P2P identity thief sentenced

Gareth Halfacree
19th March 2008

A Seattle man who used the at-the-time popular file sharing application LimeWire to scour unsuspecting users harddrives for personal data has been sentenced to four years imprisonment according to an Associated Press article.

Gregory Kopiloff, 35, was indicted in September of last year after being caught opening credit card and bank accounts using personal data downloaded from at least eight-three different P2P users. After entering a guilty plea in November, he has finally been sentenced to 51 months imprisonment and a three-year supervision order for mail fraud, accessing a protected computer without authorisation to further fraud, and aggravated identity theft.

Kopiloff's crimes were made possible by users misconfiguring the LimeWire software to share more than a single directory. Unlike BitTorrent which only shares files that have a corresponding .torrent, LimeWire will happily allow any J. Random to download whatever the software finds in its shared directory. If you configure the software to share, for example, C:\Documents and Settings then just about every file you've ever created will be a simple search away.

Taking advantage of the misconfigured computers, Kopiloff was able to download saved data including tax returns, official forms in varying states of completion, and bank account records. Once this information was in his grasp, it could be turned into valid bank accounts and credit cards the same as if he'd rummaged through bins for old bank statements.



At the time of his indictment, Assistant Attorney Kathryn Warma – prosecuting, unsurprisingly – described Kopiloff as “a poster child of a 21st-century thief.” During the summation at Kopiloff's sentencing, Judge James L. Robart described the man as “a highwayman in the virtual world.”

Although modern file sharing systems based around the BitTorrent protocol offer in-built protection against this kind of issue, it's always worth remembering that it's not just the RIAA who'd like a look at what you've got stored on your PC.

Source: http://www.bit-tech.net/news/2008/03/19/p2...eif_sentenced/1

Glad I don't use LimeWire.

"accessing a protected computer without authorisation" - I dont see any protected computer here? oO The identity theft is one thing but how can he be charged for accessing stuff people willingly shared with the rest of the world?

Aggravated Identity Theft Guility Plea

2008-03-23

GREGORY KOPILOFF, 35, of Seattle, Washington, was sentenced in U.S. District Court in Seattle to 51 months in prison and three years of supervised release for Mail Fraud, Accessing a Protected Computer without Authorization to Further Fraud and Aggravated Identity Theft. KOPILOFF pleaded guilty in November 2007, admitting he used file sharing programs to invade the computers of victims across the United States to get access to their personal information in tax returns, credit reports, bank statements and student financial aid applications. KOPILOFF used the personal information of more than 50 people to commit his fraud. At sentencing U.S. District Judge James L. Robart called KOPILOFF “...a highwayman in the virtual world... people were traveling by and he was able to seize their asset, their personal identity.”

According to documents filed in the case, KOPILOFF used peer to peer file sharing programs, which are most commonly known for their use in replicating copyright protected music and videos, to commit his fraud. Using peer to peer programs, including “Limewire,” KOPILOFF
could “search” the computers of others who were part of the file sharing “network” for federal income tax returns, student financial aid applications, and credit reports that had been stored electronically by other real people on and in their own private computers. KOPILOFF would
download those documents onto his own computer, and would then use the identity, and banking, financial, and credit information to open credit accounts over the Internet, in the names of the other real people whose identities he had stolen. KOPILOFF would make fraudulent online purchases of merchandise, have it shipped to various mailboxes in the Puget Sound area, and then would sell the merchandise for about half its retail value. KOPILOFF also used personal information he obtained by more traditional methods such as stealing mail or taking records from trash cans.

At sentencing, Assistant United States Attorney Kathryn Warma called the case a “particularly egregious form of identity theft with KOPILOFF invading victims’ homes to steal information from their computers.”

Bethany Pope, of Lake Stevens, Washington described at sentencing how she and her family were victimized in December 2006. KOPILOFF had made nearly $4,000 in charges on a credit card he obtained in Pope’s name. It took weeks working with the store, credit bureaus and the FTC to
resolve the matter, and all the while Pope was worried she would have to pay the charges. “How do you explain to a 5 and 9-year-old about identity theft and why this impacts the gifts that Santa brings,” she said. “It was a really hard Christmas for them last year.” Pope says being an ID theft victim has permanently changed her. “I don’t have the same trust in people that I used to,” she said.

KOPILOFF will be ordered to make restitution. The amount, approximately $70,000 will be fixed at a later hearing. As part of his supervised release following his prison term, probation officers will be monitoring KOPILOFF’s computer use.

The case was investigated by the Electronic Crimes Task Force of the U.S. Secret Service, the U.S. Postal Inspection Service, the Seattle Police Department and Poulsbo Police Department.

Source: http://www.technologynewsdaily.com/node/9444