Man who used file sharing programs for identity theft pleads guilty

In one of the first cases where file sharing programs such as LimeWire were used to steal identities, a Seattle man plead guilty to one count each of mail fraud, accessing a protected computer without authorization to further fraud, and aggravated identity theft.

Gregory Kopiloff, said in court today he used using file-sharing programs to tap into 80 or more victims’ computers to get access to their personal information in tax returns, credit reports, bank statements and student financial aid applications. He then used that information to open credit lines and shop online, where he rang up bills over $73,000, court records indicate.

While people have been prosecuted for using networks to illegally share copyright music, movies and software, the Justice Department, after Kopiloff’s September arrest, called this its first case against someone accused of using file-sharing to commit identity theft, according to an Associated Press report.

According to the indictment issued in September, the US Dept. of Justice said Kopiloff used file sharing programs, including the Limewire program, to “search” the computers of others for federal income tax returns, student financial aid applications, and credit reports that had been stored electronically by other real people on and in their own private computers.

Kopiloff would use the identity, and banking, financial, and credit information to open credit accounts over the Internet, in the names of the other real people whose identities he had stolen. Kopiloff would make fraudulent online purchases of merchandise, have it shipped to various mailboxes in the Puget Sound area, and then would sell the merchandise for about half its retail value.

At the time of his indictment the US Attorney’s Office invited executives with Tiversa, a computer security company, to share information on the growing threat file sharing poses to consumers. “This arrest is just the tip of the iceberg,” said Robert Boback, CEO, Tiversa.

“Millions of consumers expose their sensitive information when they use P2P file sharing networks and thousands of potential criminals a day search and find this information to commit ID theft and fraud.” Tiversa monitors global file sharing networks on behalf of the world’s largest financial institutions, government agencies and individual consumers. That monitoring showed that during a two week period, almost 56,000 requests for files involving “credit card” were issued on peer-to-peer file sharing networks monitored by Tiversa; over 75,000 requests for specific credit card statements by brand; 50,000 requests for “tax returns”; and over 317,000 requests for files involving “pin” and “user id,” the DOJ stated.  

Kopiloff’s sentencing is scheduled for Jan. 28. Mail Fraud is punishable by up to 20 years in prison and a $250,000 fine. Accessing a protected computer carries a maximum penalty of five years in prison and a $250,000 fine. Aggravated identity theft carries a two-year prison sentence, to be served consecutive with the prison time imposed for the underlying conviction.

File sharing proponents this summer were doing the old duck-and-cover drill when a congressional committee grilled a variety of experts on the subject. At the heart of the hearing was the idea that  sensitive information, including personal financial data, is mistakenly leaked through popular file-sharing programs such as LimeWire, KaZaA and Morpheus that individual, corporate and government users use to share music, movie and other entertainment files.

Join the Network World communities on Facebook and LinkedIn to comment on topics that are top of mind.

Copyright © 2007 IDG Communications, Inc.