London, 22nd August 2008, ISACA, an association serving more than 86,000 IT governance professionals, says that a significant court case in the United States, in which a 19-year-old hacker has pleaded guilty to modifying a file-sharing application, highlights the dangers of using this type of software.

File-sharing while at work is becoming increasingly common and exposing companies to serious risk, according to ISACA.

A recent national survey of U.S. white-collar workers commissioned by ISACA found that more than one-third (35%) of employees have violated their company’s information technology (IT) policies at least once and that nearly one-sixth (15%) of employees have used peer-to-peer file-sharing at least once at their place of business, opening the door to security breaches and placing sensitive business and personal information at risk. “Considering that companies rely on their IT infrastructure to store and transmit sensitive company, employee and customer data, risky activities including the ones this survey reveals are of significant concern for all businesses,” said John Pironti, member of ISACA’s Education Board. “A single seemingly harmless activity, such as using peer-to-peer networks while at work, can breach the confidentiality and security of an entire corporate network, including all of the documents, data and internal communications that reside on that network. On average, at a company of 1,000 white-collar employees, up to 70 employees are likely using peer-to-peer file sharing while at work often or very often, based on the survey findings. Companies and employees should be very concerned about their personal and corporate data in light of this information.”

However, the opposite seems to be true. For example, the telephone survey found that 65% of white-collar professionals are either not very concerned or not concerned at all about their privacy when using a workplace computer. A surprising 63% are not very concerned or are not concerned at all about the security of their information while at work.

Reports on the Limewire case suggest that Jason Milmont faces up to five years in prison and a possible fine of up to $250,000 for modifying Limewire, a popular file-sharing application, which was subsequently used by as many as 15,000 other Internet users.

People that used Milmont\'s modified version of Limewire ended up infecting their own machines with botnets, which could then do almost anything on the host PC, ranging from stealing their financial information to forming part of a network to attack major Web portals.

According to Sarb Sembhi, president of the ISACA London Chapter, the case is particularly interesting as, faced with an onslaught of evidence, the Cheyenne, Wyoming-based man has pleaded guilty to the charges.

\"This is the first time anyone has been prosecuted for modifying peer-to-peer software in this way and, as such, it highlights the fact that using P2P services and software is a dangerous hobby—with potential legal consequences,\" Sembhi said.

For more on the Limewire hacking prosecution:

http://tinyurl.com/6zxut3

About ISACA

With more than 86,000 constituents in more than 160 countries, ISACA (formerly the Information Systems Audit and Control Association) (www.isaca.org) is a recognized worldwide leader in IT governance, control, security and assurance. Founded in 1969, ISACA sponsors international conferences, publishes the Information Systems Control Journal, and develops international information systems auditing and control standards. It also administers the globally respected Certified Information Systems Auditor (CISA) designation, earned by more than 60,000 professionals since 1978; the Certified Information Security Manager (CISM) designation, earned by more than 9,000 professionals since 2002; and the new Certified in the Governance of Enterprise IT (CGEIT) designation.