GREGORY KOPILOFF, 35, of Seattle, Washington, was arrested late yesterday on an indictment by a federal grand jury in the Western District of Washington for Mail Fraud, two counts of Aggravated Identity Theft, and Accessing a Protected Computer Without Authorization to Further Fraud. The indictment alleges that KOPILOFF used file sharing programs to invade the computers of hundreds of victims across the United States to get access to their personal information in tax returns, credit reports, bank statements and student financial aid applications. KOPILOFF will make his initial appearance on the indictment today at 2:30 in the 12th floor courtroom at the U.S. District Courthouse in Seattle, Washington.
“Law enforcement has known for some time that criminals are exploiting peer to peer file sharing to secretly gain remote access to victim’s computers to search for personal information,” said Jeffrey C. Sullivan, United States Attorney for the Western District of Washington. “This case highlights the diligent work of our Computer Hacking and Intellectual Property Unit to identify and prosecute those who use technology against innocent consumers.”
According to the indictment, KOPILOFF used file sharing programs, including the “Limewire” program, to “search” the computers of others for federal income tax returns, student financial aid applications, and credit reports that had been stored electronically by other real people on and in their own private computers. KOPILOFF would use the identity, and banking, financial, and credit information to open credit accounts over the Internet, in the names of the other real people whose identities he had stolen. KOPILOFF would make fraudulent online purchases of merchandise, have it shipped to various mailboxes in the Puget Sound area, and then would sell the merchandise for about half its retail value. So far law enforcement has linked KOPILOFF’s fraud to some 80 victims and more then $70,000 in fraud.
The United States Attorney’s Office invited executives with Tiversa, Inc., a computer security company, to share information on the growing threat file sharing poses to consumers. “This arrest is just the tip of the iceberg,” said Robert Boback, CEO, Tiversa. “Millions of consumers expose their sensitive information when they use P2P file sharing networks and thousands of potential criminals a day search and find this information to commit ID theft and fraud.”
Tiversa monitors global file sharing networks on behalf of the world’s largest financial institutions, government agencies and individual consumers. That monitoring showed that during a two week period, almost 56,000 requests for files involving “credit card” were issued on peer-to-peer file sharing networks monitored by Tiversa; over 75,000 requests for specific credit card statements by brand; 50,000 requests for “tax returns”; and over 317,000 requests for files involving “pin” and “user id”.
On July 24, 2007, Robert Boback testified before the House Oversight and Government Reform Committee about developments regarding inadvertent file sharing over peer-to-peer (P2P) networks.
“Cyber crime has evolved significantly over the last several years,” said Wallace Shields, Special Agent in Charge of the U.S. Secret Service Seattle Field Office. “Cooperation between law enforcement has allowed us to focus our resources and respond quickly to uncover and prevent criminal activity such as this type of financial fraud.”
“This case proves once again that despite all the sophisticated electronic means of stealing identities such as the “peer to peer” file sharing programs, the U.S. Mail and other commercial carriers are still used to convey items of value,” said Keith J. Tyner, Acting Inspector in Charge of the Postal Inspection Service in Seattle. “Because of the increasing breadth and complexity of these cases it becomes vital to leverage resources and work with other agencies in a task force approach. This is possible due to the excellent cooperation of our law enforcement partners – the United States Attorney’s Office, the United States Secret Service and the Seattle Police Department. Working together we become more effective in combating these complex white collar crimes.”
The charges contained in the indictment are only allegations. A person is presumed innocent unless and until he or she is proven guilty beyond a reasonable doubt in a court of law.
Mail Fraud is punishable by up to 20 years in prison, and a $250,000 fine. Accessing a Protected Computer without Authorization to Further Fraud is punishable by up to 5 years in prison and a $250,000 fine. A conviction for Aggravated Identity Theft mandates a two year prison sentence to run consecutive to the prison time imposed on the underlying conviction.
The case was investigated by the Electronic Crimes Task Force of the U.S. Secret Service, the U.S. Postal Inspection Service, the Seattle Police Department and Poulsbo Police Department.
The case is being prosecuted by Assistant United States Attorney Kathryn Warma of the Computer Hacking and Internet Crimes (CHIPS) Unit of the United States Attorney’s Office.