If you’re old enough to remember Napster, you were around at the pivotal moment when P2P sharing became mainstream. But it didn’t all start then. You might be surprised to learn that the idea of host to host / peer to peer (P2P) connections has been around since 1969. (It was a very good year)
Although P2P file sharing sites often mean you have access free content (and you don’t really think about where it came from), bear in mind that this playground is also home to bullies, so you need to be aware of the threats so you don’t accidently install malware on your computer and become the next victim.
What is a P2P network?
Unlike traditional computer networks, P2P networks self-organize without a central point of resources. These P2P networks pool resources from every connected user who contributes data or files for everyone to use and share. The upside of this design – you can share files with your peers directly. The downside – people can, and do, share viruses, malware, spyware, and other security vulnerabilities intentionally and unintentionally.
The risks of P2P sharing
When you use P2P sharing sites, you’re accepting the risks that accompany using them. These risks can be broken down into two categories: content issues and security issues.
Content issues in P2P sharing:
Content posted to P2P networks can be illegal if it contains pirated content that violates copyright, or may not be age-appropriate for all audiences. While file sharing is wildly popular among children and teenagers, sharing illegal material can land them and their parents in legal trouble. This has led to lawsuits, which, due to vague laws didn’t often manage to levy hefty fines, but the cost of defending themselves often amounted to thousands of dollars in legal fees.
Another aspect of content you need to ask yourself is: “Do you want to risk seeing something you don’t want to?” Avid downloaders have reported that the file name doesn’t match the content, and not in the innocent way like with this cute puppy. Some file names on P2P networks can be maliciously deceiving and contain pornography or even more unpleasant content.
Security issues in P2P sharing:
One of the most obvious risks of P2P downloading comes from cybercriminals, who are known to upload malware that gets downloaded by other users.
Another threat comes in the form of rogue ad networks, offering you “special offers”, which may be an attempt to get you to download harmful files on P2P sites with a little bit of social engineering. Murky ad networks benefit from this type of engineering because they can bombard you with endless ads hoping one of them will get your attention. Once you click on their ads, prepare to have your inbox flooded with spam.
Identity and privacy vulnerabilities on P2P networks
As you download files from other users, the data you stream may leave your device vulnerable against those transmitting the data. Most users have no way of verifying that the transmission is secure, and spyware can easily slip by your filters and capture your personal information. Once it’s installed, removing it is usually very difficult.
Due to the nature of openly sharing private files, very few P2P users are aware of the specific files they are sharing, so you could be passing viruses, worms, and Trojan horses to their friends without even being aware of it. If you don’t properly lock down your personal files, you could end up accidently sharing your private data, including medical, financial, and business information. Depending on which P2P sharing software you’re using, one wrong click can share your entire hard drive with the internet.
P2P networks also leave your identity vulnerable. For Instance, BitTorrent exposes the IP address of anyone using it in a swarm of users connected to the network, which in turn allows the swarm to find the ID of peers who download certain files. Once your identity is compromised in a swarm, your device is vulnerable to attacks directed at its IP address and attackers can spoof your identity, allowing them to pin illegal activity on your IP address.
P2P networks are vulnerable to multiple attacks
In addition to the personal risks mentioned above, the networks themselves are also vulnerable to attack. A denial-of-service (DoS) attack is when a server that is connected to a large number of devices is deliberately flooded with too much traffic, disabling it and putting it offline. DoS attacks can use a P2P network to attack highly visible targets such as web sites. In September 2016, the popular security site KrebsOnSecurity was forced offline after a massive DDoS attack.
Also known as a distributed denial of service (DDoS) attack, the reasons for these attacks include turf wars among online “gangs”. Teams of cybercriminals can (and do) use a DDoS attacks as a weapon against the infrastructure and operations of other gangs online. Some DDoS attacks occur to punish victims such as hospitals, corporations and universities that refuse extortion or ransom demands. A DDoS attack can also be used to extort profits by disrupting services by demanding payment to halt the disruption. These attacks have become so profitable that cyberattackers sell their services on the Dark Net. You probably won’t even realize it right away if your device is being used in a DDoS attack, and like many online threats, the best protection is prevention.
Another type of attack on a P2P network is known as network poisoning where the network is filled with useless files. Since P2P networks require a lookup service, a hacker can introduce large amounts of useless lookup data into the P2P index. This useless data can slow the query times or cause the network to produce invalid results. For instance, you could search the network for the latest update to your favorite video game or music file only to find endless results of bad, corrupt, or invalid files. Network poisoning has similar benefits to attackers as DDoS attacks where they are more of a nuisance designed to slow down a network either as a form of extortion or rival network attack.
How can you protect yourself on P2P sites?
Although the US government’s Computer Emergency Readiness Team (CERT) team recommends avoiding P2P applications completely, you can cut your risks by installing and constantly updating strong anti-virus software. You can also install a firewall on your machine to block malicious traffic. Some operating systems such as Windows come with a built-in firewall so check if you have one and make sure you enable it. The bottom
The bottom line of P2P sharing is accepting that there are risks involved, and if you’re not prepared to take them, it’s best to stay away from it entirely.