U.S. arrest puts spotlight on file-sharing risk
A Seattle man has been arrested in what the U.S. Justice Department described as its first case against someone accused of using file-sharingcomputer programsto commit identity theft.
Gregory Thomas Kopiloff is accused of using Limewire's file-sharing program to troll other people's computers for financial information and then using it to obtain credit cards for an online shopping spree, federal prosecutors said Thursday.
According to a four-count indictment, Kopiloff is accused of buying at least $73,000 US worth of goods online— including iPods and laptop computers— then reselling those items at half price and keeping the proceeds.
Authorities said they have identified at least 83 victims, most of whom have teenage children and did not know the file-sharing software was on their computer. But investigators also said they believe the number of people affected was in the hundreds, and that in all they lost hundreds of thousands of dollars.
According to the indictment, Kopiloff is accused of using Limewire and Soulseek — free file-sharing programs available on the internet —over a period of about2½ years to search for people who had inadvertently allowed access to their sensitive files.
He was arrested after one of his alleged victims, a Texas resident, told his company's security officerabout how his bank account had been compromised, with someone in western Washington passing bad cheques on his account. The agent forwarded the information to Secret Service agents and police in Seattle.
Kopiloff is charged with mail fraud, accessing a protected computer and two counts of aggravated identity theft.
Kopiloff did not enter a plea during an appearance in U.S. District Court on Thursday. A detention hearing was set for Monday.
File-sharing security concerns
Each day, computer users inadvertently share hundreds of thousands of sensitive files through such programs, from banking statements and medical records to tax returns and legal documents, according to Robert Boback, chief executive of Tiversa Inc., a Pennsylvania firm that monitors file-sharing.
Typically the mistakes occur when a user downloads file-sharing software and accidentally allows it to share all files on a computer, rather than just music files, for example.
"If you are running file-sharing software, you are giving criminals the keys to your computer," said assistant U.S. attorney Kathryn Warma. "Criminals are getting access to incredibly valuable information."
When other users might search on Limewire for "Madonna," a criminal can search for "federal tax return," or for student financial aid forms or other financial information, Warma said. And instead of getting access to a few hundred files containingLike a Virgin or Papa Don't Preach, they would get a few hundred files containing tax returns.
Boback showed during a news conference Thursday the searches being conducted on peer-to-peer networks at that moment. As the searches were entered, they scrolled rapidly along the screen of his laptop. Many clearly concerned music files and pornography, but interspersed were scores looking for files that contained terms such as "password" and "medical billing."
Warning for users
"There are tens of thousands of individuals who make a living doing this," Boback said.
A Limewire representative could not immediately be reached for comment.
At a congressional hearing on July 24 regarding file sharing, the chairman of Lime Wire LLC, Mark Gorton, said the company warns its users about the dangers posed by the software and instructs them on how to use it safely.
"We continue to be frustrated that despite our warnings and precautions, a small fraction of users override the safe default setting that comes with the program and end up inadvertently publishing information that they would prefer to keep private," Gorton said.