June 23, 2006 (IDG News Service) -- Users of peer-to-peer file-sharing services may be sharing more than they bargained for, a former White House cybersecurity adviser warned Thursday. Security researchers have found thousands of files with sensitive information by searching through file-sharing networks, said Howard Schmidt, CEO of R&H Security Consulting LLC. Schmidt, who has also worked as chief security officer for Microsoft Corp., made the comments during an SDForum seminar in Palo Alto, Calif., on Thursday.

Medical records, financial information and router passwords have all popped up on P2P networks, often after users inadvertently share folders containing the data. "People don't realize you're not just sharing your music," Schmidt said. "You're sharing your personal files." Millions of U.S. households still use P2P services, though the practice of downloading music from these services has been on the decline, according to the NPD Group research firm. And with all of those possible victims, criminals see an opportunity to search these networks for sensitive information, Schmidt said. "These are real live search strings the bad guys are using: bank such-and-such statement for August, bank such-and-such May statement, account summaries, account stop payment, Internet scams, bank routing information," he said. Some of the peer-to-peer searches have been more ominous, he added. "We've actually found people out there searching for how to make sarin gas."

The link for this article located at ComputerWorld is no longer available.