Seattle man used Limewire for identity theft

IDG News Service - A Seattle man was sentenced to more than three years in prison Tuesday for using the Limewire file-sharing service to lift personal information from computers across the U.S.

The case highlights a type of identity theft that is probably more common than most people realize, said Kathryn Warma, assistant U.S. attorney in the Computer Hacking and Internet Crimes Unit of the U.S. Attorney's Office.

The man, Frederick Wood, typed words like "tax return" and "account" into the Limewire search box, Warma said. That allowed him to find and access computers on the Limewire network with shared folders that contained tax returns and bank account information.

Wood also searched specifically for forms that parents fill out to apply for college financial aid for their children, which include "exhaustive personal and financial information about the family," Warma said. He used the information to open accounts, create identification cards and make purchases.

"Many of the victims are parents who don't realize that Limewire is on their home computer," she said.

Wood was initially apprehended while executing an even more low-tech crime, the Attorney's Office said.

He advertised an Apple computer for sale on Craigslist, and a Seattle resident responded to the ad and met Wood at a coffee shop to buy the computer. After paying for the computer with a check and leaving the coffee shop, the man discovered that there was no computer in the box, only a book and a vase.

The victim helped police set up a similar deal with Wood, who was arrested when he handed over another computer box with no computer in it, this time to a police officer, the Attorney's Office said.

Police later searched a computer they found in Wood's car and discovered tax returns, bank statements and canceled checks stolen from more than 120 people across the country. He had also used the information retrieved through Limewire to make forged checks. He used those checks to buy electronics gear, some of which he sold on Craigslist, said the Attorney's Office.

Warma's advice to people who want to avoid becoming victims of this kind of identity theft was to "get Limewire off your computers." Even the added security features in the most recent version can be circumvented, she said.

"I think it's a horrible idea for people to have peer-to-peer software on their computers unless they're a very sophisticated user," she said.

During the investigation the authorities discovered that Wood was an associate of Gregory Kopiloff, the first person in the U.S. to be indicted for using file-sharing programs to steal personal information. He was sentenced in early 2008 to more than four years in prison for fraud.

Wood was sentenced Tuesday to 39 months in prison and three years of supervised release for wire fraud, accessing a protected computer without authorization to commit fraud, and aggravated identity theft. He was tried in the U.S. District Court for the Western District of Washington.

Warma said Wood and Kopiloff are the only two people to be convicted so far for using peer-to-peer networks to steal personal information.