Why File Sharing Network are         Dangerous?                     Arinto Murdopo                     arinto@gmail.com
P2P Application • 1st generation P2P application – find the file, and   download from node that has the file    – FastTrac...
Why do we analyze these? • Lots of users & traffic – doubled between ‘03 to ‘07 • Wide adoption
Exposed Sensitive Information • Sounds impossible, but it does happen!   –   Misplaced file   –   Confusing UI   –   Incen...
Exposed Sensitive Information • Searching-file experiment    –   Birth Certificate – 45 Results    –   Passport – 42 Resul...
The trend? • Growing usage -> More leaks • Set and forget -> Increases loses • Global loses • Digital wind spreads files •...
Honeypot experiment • To illustrate the threat in P2P network • Honeypot – deliberately expose things to observe   the att...
Email with VISA card.. • Email showing 25 USD VISA prepaid card • 210-minute-calling card
Email with VISA card.. • File quickly taken and re-taken
Email with VISA card.. • Within a week, no   money left! • No minute left! • File distribution ->
Business Documents… • Within a week…   – Documents taken 12 times   – Secondary disclosures do happen!
Observation• Successfully illustrate risk of disclosure• Identity theft!• Persons with intention to use and hide documents...
Conclusion • Suggested counter-measures   – Improve UI design   – User education   – File naming and organization
Discussion… • Privacy issue, why? Agree, disagree? • Malware distribution, how to counter-   measure? • How about BitTorre...
Upcoming SlideShare
Loading in …5
×

Why File Sharing is Dangerous?

1,470
-1

Published on

Slides for Decentralized System assignment. Explaining about why file sharing is dangerous.

Published in: Technology
0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total Views
1,470
On Slideshare
0
From Embeds
0
Number of Embeds
2
Actions
Shares
0
Downloads
4
Comments
0
Likes
1
Embeds 0
No embeds

No notes for slide

Why File Sharing is Dangerous?

  1. 1. Why File Sharing Network are Dangerous? Arinto Murdopo arinto@gmail.com
  2. 2. P2P Application • 1st generation P2P application – find the file, and download from node that has the file – FastTrack network – KaZaA – Gnutella network – Frostwire – eDonkey - eMule • Common characteristics: users need to share a specific files/folders
  3. 3. Why do we analyze these? • Lots of users & traffic – doubled between ‘03 to ‘07 • Wide adoption
  4. 4. Exposed Sensitive Information • Sounds impossible, but it does happen! – Misplaced file – Confusing UI – Incentives to share large number of files – Lazy users – Dumb wizard – Share and forget – Poor organizational habit
  5. 5. Exposed Sensitive Information • Searching-file experiment – Birth Certificate – 45 Results – Passport – 42 Results – Tax Return – 208 Results – Free Application for Federal Student Aid – 114 Results
  6. 6. The trend? • Growing usage -> More leaks • Set and forget -> Increases loses • Global loses • Digital wind spreads files • Existence of malware
  7. 7. Honeypot experiment • To illustrate the threat in P2P network • Honeypot – deliberately expose things to observe the attack • In this case… – Email contains active VISA card and phonecard – Three mock business documents
  8. 8. Email with VISA card.. • Email showing 25 USD VISA prepaid card • 210-minute-calling card
  9. 9. Email with VISA card.. • File quickly taken and re-taken
  10. 10. Email with VISA card.. • Within a week, no money left! • No minute left! • File distribution ->
  11. 11. Business Documents… • Within a week… – Documents taken 12 times – Secondary disclosures do happen!
  12. 12. Observation• Successfully illustrate risk of disclosure• Identity theft!• Persons with intention to use and hide documents do exist! (and they always search!!!)
  13. 13. Conclusion • Suggested counter-measures – Improve UI design – User education – File naming and organization
  14. 14. Discussion… • Privacy issue, why? Agree, disagree? • Malware distribution, how to counter- measure? • How about BitTorrent? Security concern? • This paper is about “Passive” attack, how about “Active” attack? Give example – Active attack : communications are disrupted by the deletion, modification or insertion of data.
  1. A particular slide catching your eye?

    Clipping is a handy way to collect important slides you want to go back to later.

×