Posted on 01/16/2002 11:33:50 AM PST by American Preservative
Is your computer inviting voyeurs?
Embarrassing, private text files find their way onto the Net
By Bob Sullivan
MSNBC
Jan. 14 — There it was, just sitting out there on the Internet, for all to see. “The keys to the condo are located in a lock box mounted on the wall outside the entry door. The combination is 0-8-3-6.” The recipient of the instructions, Catalina, is only weeks away from a long-awaited vacation at a ski resort, but she had no idea that her computer was telling the world where she was going, when she would be there, and how to break into her rental condo until MSNBC.com contacted her.
WHEN YOU LEAVE for vacation, you certainly don’t want the world to know when and where you are going. But that’s one of the unintended consequences of file-sharing programs with names like Gnotella and BearShare.
The programs are essentially software front-ends to a file-sharing system known as Gnutella — it’s not quite heir to the Napster throne, but a place where plenty of free, illegal music swapping still goes on.
But music isn’t the only thing being shared. Videos, audio files, even text documents and spreadsheets can be swapped — and often are, by accident.
It’s akin to taking the Microsoft Windows “My Documents” folder and placing it out on the Internet for all to see.
Monte Phillips, retired hobbyist and former Air Force radar technician, has made himself into a one-man posse who hunts down such recklessly broadcast information and warns potential victims. He passed Catalina’s condo reservation confirmation letter to MSNBC.com.
SENSITIVE INFORMATION
But Phillips has seen much worse in his surfing. He regularly spots personal letters and memos, files containing various usernames and passwords, Word documents containing bank account numbers with PIN numbers. Once he learned about intense negotiations taking place between a small Canadian firm and a major U.S. energy company.
Compromised business documents can’t compare to the government information he says he’s spotted, however. Among them, over 200 case files and private correspondence from a Texas district attorney’s office, files from a computer at an Army base in Korea, even background check files generated soon after Sept. 11 on a person of Arab descent living in the United States from what appeared to be an federal investigator’s computer.
“Everyone worries about sophisticated hackers, but people don’t realize that the threat is themselves,” Phillips said. “They haven’t got a clue about the technology they are using, and don’t stop and think what it is they are leaving about.”
Monte Phillips has found all kinds of embarassing and revealing documents using file swapping service Gnotella.
Often, Phillips will find a phone number attached to the documents he finds, so he calls up the “victim.” He’s not completely comfortable digging through the information but figures it’s the equivalent of opening a wallet to find out whom to return it to.
After the initial shock, most victims thank him for his efforts.
Why is he spending so many of his retired hours telling Internet users to cover up their naked computer files? “Oh, it’s probably a character defect,” he laughed. “I was born and raised on a farm in Nebraska — if the neighbor’s bull gets out, you just get him back inside their fence, and let the neighbor know. I haven’t got any halos.”
HOW DOES IT HAPPEN?
Catalina’s real name and other details of her trip are being withheld to protect her family; but she was shocked to find files from her computer had been accessed from a file-sharing network. “Unbelievable,” she said.
Initially, she had no idea how it happened, but after a few questions remembered that her 10-year-old son uses a music-swapping program named “BearShare.”
“I will certainly take measures to stop this,” she said.
Catalina’s situation is typical — children often sign up their home computers for services that parents don’t quite understand. Suddenly, the family’s financial spreadsheets can be found using a simple search like “accounts” in a file swapping service.
But children don’t account for files from a district attorney’s office making their way onto the Net. Also typical is when one person in the office signs up for a service, not understanding how it can expose critical company files also on that computer.
Use of the programs, which are generally considered a serious security risk by experts, seems to be somewhat common among U.S. government offices. A quick scan by MSNBC.com found hundreds of megabytes of music — including about 50 Beatles songs, 50 Jim Croce songs, and perhaps 100 John Williams compositions, among many others — shared out from a computer operated by a Naval Hospital called the Bureau of Medicine and Surgery in Beaufort, South Carolina. That irks Phillips.
“None of these programs belong on business or government computers, period,” he said. “There is no ethical justification for it.”
Attempts to reach the technicians at the Naval Hospital weren’t immediately successful.
USERS TO BLAME
Shaun Sidwall, the software developer who created Gnotella, said he sympathized with users who accidentally place personal items before the public. But ultimately, the user — and not his software — is to blame.
“You know (accidents) happen... It is surprising to see every once in while what people share,” he said. But he argues that outside the occasional embarrassing realization, he doesn’t think many users have actually been victimized accidentally shared files.
“Most users of the network aren’t searching for that kind of stuff. So chances are very few people have actually been maliciously affected by this,” he said.
Sidwell designed the software to generally only share out files placed in a specific, safe folder on a user’s computer. But inexperienced users are apparently making much wider swaths of their personal files available to the network — in some cases, sharing their entire hard drives, for example. Because there might be a legitimate reason to do that, Sidwell resisted the notion of limiting Gnotella so it couldn’t make all files on a computer available.
Those using file-sharing programs — or allowing their kids to do so — should be very careful about exactly what files and directories are open to the world. If there’s any confusion, the safest way to protect yourself is to use a separate hard drive. Or deploy an even more aggressive tactic, like Phillips.
“My personal solution is to have a separate machine entirely for this,” he said. “And if there’s any files on your computer you don’t want the world to, store them on a zip disk or floppy, and take them out of the computer.”
I don't run them.
He's right you know. I mean, anytime you use a service that allows access to directories on your computer.. you obviously shouldn't store sensitive information there.
They would say stuff like "I thought that was my 'hard drive' and you were supposed to put everything there".
I've read the "no, that's not possible" replies, but I would worry anyway, particularly if you're on line continuously.
Some users don't even realize what they are installing. My kids have visited music sites and ended up with advertising spyware and all sorts of stuff installed on the computer that they didn't even know was there.
For instance, Gator is a little app that kindly fills out forms for you. It also reports back to its makers on everything you are doing and everywhere you visit. It can even crash your computer when it tries to send data while you are doing something else.
The most likely places to catch this kind of hidden trouble, as you might are, is porno sites, music-swapping sites, and other sites that offer you something for nothing. The whole appeal of Gnutella or Gnotella is that you get music without paying for it. But they need to make you pay one way or another--often by inserting spyware into your computer.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.