The US authorities have arrested a Seattle man on charges of committing identity theft and fraudulent online transactions using personal information harvested from peer-to-peer (P2P) networks.
In an indictment US officials said that Gregory Thomas Kopiloff used peer-to-peer software such as LimeWire and Soulseek to snoop for and steal identity, banking and credit information belonging to other users on file-sharing networks.
The illegal activity began around March 2005 and continued through August 2007. During this period, Kopiloff is accused of fraudulently buying at least US$73,000 worth of merchandise with identities and financial information belonging to at least eighty three individuals.
According to officials, Kopiloff used P2P tools to surreptitiously gain access to a wide range of information stored on the computers belonging to those using file-sharing networks. In addition to banking and other financial data, Kopiloff would specifically search for federal income tax returns, student financial aid applications and credit reports.
Kopiloff then proceeded to use the data to screen potential victims based on their income levels and credit histories, the indictment states: "in order to identify victims who were most 'credit worthy' and under whose identities he could maximise fraudulent merchant transactions".
The arrest highlights growing concerns about file-sharing networks becoming treasure troves of information for identity thieves and other types of criminal activity.
Personal information is being leaked onto these networks by individuals who fail to take the proper precautions for securing their computers during P2P sessions. Popular P2P clients such as Kazaa, Lime Wire, BearShare, Morpheus and FastTrack are designed to let users quickly download and share music and video files. Normally, such P2P clients allow users to download files and share items from a particular folder on their system with other users on the network. However, if proper care is not taken, it is easy to accidentally share personal data, as well as music and videos stored on the computer, with all other users on a file network.
According to security analysts, the information available on P2P networks as a result of such accidental exposure includes federal and state ID card data, passports, Social Security numbers, credit card information and bank account details.
A study on the dangers of inadvertent data disclosure on file-sharing networks earlier this year by a US College showed that such information is increasingly being mined by ID thieves. The study examined data involving P2P searches and files related to the top 30 U.S. banks over a seven-week period. The analysis showed that a large number of searches made on these networks were aimed at uncovering sensitive financial data from individuals.