Why File Sharing Network are Dangerous? Arinto Murdopo firstname.lastname@example.org
P2P Application • 1st generation P2P application – find the file, and download from node that has the file – FastTrack network – KaZaA – Gnutella network – Frostwire – eDonkey - eMule • Common characteristics: users need to share a specific files/folders
Why do we analyze these? • Lots of users & traffic – doubled between ‘03 to ‘07 • Wide adoption
Exposed Sensitive Information • Sounds impossible, but it does happen! – Misplaced file – Confusing UI – Incentives to share large number of files – Lazy users – Dumb wizard – Share and forget – Poor organizational habit
Exposed Sensitive Information • Searching-file experiment – Birth Certificate – 45 Results – Passport – 42 Results – Tax Return – 208 Results – Free Application for Federal Student Aid – 114 Results
The trend? • Growing usage -> More leaks • Set and forget -> Increases loses • Global loses • Digital wind spreads files • Existence of malware
Honeypot experiment • To illustrate the threat in P2P network • Honeypot – deliberately expose things to observe the attack • In this case… – Email contains active VISA card and phonecard – Three mock business documents
Email with VISA card.. • Email showing 25 USD VISA prepaid card • 210-minute-calling card
Email with VISA card.. • File quickly taken and re-taken
Email with VISA card.. • Within a week, no money left! • No minute left! • File distribution ->
Business Documents… • Within a week… – Documents taken 12 times – Secondary disclosures do happen!
Observation• Successfully illustrate risk of disclosure• Identity theft!• Persons with intention to use and hide documents do exist! (and they always search!!!)
Conclusion • Suggested counter-measures – Improve UI design – User education – File naming and organization
Discussion… • Privacy issue, why? Agree, disagree? • Malware distribution, how to counter- measure? • How about BitTorrent? Security concern? • This paper is about “Passive” attack, how about “Active” attack? Give example – Active attack : communications are disrupted by the deletion, modification or insertion of data.