Kansas State University

search

IT News

Peer-to-Peer file sharing risks

Since May 2000, K-State policy has prohibited the sharing of music, movies, software, etc via peer-to-peer (P2P) file sharing applications like eMule and BitTorrent because of the impact on network performance. This policy and K-State’s position of blocking P2P network traffic at the campus border was bolstered by the recently passed Higher Education Opportunity Act that includes provisions designed to reduce illegal sharing of copyrighted materials through P2P applications on college campuses.

Besides violating policy, K-Staters using P2P applications to illegally share files face possible legal action from the copyright owners. Since January 2008, K-State has received 47 notices of alleged copyright violations from copyright owners or their legal representative per the Digital Millennium Copyright Act. Once the alleged infringement is verified, these notices are passed on to the infringing students, faculty, or staff who face criminal charges if they do not stop sharing the copyrighted materials and remove them from their computer.

But the risks don’t stop with violating policy and breaking the law – P2P file sharing networks may inadvertently expose sensitive information, a fact confirmed by a Dartmouth business school study.  This information is exposed when the folder containing this information is accidentally shared, or the music to be shared is stored in the same folder as sensitive files, or malware that compromises the computer is downloaded via the P2P application… which brings up another risk: P2P networks are used by hackers to spread malicious programs that take over control of  your computer. Since the source of a file you downloaded with P2P cannot be verified, attackers can attach malicious code to a seemingly innocuous file that infects your computer once you try to execute the file. This has happened at K-State, so it is a real threat, not just a theoretical possibility!

A US-CERT Cyber Security Tip also outlines these risks and others.

Certainly, P2P applications have many legitimate uses and artists are increasingly making their works available online for free. However, that does not eliminate the risk of inadvertently exposing sensitive information or installing malicious code. The best way to avoid these risks is to not use P2P applications. These applications should never be used for acquiring and/or sharing copyrighted materials for which the owner has not granted permission. Buy the CD or the DVD!

About Harvard Townsend (harv@ksu.edu)

Chief Information Security Officer