why file sharing is dangerous?
DESCRIPTION
Slides for Decentralized System assignment. Explaining about why file sharing is dangerous.TRANSCRIPT
![Page 2: Why File Sharing is Dangerous?](https://reader034.vdocument.in/reader034/viewer/2022051513/547dad57b379593f2b8b532c/html5/thumbnails/2.jpg)
P2P Application
• 1st generation P2P application – find the file, and download from node that has the file – FastTrack network – KaZaA – Gnutella network – Frostwire – eDonkey - eMule
• Common characteristics: users need to share a specific files/folders
![Page 3: Why File Sharing is Dangerous?](https://reader034.vdocument.in/reader034/viewer/2022051513/547dad57b379593f2b8b532c/html5/thumbnails/3.jpg)
Why do we analyze these?
• Lots of users & traffic – doubled between ‘03 to ‘07 • Wide adoption
![Page 4: Why File Sharing is Dangerous?](https://reader034.vdocument.in/reader034/viewer/2022051513/547dad57b379593f2b8b532c/html5/thumbnails/4.jpg)
Exposed Sensitive Information
• Sounds impossible, but it does happen!
– Misplaced file
– Confusing UI
– Incentives to share large number of files
– Lazy users
– Dumb wizard
– Share and forget
– Poor organizational habit
![Page 5: Why File Sharing is Dangerous?](https://reader034.vdocument.in/reader034/viewer/2022051513/547dad57b379593f2b8b532c/html5/thumbnails/5.jpg)
Exposed Sensitive Information
• Searching-file experiment
– Birth Certificate – 45 Results
– Passport – 42 Results
– Tax Return – 208 Results
– Free Application for Federal Student Aid – 114 Results
![Page 6: Why File Sharing is Dangerous?](https://reader034.vdocument.in/reader034/viewer/2022051513/547dad57b379593f2b8b532c/html5/thumbnails/6.jpg)
The trend?
• Growing usage -> More leaks
• Set and forget -> Increases loses
• Global loses
• Digital wind spreads files
• Existence of malware
![Page 7: Why File Sharing is Dangerous?](https://reader034.vdocument.in/reader034/viewer/2022051513/547dad57b379593f2b8b532c/html5/thumbnails/7.jpg)
Honeypot experiment
• To illustrate the threat in P2P network
• Honeypot – deliberately expose things to observe the attack
• In this case…
– Email contains active VISA card and phonecard
– Three mock business documents
![Page 8: Why File Sharing is Dangerous?](https://reader034.vdocument.in/reader034/viewer/2022051513/547dad57b379593f2b8b532c/html5/thumbnails/8.jpg)
Email with VISA card..
• Email showing 25 USD VISA prepaid card
• 210-minute-calling card
![Page 9: Why File Sharing is Dangerous?](https://reader034.vdocument.in/reader034/viewer/2022051513/547dad57b379593f2b8b532c/html5/thumbnails/9.jpg)
Email with VISA card..
• File quickly taken and re-taken
![Page 10: Why File Sharing is Dangerous?](https://reader034.vdocument.in/reader034/viewer/2022051513/547dad57b379593f2b8b532c/html5/thumbnails/10.jpg)
Email with VISA card..
• Within a week, no
money left!
• No minute left!
• File distribution ->
![Page 11: Why File Sharing is Dangerous?](https://reader034.vdocument.in/reader034/viewer/2022051513/547dad57b379593f2b8b532c/html5/thumbnails/11.jpg)
Business Documents…
• Within a week…
– Documents taken 12 times
– Secondary disclosures do happen!
![Page 12: Why File Sharing is Dangerous?](https://reader034.vdocument.in/reader034/viewer/2022051513/547dad57b379593f2b8b532c/html5/thumbnails/12.jpg)
Observation
• Successfully illustrate risk of disclosure
• Identity theft!
• Persons with intention to use and hide documents do exist! (and they always search!!!)
![Page 13: Why File Sharing is Dangerous?](https://reader034.vdocument.in/reader034/viewer/2022051513/547dad57b379593f2b8b532c/html5/thumbnails/13.jpg)
Conclusion
• Suggested counter-measures
– Improve UI design
– User education
– File naming and organization
![Page 14: Why File Sharing is Dangerous?](https://reader034.vdocument.in/reader034/viewer/2022051513/547dad57b379593f2b8b532c/html5/thumbnails/14.jpg)
Discussion…
• Privacy issue, why? Agree, disagree?
• Malware distribution, how to counter-measure?
• How about BitTorrent? Security concern?
• This paper is about “Passive” attack, how about “Active” attack? Give example
– Active attack : communications are disrupted by the deletion, modification or insertion of data.