Follow Slashdot stories on Twitter

 



Forgot your password?
typodupeerror
Security The Internet Your Rights Online

Indictment Highlights File-Sharing Risks 86

Posted by CowboyNeal
from the careful-what-you-share dept.
Bomarc writes "Via the KOMO-TV website, an article from the Associated Press about how Gregory Thomas Kopiloff used Limewire, Soulseek and other peer-to-peer file-sharing programs to troll other computers for financial information, which he used to open credit cards for an online shopping spree, according to a four-count indictment unsealed in US District Court on Thursday. The news article isn't big on details, but it does outline the risks with peer-to-peer file-sharing programs."
This discussion has been archived. No new comments can be posted.

Indictment Highlights File-Sharing Risks

Comments Filter:
  • by Anonymous Coward on Friday September 07, 2007 @06:33AM (#20505741)

    however poorly configured software is, wether its MSIE or OpenSSH or SMB if they are poorly configured you will get bitten

    anyway this smells like another "OMG p2p teh evill!!!" anti-p2p propaganda
    • by rucs_hack (784150)
      people still use those old p2p programs? Wow.

      I couldn't be bothered myself. It always seemed like far too much effort when I could just, y'know, listen to the radio or rip from streams.
      • by dintech (998802)
        Umm, ripping from streams is definitely harder than typing a filename into a text box, searching and double clicking a track to download. It's this ease of use that made P2P so prolific. Even Joe six-pack could do it and mp3 files were no longer the domain of underground IRC communities and FTP shares.
      • by ultranova (717540)

        people still use those old p2p programs? Wow.

        I couldn't be bothered myself. It always seemed like far too much effort when I could just, y'know, listen to the radio or rip from streams.

        They send ebooks and programs over the radio where you live ? Cool.

    • Re: (Score:2, Insightful)

      by Apatharch (796324)

      however poorly configured software is, wether its MSIE or OpenSSH or SMB if they are poorly configured you will get bitten

      anyway this smells like another "OMG p2p teh evill!!!" anti-p2p propaganda

      Precisely. Preventing personal data from leaking onto P2P networks is simply a matter of proper configuration of the client. As the summary states, there's very little detail in the article about how the information was actually accessed; all that would be required is a few pointers to help people prevent the

      • by mgoren (73073)

        Precisely. Preventing personal data from leaking onto P2P networks is simply a matter of proper configuration of the client. As the summary states, there's very little detail in the article about how the information was actually accessed; all that would be required is a few pointers to help people prevent the sharing of sensitive files, but TFA seems to be following the fear-mongering route instead with quotes like "If you are running file-sharing software, you are giving criminals the keys to your computer

    • try .tax (Score:5, Informative)

      by Chapter80 (926879) on Friday September 07, 2007 @10:24AM (#20508203)
      In April, it's fun to search the file sharing networks for ".tax" files (and other common files used for tax returns by Turbo Tx, Taxcut, etc.)

      I would never recommend viewing such information or committing any crimes, but it's interesting to see one IP address with tens or hundreds of tax returns shared. If you hire an outside tax preparer, be aware!

      Imagine - your SSN, name, address, a list of banks that have paid you interest, a list of stocks that you own, your taxable income and amount of tax paid (which the IRS uses as proof that you are who you say you are, if you perform an online inquiry), etc.

      And the victim doesn't even realize that their PAID PREPARER is sharing the information with the world! No lie! There are hundreds available every April!

      PS, Don't try to call any of the individuals and tip them off - they have a tendency to shoot the messenger!

    • by joemawlma (897746)
      however poorly configured software is, wether its MSIE or OpenSSH or SMB if they are poorly configured you will get bitten

      SMB? Super Mario Brothers is NOT poorly configured software!

  • ...then don't be suprised when someone takes it as a gift and goes to buy something nice for themselves! :)

    (I know, I know, uneducated users, sharing C (or /) and not knowing any better, blah blah blah.

    Off to get myself that PS3 I'd never spend my hard earned dollars on....
    • You exemplify such a great attitude towards the world; it helps create what it is. To say, its the users fault for keeping information on his/her personal computer that could POTENTIALLY if not realistically be accessed by people who are breaching someone else's personal space is to misrepresent the problem. Keeping any kind of information, regardless of whether you are "file-sharing" or not does not mean another user has free reign to read/execute/extrapolate that information in any way they see fit. Sa
      • by numbski (515011) *
        We need xml joke tags on here. :P

        I had a mental image of someone running Windows as Administrator installing Kazaa, Limewire, whatever the p2p 1337 app of the week is, and manually sharing out their whole drive. Of course it's not okay to just abuse things, and there *should* be a reasonable level of security in keeping data on your computer.

