ID theft : Limewire

Pentagon responds to cyberattacks with $100 million security surge

IdentityTheft — Wed, 08 Apr 2009 20:26:00 GMT

The Pentagon has implemented another Iraq-style surge, but this time the counterattack is in cyberspace.

Brig, Gen. John Davis of the U.S. Strategic Command said today that the U.S. military has spent at least $100 million in the past six months to ward off additional Pentagon network attacks.

A month ago the government released information about the downloading of engineering and communication documents of the president’s helicopter, Marine 1. The information was downloaded to an IP address in Iran, after being accessed through a defense contractor’s file-sharing program.

In 2007, computer hackers breached an unclassified e-mail system in Defense Secretary Robert Gates’ office.

In 2006, a Japanese lieutenant inadvertently published U.S. military and coalition movements in Iraq on the Internet. The leak was attributed to a virus on the lieutenant’s personal computer, which was launched through Winny, a file-sharing program.

File-sharing software was recognized as a huge security threat as early as 2004 when a civilian launched the website “See What You Share” to publish pictures, documents and letters from soldiers and military bases in Iraq and other locales.

“We are finding ourselves in an ever-increasing, sophisticated environment where our networks at (the Department of Defense) are increasingly in a contested environment,” Davis said in a CNN interview.

Davis said the $100 million was spent on tools, training and technologies in response to infiltrations and viruses. He also announced plans to increase the number of “cyber-experts” from roughly 80 to 250 by 2010, but said even that cyber-security surge would be inadequate.

“It’s got to be more,” he said. “But it is a sign of progress.”

LimeWire tool of choice for 2 Seattle identity theft scammers

IdentityTheft — Tue, 07 Apr 2009 16:14:00 GMT

You pride yourself on your security practices, so on the way to work you drop off the mail you’ll send from a post office, you set the house alarm system and lock the deadbolt. All these things give you a peace of mind.

But if you or your kids are using file-sharing peer-to-peer (P2P) software to work from home to download music or videos, you have effectively left the doors standing open and left all your credit cards on the dining room table with a plate of cookies.

LimeWire is the most commonly used P2P software, and was the tool of choice for two Seattle men recently arrested on charges of aggravated identity theft, wire fraud and computer crimes.

Federal prosecutors accuse Frederick Eugene Wood of targeting P2P users to obtain personal information on at least 120 people from all over the United States. Wood was indicted by the U.S. Attorney’s office and has been arrested.

If convicted on all charges, he faces up to 22 years in prison.

Seattle police began investigating Wood after Gregory Kopiloff was arrested for his part in the scheme. Kopiloff was sentenced in 2008 to four years in prison after confessing he was part of a similar scheme. Investigators belief Wood trained Kopiloff to use LimeWire to steal identities and financial information from other users.

There have been thousands of incidents of criminals using file-sharing software to access financial records and even tax information. Hackers use the open door to install keystroke-recording software on other computers to gain access to Social Security numbers and credit card accounts and passwords.

Jay Foley, founder and executive director of the non-profit Identity Theft Resource Center recommends users of file-sharing software either eliminate it all together or set it up on a computer not used for any personal, financial or work-related purposes.

File-sharing software poses risks for government

IdentityTheft — Tue, 03 Mar 2009 19:23:00 GMT

This post is a sort of update to my Feb. 27 post regarding file-sharing software and the associated risks. I wrote about a New York family whose personal and financial information was accessed and stolen via their daughters’ use of a P2P software program for downloading and sharing music.

A lot has happened or come to my attention since that post that illustrates much larger risks and incidents that jeopardize national security.

The same day I wrote about the dangers of peer-to-peer software, Tiversa, a P2P security consulting firm in Pittsburgh, announced they’d discovered that an American defense industry executive inadvertently leaked blueprints and avionic details about President Obama’s helicopter. The contractor apparently had the documents on a home computer or laptop that also had the file-sharing software used for music and movie sharing.
M. Eric Johnson, director of the Center for Digital Strategy at Dartmouth College was able to access information on tens of thousands of patients at hospitals with P2P software on their hard drives. The information include names, addresses, Social Security numbers, insurance account information and diagnostic codes. Twenty thousand such files were from a single unnamed hospital. The revelation was part of a paper he presented at a Feb.23 conference.
June 2008: The names, Social Security numbers and medical records of more than 1,000 Walter Reed Army Medical Center patients were accessed through a peer-to-peer network.

These are only a few of the most recent and relevant examples of the startling dangers of file-sharing software.