The hidden dangers of illegal downloading
The security risks of downloading unlicensed music have been well-publicised, but awareness of them still appears low.
An academic paper by Eric Johnson, ‘Inadvertent Disclosure – Information Leaks in the Extended Enterprise’ (June 2007), examining inadvertent disclosures through P2P networks found that:
According to Symantec, the main vehicle for spreading viruses and malware today is email, but distribution via P2P is also in the top ten list of main propagation vehicles. In the first half of 2007, 15 per cent of all potential infections were propagated by eDonkey.
Specialist technology security company, McAfee, looked at the risk levels of searching the internet. Its report, 'The State of Search Engine Safety' (June 2007), highlights that searches of keywords involving P2P services, such as Limewire, are among the most likely to generate results that activate spyware and viruses once clicked on.
There is evidence that criminals are using file-sharing networks to gather information than can be used to facilitate identity theft. In March 2008, a Seattle court sentenced a man to four years in prison in the first Federal case against someone using file-sharing software to steal identities. Gregory Kopiloff had used the software to search users’ computers for personal financial documents which he used to commit aggravated identity theft to support drug and gambling addictions.
New research also points to the dangers of other forms of infringing downloading. An experiment run by Benjamin Googins, a senior researcher at the international IT software management company CA, showed that a single download from an unauthorised MP3 site resulted in the installation without permission of trojan downloaders, spyware and pop-up ads having a severe impact on his computer's performance.
Consumers are paying a price for these kinds of risks. Americans spent at least US$8 billion in computer repairs, parts and replacement over the past two years as a result of viruses and spyware alone according to Consumer Reports.
Research exposes piracy in the workplace
Companies face significant security risks when employees file-share on corporate networks.
Research conducted by Ipsos-MORI for IFPI in the UK in November 2007 indicates that one in ten office employees are using the workplace to download music, two thirds of them illegally, exposing their employers not only to computer network risks, but to legal risks too.
Nearly half of those who download music illegally in the workplace (43%) know that their employers have a policy on copying, sharing and downloading music – suggesting they disregard rules set by their bosses.
The problem appears to be concentrated among younger workers. The survey indicated that one in five under 25s illegally download music at work. It only takes one person to download an infected file and expose the company to huge risks.
The problem is not restricted to the UK. Research by the Information Systems Audit and Control Association (ISACA) explored the internet behaviour of US employees and found that 15 per cent of respondents indicated they had used P2P at work at least once, with 35 per cent of white collar workers saying they had violated their company’s IT policies at least once.
In Europe, McAfee commissioned a pool of IT managers with research firm ICM across 1,049 IT professionals in the UK, France, Germany, Italy, the Netherlands, Poland, Spain, Sweden, Austria and Switzerland and found that music downloaded from the web came top of a list of perceived threats to security. Despite this, two-thirds of European IT managers admitted that they don't block music downloads to work machines
Recent moves towards encrypting P2P traffic could increase the overall security risks if it is used illicitly on corporate networks. Encrypted P2P prevents security measures such as IT network firewalls from screening the transferred traffic for the threat of viruses or spyware. IFPI urges companies to note this potential threat and take the necessary steps to protect their IT networks.
Workplace piracy in the news
IFPI has produced and distributed free copyright and security guides for companies and for academic institutions that can be downloaded here. Organisations seeking advice on how to improve or implement their policies on copyright should contact IFPI.
This article appears in the IFPI Digital Music Report 2008. Click here to download the full report.For further information contact:
Alex Jacob, IFPI London
Tel: +44 (0)20 7878 7935 (Press Office)