What security risks are associated with peer-to-peer (P2P) file-sharing programs?

Peer-to-peer (P2P) file-sharing programs are Internet applications that allow computer users to share electronic files with other users connected to a common file sharing network. Commonly available P2P file sharing programs are “open” file-sharing networks that can be used to share any type of electronic data files. In area of business and government applications these data files may include private, sensitive, confidential or trade secret information on business or government operations or on customers, clients, patients, contactors, employees, vendors or other parties. It may include identity information, credit card data, financial information, medical information and many other types of sensitive information. In the area of leisure applications P2P file sharing is commonly used to share music, photos, movies, and video games.

Open P2P file sharing programs have become incredibly popular in recent years. It is reported that one such program, Kazaa, has been downloaded nearly 280 million times – more than any other software program in Internet history. Other popular programs include BearShare and iMesh.

The security risk in the use of commonly available open P2P file-sharing programs is that they increase the connectivity between computers connected to a common P2P network. The network architecture and the file-sharing software expose every connected computer to risks beyond those raised by other types of Internet activities.

 

A user of a commonly available open P2P file -sharing program identifies which file folders on his or her computer are to be available for sharing with others on the same P2P network. Because P2P file-sharing programs allow the sharing of any type of electronic data, every computer file in the shared file folders becomes accessible to every other user on the P2P network- all shared files are open to all parties attached to the network. A P2P user who chooses to share a folder containing a music collection may not be aware that he or she is also sharing every personal document that might be stored in the shared file location.

But the risk associated with the use of common file sharing programs is not limited to the open exposure to all of the data in your computer's shared file location. With a simple search tool, or commonly available hacker kit, it is relatively easy for anyone on the open P2P network to access all of your computer’s data files and to even take control of your computer often without your knowledge. Anyone connected to an opened P2P network is at increased risk of receiving viruses and worms, which tend to quickly multiply on P2P networks and enter your computer through the file-sharing program. Furthermore, the file-sharing program is a common entry port or gateway for cyber-spying and cyber-crime attacks.

Be aware the unauthorized release of confidential information through a data file transfer or through access provided to a cyber-spy or cyber-thief by an open P2P file sharing program can exposure the owner of the computer and the user of the computer to personal liability for the losses suffered by the victim of the compromised confidential information. Such confidential information may be identity data, credit card or debit card data, banking or financial information, employment information, medical records and many other types of sensitive or confidential information. From a liability viewpoint, ppn offers a much better means of receiving and distributing electronic data than an open file-sharing program.