Friday, September 07, 2007

I'll Just eMule you my identity attributes...

ID theft updated for the 21st century
Man accused of exploiting peer-to-peer software

Federal agents and prosecutors sounded a warning Thursday to the millions of people who use peer-to-peer software for downloading music or video files: "You are handing criminals the keys to your computer."

The warning came after the arrest of a Seattle man Wednesday on charges that he trolled through the vast peer-to-peer networks, downloading peoples' tax returns, student aid applications and credit card numbers instead of music.

The feds accuse Gregory Kopiloff, 35, of using the information to steal people's identities, then buying tens of thousands of dollars in such electronics as laptops, iPods and cell phones that he sold for "50 cents on the dollars."

Kopiloff is believed to be the first person in the nation to be arrested for using peer-to-peer software for the purposes of identity theft.

Despite what prosecutors describe as a lucrative enterprise, a U.S. magistrate judge Thursday assigned the oddly cheerful-appearing Kopiloff a federal public defender -- a right reserved to indigent defendants. According to Secret Service and Seattle police investigators, Kopiloff gambled away his ill-gotten gains.

When arrested near his publicly subsidized apartment in the Denny Triangle-Cascade neighborhood, Kopiloff told investigators he was "relieved," as he knew this day was coming.

Although Kopiloff's motive is as old as the crime of larceny, he "is a poster child of a 21st-century theft," said Assistant U.S. Attorney Kathryn Warma. The former Dumpster diver "has adapted as technology has adapted," she said.

In peer-to-peer file sharing, people download software allowing them to connect to networks such as LimeWire, Kazaa, Soulseek, eMule and Morpheus, which gives them access to every other laptop or PC that is part of those networks. When people log in to these networks, they type in a search term for the music they want, such as Bright Eyes or Madonna.

But instead of typing in Madonna, Kopiloff would type in tax return or credit report, authorities said.

Robert Boback, an industry expert on peer-to-peer risk management who participated in a news conference at the U.S. Attorney's Office on Thursday, characterized what Kopiloff is accused of doing as a harbinger, calling it a "new age of crime." People engaged in peer-to-peer file sharing "don't realize what they are sharing is their entire hard drive."

To give an idea of the potential scope of the problem, Boback said about 966 million peer-to-peer searches are done every day around the world. In research done by his company during the two weeks beginning Aug. 16, there were almost 800,000 suspicious peer-to-peer search terms involving credit cards, credit reports, tax returns, bank accounts, medical insurance and passwords.

"This is the new world of identity theft," he said. "There are tens of thousands of individuals making a living doing this kind of work."

He likened peer-to-peer file sharing with a computer containing sensitive financial data to "putting meat into a school of piranha."

Boback said there are no good fixes in place to solve the problem. And he recommended that the best protection is to use two computers, one to store financial and other sensitive records and another to conduct peer-to-peer file sharing. Boback warned parents to find out whether their children are engaged in file sharing without their knowledge.

Cybersecurity expert Howard Schmidt, a former chief of security for Microsoft Corp. and eBay, said many people who use file-sharing software such as LimeWire unwittingly expose themselves to identity thieves by accidentally allowing other access to their hard drives, not just folders that hold the music or videos they hope to exchange.

Schmidt, who also served as a cybersecurity adviser to the White House after the 9/11 attacks, pointed out that most file-sharing programs could be configured so they share only files kept in a single file or group of files.

Schmidt also suggested computer owners consider encrypting sensitive documents. He said several companies offer consumer-friendly encryption software, which also comes loaded on some new computers.

Schmidt said the full extent of the problem isn't clear.

"There's a perspective that a number of the data breaches in recent years may have been related to this," he said. "But the fact that they got it from peer-to-peer is not always known."

Kopiloff was charged Thursday in a four-count indictment with mail fraud, accessing a protected computer without permission and two counts of aggravated identity theft.

Mail fraud carries the toughest maximum sentence, 20 years in a federal prison.

Kopiloff is being held pending court appearances Monday.

P-I reporter Levi Pulkkinen and online producer Brian Chin contributed to this report. P-I reporter Paul Shukovsky can be reached at 206-448-8072 or