|One Step Ahead
September 11, 2007, Volume 54, No. 3
Another tip in a series provided by the Offices of Information Systems & Computing and Audit, Compliance & Privacy.
Software and Identity Theft
Peer-to-peer file-sharing software (“file-sharing software”) is often used illegally to download music or movies for free from other computers running the software. Are you running file-sharing software on your work or home computer? Or, has someone in your household installed it on your computer? If so, there is even more to be concerned about than the possibility of illegally downloading or sharing copyrighted audio and video files.
Increasingly, criminals are using peer-to-peer file-sharing networks to expose sensitive data and commit identity theft. If you participate in such networks any files on your computer that contain sensitive information can potentially be accessed by these individuals.
A former employee of a pharmaceutical firm learned about the dangers of file-sharing software the hard way. A family member installed peer-to-peer file-sharing software on her work laptop, inadvertently leaking Social Security Numbers of over 17,000 employees to the Internet.
What can you do to protect yourself?
• Do not install or run file-sharing software on any computer that you own or use.
• Do not store sensitive information on your machine. If you need sensitive files, copy them to a CD or other external media and store the media in a safe place.
• If you do need to run file-sharing software, speak to someone in your IT department who can help you choose and install file-sharing software appropriately.
• Be aware that uninstalling file-sharing software may not completely rid your computer of the problem; most of these programs install spyware that will stay on your machine long after you uninstall the program. You should, at a minimum, also periodically run a spyware removal tool such as Ad-Aware or Spybot. To ensure complete removal, rebuilding your machine is the most reliable solution; consult your local computing support provider (LSP) to discuss the advisability of this step in your particular situation.
For additional tips, see the One Step Ahead link on the Information Security website: www.upenn.edu/computing/security/.