Stealing Personal Data Over P2P as Easy as 'Clubbing Baby Seals'

Filed in archive Abuse on February 14, 2010

© wili_hybrid

Security researchers Larry Pesce and Mick Douglas have warned that personal data can easily be intercepted over P2P networks.

"At the 2010 ShmooCon security conference... the duo showed off the extremely sensitive information they've been able to intercept, including driver's licenses and passports, tax return forms with Social Security numbers; someone's last will and testament and information on one man's secret activities that could potentially be exploited by terrorists," writes Computerworld's Bill Brenner.

"Pesce described the findings as a lesson in stupidity and compared the act of stealing identities through P2P to 'clubbing baby seals,'" Brenner writes.

"Using search terms such as word, doctor, health, passwd, password, lease, license, passport and visa; file names like password.txt, TaxReturn.pdf, passport.jpg, visa.jpg, license.jpg and signons2.txt; and a myriad of file extensions, they managed to get their hands on tax forms containing complete personal information of the taxpayer, IRS forms with identification numbers on it, driver's licenses and passports, event schedules (names, hotel room numbers, performance dates and locations), financial retirement plans, and even information about a student that offered to help U.S. forces in Iraq and is currently hiding for fear of torture and death," writes Help Net Security's Zeljka Zorz.