A man charged with stealing information over file-sharing networks in order to commit identity theft pleaded guilty on Tuesday in federal court in Seattle to mail fraud and to accessing a protected computer without authorization to further fraud.
Gregory Kopiloff faces up to 20 years in prison on the mail fraud count, as well as fines of up to US$250,000. The maximum penalty for accessing a protected computer without authorization is five years in prison and US$250,000 in fines. In addition to those counts, Kopiloff also pleaded guilty to two related charges, including aggravated identity theft.
Kopiloff was arrested by federal authorities in September on charges of committing identity theft and fraudulent online transactions using personal information harvested from peer-to-peer (P2P) networks. It was the first time that anyone in the US had been arrested on charges of committing identity theft on a P2P network.
A four-count indictment unsealed in the US District Court for the Western District of Washington after Kopiloff's arrest stated that he used P2P software such as Limewire and Soulseek to snoop for and steal identity, banking and credit information belonging to users on file-sharing networks.
According to court documents, between March 2005 and August 2007 Kopiloff surreptitiously gained access to banking, financial and personal data stored on the computers of other users on file-sharing networks. To get to that data, Kopiloff sometimes specifically searched for federal income tax returns, student financial aid applications and credit reports stored on users' systems. He also used the data to screen potential victims based on their income levels and credit histories in order to identify the most credit-worthy individuals, according to the court documents.
At the time of his arrest, Kopiloff had allegedly bought US$73,000 to US$120,000 worth of merchandise using identity information belonging to at least 83 individuals.
Kopiloff's arrest and subsequent guilty plea highlight what some security analysts have said is a growing problem: All sorts of personal and confidential information is readily available on file-sharing networks to just about anyone who cares to look for it.
According to several security analysts, the situation is the result of the inadvertent leaking of personal data on P2P networks by users who have failed to take adequate security precautions when sharing music and other files. Though the problem is not new, what makes it a growing concern is the fact that identity thieves and other fraudsters are increasingly lurking on such networks to harvest and use this data illegally, according to the analysts.
The concern is not just restricted to personal data, either. In July, the House Committee on Oversight and Government Reform heard testimony from several witnesses about how everything from classified military documents to corporate data is floating about freely on P2P networks such as Kazaa, Limewire, BeahShare, Morpheus and FastTrack.