation and mandatory defensive active monitoring programs, especially for sensitive government documents. "If everyone knew the scope of the risk of P2P networks, America would be outraged and demand solutions. If you wait for the lawsuit, you have waited too long," he said.

Clark revealed that many national information security leaks were fresh, complete and were often distributed on home computers over P2P networks.

In March, the United States Patent and Trademark Office released a study revealing that inadvertent file sharing continued to threaten national security. At the time, USPTO CEO Robert Boback said, "We found thousands of corporate cases from banking statements, server passwords, financial data, public company data, human resources, medical records and Fortune 500 company minutes on compliance."

Professor M. Eric Johnson, director of the Center for Digital Strategies at the Tuck School of Business, Dartmouth College, carried out an experiment to illustrate the threat of P2P file sharing. The text of an email message containing an active Visa card number and an AT&T phone card in a music directory was posted in a P2P network that was shared via LimeWire.

"It appears that two takers of the card were able to obtain funds as the activity was split into two groups," Johnson told the hearing. “One taker used Paypal, which is more US-centric, while the other used Nochex, which is UK-centric. Within another week, the calling card was also depleted. Examining the call records of the card, all the calls were made from outside the US to two US area codes – 347 (Bronx, NY) and 253 (Tacoma, WA), illustrating the P2P threat both within and outside of the US. Even more interesting, long after we stopped sharing the file, we observed the file continuing to move to new clients as some of the original takers leaked the file to others."

Committee chairman, Henry Waxman, who is investigating the P2P networks invited LimeWire and StreamCast to testify along with other interested experts on illegal filesharing before the US Houses of Representatives Committee on Oversight and Government Reform.