        That said, a computer should be operated as non-uid=0, and only switch when critical tasks MUST be done, but hey...that still wouldn't fix this. If I run a file shari
        • Sorry, my joke filter is off today...

          Well a technical solution to making a mistake about something you don't even understand (inexperienced/ignorant users) is essentially impossible and may be why Win has the problems it has. My gripe really was with blaming the victim in that instance though, well, even if it is a joke. No worries, though.
          • by Danse (1026)

            Well a technical solution to making a mistake about something you don't even understand (inexperienced/ignorant users) is essentially impossible and may be why Win has the problems it has.

            Articles like this one don't do anything to improve the situation though. Instead of telling people that they shouldn't share their entire hard drive with their P2P app, and explaining how to prevent that from happening, it just goes off and rants about how P2P apps are so dangerous and they're stealing your data and letting anyone get all your files! Makes me wonder who's behind this story...

    • I saw "sharing C" and thought, "What's wrong with sharing source code over P2P?".
  • by rolfc (842110)
    Why not just use bittorrent?
    • Re: (Score:1, Informative)

      by Threni (635302)
      > Why not just use bittorrent?

      Because there's more good music available on Soulseek; you can see the bitrate before you download it; you can talk to users in rooms about the music first; you can download the same album from more than one person for speed; you don't end up waiting in vain for the last 6.9% of a torrent; you can ban leeches; it's trivial to upload your own music (I have no idea how to share something via BitTorrent - I think I have to read stuff and run programs etc = very boring. Perhaps
  • My way (Score:5, Funny)

    by Anonymous Coward on Friday September 07, 2007 @06:38AM (#20505767)
    c:\credit-info.goatse.cx.jpg
    Get's em every time.
    • c:\credit-info.goatse.cx.jpg
      Get's em every time.


      It's great if you are doing that on a Linux machine with a SMB share called c:\. You could keep them busy for hours if you seeded the share properly. Include lots of links to your PayPal account, Bank of America, Barcleys, ... the phishing sites..
    • by Chapter80 (926879)

      My way
      c:\credit-info.goatse.cx.jpg
      That's YOUR way? I was wondering whose it was.
      You really should see a doctor.
  • Search for 'Resume' (Score:5, Interesting)

    by 0100010001010011 (652467) on Friday September 07, 2007 @06:43AM (#20505801)
    An old Kazaa trick I used to entertain myself back in the day. Mainly to see what NOT to do on a resume, but you could get pretty adequate information from them. Some people included birthday, SSN, other stuff that should never be on a resume.

    Fun times.
    • by langelgjm (860756) on Friday September 07, 2007 @06:54AM (#20505873) Journal

      Yeah, we used to do this on a college file-sharing network. We'd search for files that were on the root of the drive, like "io.sys", and find all the people who were sharing their entire hard drives. Then we'd root through their documents and find compromising pictures of them and make fun of them in the main chat, usually followed by the advice "STOP SHARING YOUR ENTIRE DRIVE."

      There was also a correspondence between assigned IPs and the different dormitories, which was apparently easy enough to figure out, with the result that the ops often freaked out new users by telling them where they lived.

      • by 0100010001010011 (652467) on Friday September 07, 2007 @07:03AM (#20505949)
        I forgot about this one. We had a student at my first university that put up a search engine for the network. Twice a day it'd ping all the computers on campus (1600 students, maybe 800 living on campus) and then store the results in a database.

        It was just a 'dumb' spider so it went everywhere it could.

        jpg would turn up 'private' party pictures. doc's would turn up Resume's and homework solutions... those were the days.

        And we did the same thing you did. Anyone sharing everything would get a nice desktop text file "README". /Anyone remember searchtree?

    • by ajs (35943)
      I once had someone apply for a network security position who had their SSN on their resume. Needless to say there was no interview.
    • Back in my more active 'zine days, I once wrote an article composed entirely of bits and pieces of personal stuff people were sharing on Kazaa. Fun stuff! [phonelosers.net]
  • Just as with any case along these lines, services that may allow crimes to be committed need to be separated from the crimes themselves.

    As far as I can tell, there are many ways to mine for personal information on the internet that do not require the use of P2P sharing programs. In this case, should the usage of the internet as a whole be deemed unlawful?
  • I don't keep any sensitive information on my computers, in stead I put all the information I want to secure, passwords, account numbers, on line payment information, and administration info, in a plane old paper address book. Even if someone came in and physically took my computers they would have no access to my accounts. Also, if I want to remove access to all information I simply pick up the one address book and walk away. Yes, it is a hassle to type in the information each time but I don't have to wo
    • passwords, account numbers, on line payment information, and administration info, in a plane old paper address book.

