Seattle man charged with peer-to-peer identity theft

Share this article:
A Seattle man has been arrested in what authorities are calling the first case against someone using peer-to-peer (p2p) file-sharing programs for identity theft.

Gregory Thomas Kopiloff, 35, is accused of using Lime Wire, Soulseek and other file-sharing applications to steal personal and financial information from victims' PCs.
Kopiloff allegedly opened credit cards in victims' names to go on an online shopping spree, according to a federal indictment filed in U.S. District Court in Seattle.

Kopiloff has been charged with mail fraud, accessing a protected computer and two counts of aggravated identity theft. He did not enter a plea during a Thursday court appearance, according to an Associated Press report.

The indictment, unsealed this week, alleges that Kopiloff bought more than $73,000 in products – including electronic gadgets, such as iPods – in the process of defrauding more than 83 victims from March 2005 to last month.

Many of the victims had children using p2p software, and were unaware it was downloaded to their computers, according to the indictment.

Ron O'Brien, senior security analyst at Sophos, told today that the arrest emphasizes the importance for computer owners and network administrators to closely monitor the use of p2p software.

“It highlights the need for there to be more diligence on the part of computer owners to see what has been downloaded onto machines,” he said. “If you think that the role of a computer administrator is an easy one, think again.”

Kopiloff had the goods shipped to U.S. Postal Service boxes, UPS locations and hotels, according to the indictment. He was arrested after one victim told a corporate security officer, a former U.S. Secret Service agent, who alerted U.S. Treasury Department agents and local police.

Craig Schmugar, threat research manager at McAfee Avert Labs, told today that the arrest, along with recent congressional hearings on file-sharing networks, could increase awareness of p2p threats.

“There was a congressional hearing in July, and testimony was given by an entity that did an experiment that basically showed bogus information given over p2p, and they watched the traffic over it,” he said. “[ID theft by p2p] clearly has been going on for some time, and it was just a matter of time before there was a publicized case.”

Schmugar said more awareness could lead to increased pressure on p2p providers to provide enhanced security.

“I think that, for the most part, the providers have tried to stay out of it, simply because the user base is concerned with censorship, but with the recent activity around the congressional hearings, I think there's going to be increased pressure on the providers,” he said.
Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters


More in News

Adobe exploit used to spread Dyre credential stealer

Adobe exploit used to spread Dyre credential stealer

Users running vulnerable Adobe software could be in danger of having credentials for Bitcoin websites stolen.

Staples is investigating a potential issue involving credit card data

Staples is investigating a potential issue involving credit ...

The company said it is investigating a potential issue involving credit card data and that customers are not responsible for fraudulent activity on cards if an issue is discovered.

Skills set a priority over legacy prejudices, experts say

Skills set a priority over legacy prejudices, experts ...

Cybersecurity expert Winn Schwartau and Robert Clark, a cyber law attorney at the Army Cyber Institute, discussed issues around hiring in the information security industry.