A Seattle man was sentenced yesterday to 51 months in prison for using peer-to-peer networks to commit identity theft. The case highlights a PC security risk that catches many users and businesses off-guard.Gregory Kopiloff, 35, was arrested last September on charges of mail fraud, aggravated identity theft, and accessing a protected computer without authorization to further fraud. He pleaded guilty in November and was sentenced yesterday in U.S. District Court in Seattle. In addition to the jail time, Kopiloff was ordered to pay $70,000 in restitution.
Kopiloff used file-sharing programs, including the popular LimeWire app, to locate and download federal tax returns, student financial aid applications, and credit reports from the PCs of other P2P users, then opened accounts over the Internet with stolen identities. Prosecutors say he also used "traditional" techniques such as dumpster diving and stealing mail. Kopiloff purchased merchandise using the purloined IDs and resold the goods.
Federal prosecutors described the case as the first in which P2P networks were used to commit ID theft. P2P networks are rife with personal information and sensitive business documents, as InformationWeek learned during a recent investigation. See "Your Data And The P2P Peril" and "Our P2P Investigation Turns Up Business Data Galore."
File-sharing programs, of course, are a popular way to share music, video, and other files. On Download.com, three of the top 10 Windows programs recently were file-sharing apps: LimeWire (for the Gnutella network), BitComet (BitTorrent), and FrostWire (Gnutella). Those three programs accounted for 1.2 million downloads on the site in one week and more than 200 million downloads in total. And there are dozens of other programs like them, including Kazaa, Morpheus, eMule, and BearShare.
The problem comes in when users inadvertently store personal data in the same folder used for music sharing or don't pay close attention when configuring the application and expose too much of their hard drive. Kopiloff got caught, but are surely other ID thieves like him scanning the P2P networks for easy pickings.