Man charged with ID theft using data stolen from P2P networks
It's the first such case of its kind in the U.S.
Computerworld - In the first case of its kind in the U.S., federal authorities have arrested a Seattle man on charges of committing identity theft and fraudulent online transactions using personal information harvested from peer-to-peer (P2P) networks.
In a four-count indictment unsealed Thursday in the U.S. District Court for the Western District of Washington, federal officials said that Gregory Thomas Kopiloff used P2P software such as LimeWire and Soulseek to snoop for and steal identity, banking and credit information belonging to other users on file-sharing networks.
The illegal activity began around March 2005 and continued through August 2007. During this period, Kopiloff is accused of fraudulently buying at least $73,000 worth of merchandise with identities and financial information belonging to at least 83 individuals, the indictment said.
According to officials, Kopiloff used P2P tools to surreptitiously gain access to a wide range of information stored on the computers of other users on file-sharing networks. In addition to banking and other financial data, Kopiloff would specifically search for federal income tax returns, student financial aid applications and credit reports that were stored on the computers of other P2P network users.
He then would proceed to use the data to screen potential victims based on their income levels and credit histories, "in order to identify victims who were most 'credit worthy' and under whose identities he could maximize fraudulent merchant transactions," the indictment said.
The arrest highlights growing concerns about how file-sharing networks are becoming treasure troves of information for identity thieves and other types of fraudsters.
The situation is the result of personal information being leaked onto these networks by individuals who fail to take the proper precautions for securing their computers during P2P sessions. Popular P2P clients such as Kazaa, LimeWire, BearShare, Morpheus and FastTrack are designed to let users quickly download and share music and video files. Normally, such P2P clients allow users to download files to and to share items from a particular folder on their system with other users on the network. But if proper care is not taken to control the access that these P2P clients have on a system, it is easy to accidentally expose and share personal data stored on the computer with all other users on a file-sharing network.
According to security analysts, the information available on P2P networks, as a result of such accidental exposure, includes federal and state ID card data, passports, Social Security numbers, credit card information and bank account details.
A study on the dangers of inadvertent data disclosure on file-sharing networks earlier this year by Dartmouth College's Tuck School of Business showed that such information is increasingly being mined on file-sharing networks by ID thieves. The study examined data involving P2P searches and files related to the top 30 U.S. banks over a seven-week period between December 2006 and February 2007. The analysis showed that a large number of searches made on those networks were aimed at uncovering sensitive financial data from individuals.
- 15 Non-Certified IT Skills Growing in Demand
- How 19 Tech Titans Target Healthcare
- Twitter Suffering From Growing Pains (and Facebook Comparisons)
- Agile Comes to Data Integration
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- Mobile Policy Checklist Here's what to consider when putting together a mobile policy designed to support a highly productive workforce.
- Mobile Applications Case Study: 8 Billion Transactions a Day The story documents how the online brokerage company tradeMONSTER created a custom mobile app and the success gleaned from this initiative. Also covered...
- Who's afraid of the big (data) bad wolf? Survive the big data storm by getting ahead of integration and governance functional requirements This paper provides a detailed review of the best practices clients should consider before embarking on their big data integration projects.
- Understanding big data so you can act with confidence Automating information integration and governance and employing it at the point of data creation helps organizations boost confidence in their big data.
- Mobile Apps and Devices Slash Customer Cycle Time Consolidated Engineering Laboratories' field employees used to collect data on triplicate forms that were sometimes hard to read and difficult to manage. After...
- Cloud Knowledge Vault Learn how your organization can benefit from the scalability, flexibility, and performance that the cloud offers through the short videos and other resources... All Legal White Papers | Webcasts