Seattle man charged with peer-to-peer identity theft

Share this article:
A Seattle man has been arrested in what authorities are calling the first case against someone using peer-to-peer (p2p) file-sharing programs for identity theft.

Gregory Thomas Kopiloff, 35, is accused of using Lime Wire, Soulseek and other file-sharing applications to steal personal and financial information from victims' PCs.
Kopiloff allegedly opened credit cards in victims' names to go on an online shopping spree, according to a federal indictment filed in U.S. District Court in Seattle.

Kopiloff has been charged with mail fraud, accessing a protected computer and two counts of aggravated identity theft. He did not enter a plea during a Thursday court appearance, according to an Associated Press report.

The indictment, unsealed this week, alleges that Kopiloff bought more than $73,000 in products – including electronic gadgets, such as iPods – in the process of defrauding more than 83 victims from March 2005 to last month.

Many of the victims had children using p2p software, and were unaware it was downloaded to their computers, according to the indictment.

Ron O'Brien, senior security analyst at Sophos, told today that the arrest emphasizes the importance for computer owners and network administrators to closely monitor the use of p2p software.

“It highlights the need for there to be more diligence on the part of computer owners to see what has been downloaded onto machines,” he said. “If you think that the role of a computer administrator is an easy one, think again.”

Kopiloff had the goods shipped to U.S. Postal Service boxes, UPS locations and hotels, according to the indictment. He was arrested after one victim told a corporate security officer, a former U.S. Secret Service agent, who alerted U.S. Treasury Department agents and local police.

Craig Schmugar, threat research manager at McAfee Avert Labs, told today that the arrest, along with recent congressional hearings on file-sharing networks, could increase awareness of p2p threats.

“There was a congressional hearing in July, and testimony was given by an entity that did an experiment that basically showed bogus information given over p2p, and they watched the traffic over it,” he said. “[ID theft by p2p] clearly has been going on for some time, and it was just a matter of time before there was a publicized case.”

Schmugar said more awareness could lead to increased pressure on p2p providers to provide enhanced security.

“I think that, for the most part, the providers have tried to stay out of it, simply because the user base is concerned with censorship, but with the recent activity around the congressional hearings, I think there's going to be increased pressure on the providers,” he said.
Share this article:

Sign up to our newsletters

More in News

Firefox 31 plugs critical memory safety bugs

In total, Firefox 31 brings 11 patches for several flaws affecting the web browser.

Android/Simplocker adds tricks, including ransom message in English

Android/Simplocker ransomware now encrypts archive files, asks to be installed as a Device Administrator, and delivers an English-language ransom message.

Wall Street Journal website vulnerable to SQL injection, gets hacked

The Wall Street Journal confirmed on Tuesday that an outside party exploited a vulnerability and hacked into its new graphics systems.