Breach, Threat Management, Data Security, Incident Response, TDR

Seattle man charged with peer-to-peer identity theft

A Seattle man has been arrested in what authorities are calling the first case against someone using peer-to-peer (p2p) file-sharing programs for identity theft.

Gregory Thomas Kopiloff, 35, is accused of using Lime Wire, Soulseek and other file-sharing applications to steal personal and financial information from victims' PCs.
Kopiloff allegedly opened credit cards in victims' names to go on an online shopping spree, according to a federal indictment filed in U.S. District Court in Seattle.

Kopiloff has been charged with mail fraud, accessing a protected computer and two counts of aggravated identity theft. He did not enter a plea during a Thursday court appearance, according to an Associated Press report.

The indictment, unsealed this week, alleges that Kopiloff bought more than $73,000 in products – including electronic gadgets, such as iPods – in the process of defrauding more than 83 victims from March 2005 to last month.

Many of the victims had children using p2p software, and were unaware it was downloaded to their computers, according to the indictment.

Ron O'Brien, senior security analyst at Sophos, told today that the arrest emphasizes the importance for computer owners and network administrators to closely monitor the use of p2p software.

“It highlights the need for there to be more diligence on the part of computer owners to see what has been downloaded onto machines,” he said. “If you think that the role of a computer administrator is an easy one, think again.”

Kopiloff had the goods shipped to U.S. Postal Service boxes, UPS locations and hotels, according to the indictment. He was arrested after one victim told a corporate security officer, a former U.S. Secret Service agent, who alerted U.S. Treasury Department agents and local police.

Craig Schmugar, threat research manager at McAfee Avert Labs, told today that the arrest, along with recent congressional hearings on file-sharing networks, could increase awareness of p2p threats.

“There was a congressional hearing in July, and testimony was given by an entity that did an experiment that basically showed bogus information given over p2p, and they watched the traffic over it,” he said. “[ID theft by p2p] clearly has been going on for some time, and it was just a matter of time before there was a publicized case.”

Schmugar said more awareness could lead to increased pressure on p2p providers to provide enhanced security.

“I think that, for the most part, the providers have tried to stay out of it, simply because the user base is concerned with censorship, but with the recent activity around the congressional hearings, I think there's going to be increased pressure on the providers,” he said.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.