Technology
Gina Freeman/the Gauntlet

Ninja looter caught stealing identities

Publication YearIssue Date 

A week ago, Gregory Kopiloff of Seattle, Washington was caught using peer-to-peer programs in a very shocking way-and it wasn't downloading bestiality porn.

On Wed., Sep. 5, a new enemy of P2P programs was revealed. LimeWire and Soulseek were reportedly used to download sensitive financial information from people who had poorly configured the sharing options of these programs. Many users, accidentally-or ignorantly-configured these settings to share their entire hard drives, such as electronically stored sensitive information including credit card statements, passwords, tax returns, and student loan applications, adding identity theft to the list of grievances against P2P programs.

P2P file sharing programs have opened a new frontier on the Internet for accessing and sharing files and content with people from around the world. Since their inception, P2P programs have come under fire from artists such as Madonna, Dr. Dre and Metallica for illegally sharing music. Internet service providers have tried to use strategies of packet shaping ("406: Not Acceptable," Sep. 6 issue of the Gauntlet) to limit access to them, and copyright law lobbyists have tried to get governments to shut them down.

Although this sort of thing has been going on for quite some time, the U.S. Attorney's Office for the Western District of Washington said Kopiloff's is believed to be the first case of identify theft involving P2P programs.

With the rise in popularity of the Internet in the past decade, identity theft is becoming a greater threat internationally than it had previously been. In the past, dumpster diving for personal information had been the method of choice for identity thieves, but the Internet has made it possible to do this without leaving home.

In the past, politicians have had a strange habit of creating superficial solutions to problems-banning liquids on planes and harsher sentences for crimes are fine examples-rather than getting to the root of the problem. It may then naturally follow that lawmakers will seek again to do more to disrupt P2P file sharing programs. There seems to be reason enough to do it already. Strong pro-copyright lobby groups are fighting for it, musicians are fighting to protect their art, and the U.S. government is monitoring search queries, text messages and phone records for signs of terrorist activity.

The solution to stopping this sort of identity theft isn't further attacking P2P networks. It's good sense.

One of the charges laid against Kopiloff, "accessing a protected computer without authorization," doesn't even make sense, since he was authorized-accidentally or not-and the computer clearly wasn't protected. Kopiloff was invited to download anything he wanted off these computers.

Interestingly enough, the bulk of the potential 29 years Kopiloff may serve in prison for his crimes comes from mail fraud, which carries a

20-year sentence. In all, Kopiloff was charged with mail fraud, accessing a protected computer without permission and two counts of aggravated identity theft.

It would be preposterous to charge an invited party guest with breaking and entering for the theft of the host's alcohol. Certainly, there is etiquette one must follow in terms of showing restraint, such as don't steal someone else's beer or perhaps don't steal people's financial

documents, but it hardly seems reasonable to charge violators of this etiquette or law as the case may be with other non-related offences just because being tough may deter future occurrences of the problem. This superficial charge seems to serve as little more than an emphasis of the already obvious severity of a

crime in hopes that making an example of this first recorded case will cause would-be identity thieves to think twice prior to pilfering people's personal papers.

Tags: 

Section: 

Issue: 

Comments

Legally-speaking, online identity theft cases don't have a lot of precedents and there is no actual body of law relating strictly to that. Loosely applying the "mail fraud" label and its penalty to any similar act (e.g., transmission of data across state lines under false pretenses) is merely a legal label for what they see as a similar crime.