      Just be careful where you throw that paper plane ... it could end up in the wrong hands.

      Sorry, sorry.
  • From the article: "If you are running file-sharing software, you are giving criminals the keys to your computer," said assistant U.S. attorney Kathryn Warma. "Criminals are getting access to incredibly valuable information."
    This woman sure adds some emotions to her wordings! It's not like she's added any media spin! [usdoj.gov] never! [nwsource.com]. Sheesh. This woman must be aiming for a job with microsoft. From the last link I just provided: "We know that Robert Soloway is one of the most prolific spammers in the world," Wa
    • Obviously learned from the best.
    • This is why you don't let anyone related to legal anywhere near technology:

      unless they escape by canceling their domain names

      Perhaps, but it's overkill. Just change your email address and remove the catch-all. Once you've done that, don't publish in plain text.

      or changing their Internet protocol addresses.

      WTF? that won't even help since the domain will be looked up and converted to the IP address.

      I think what is more accurate (assuming the software only shares what you tell it) is "you're giving criminals

    • by pakar (813627)
      It's fun how everyone is twisting information, or just picking numbers out of the sky...
      From the "never!" link you posted.

      "It's estimated that 80 percent of the traffic on the Internet is, in fact, spam."

      http://arstechnica.com/news.ars/post/20070903-p2p - responsible-for-as-much-as-90-percent-of-all-net-t raffic.html [arstechnica.com]
      There we have "P2P responsible for as much as 90 percent of all 'Net traffic"

      I'm not saying that this guy did not deserve this, but i do think about how much more information that might
      • Logic conclusion: At the very least 72% of P2P traffic is spam. Pr0n spam, most likely.
        • by poetmatt (793785)
          on a non factual, personal opinion basis I would guess that more than 15 or 20% of the internet is gaming (number of gamers + bandwith requirements on servers), maybe 5-10% specifically is youtube, maybe 5% is porn ads. I don't think its that much anymore since its not neccessarily high bandwith if its a bunch of garbled text full image porn ads are easily blocked by websites, the text is not. I'd guess another 20% is streaming services (non youtube/hdtv/etc), another 20% is bittorrent, and the rest is rand
  • by Anonymous Coward on Friday September 07, 2007 @07:04AM (#20505955)
    But not the risk of file-sharing. It outlines the risk of not knowing what your doing. Same could be said about just about everything.
    • Exactly. Any, and just about all, applications on a computer can pose a danger to you if you don't know what you're doing and think you do. Those annoying people who claim to know everything about computer and really don't are the real dangerous ones, to themselves and those who believe that they know everything. I know of more than one instance where C: was shared over an open network, because the person had discovered that that allowed them to get their files from another computer and never considered the
  • Cornhole your system to the universe?

    Y/N: N

    Share your files to [INSERT]

    Y/N: Y

    HAH! TRICK QUESTION! AYBABTU!

    *SCHLORP!*

    Seriously, this reminds me of morons who used to share their entire hard drives out to file sharing apps.

    I remember seeing printouts of peoples' password lists, even full bank account and investment broker information, complete with contact info, and all the personal ID data, etc. All found by people trolling the network for more than just MP3s.
  • Kopiloff is charged with mail fraud, accessing a protected computer, and two counts of aggravated identity theft. Authorities allege he victimized at least 83 people.

    I can understand the other charges, but accessing a protected computer? I'd think it would be reasonable to assume files that are found on a p2p network are meant to be shared. IANAL, but if he gets convicted for that, wouldn't that allow a "I'm sorry, I never meant to share these mp3's" defense in most, if not all, of the RIAA cases?

    • by arivanov (12034)
      If he has used credentials stolen from P2P to access a company or a financial system this charge will very nicely stick.
  • by Opportunist (166417) on Friday September 07, 2007 @08:16AM (#20506601)
    Cluelessness is. Plain and simple. Operating something that can potentially compromise your personal and private information without even having the foggiest idea what you're doing is stupid.

    Unfortunately, exactly that conclusion is very hard to understand by stupid people.

    Don't want to learn? No problem. Nobody is forced to be "on the internet". Nobody is being forced to put their private information into their computer. You can live without either.

    But don't blame technology for your stupidity. Do you call your car dangerous and evil if you're too stupid to see the difference between the funny things down there that ruin your shoes (aka pedals)?

    Just to get a car analogy into it again...
    • If when you read the article, your thought is "OMG people can access all my files if I use P2P" then you probably are also the type of person who can't figure out how not to share your entire hard drive. It is a valid article in that sense... P2P is a security danger to people who conclude P2P is a security danger after reading the article and probably should stop using it.
  • This is exactly the angle the media companys should leverage. Instead of combating what they perceive as piracy with more complicated and restrictive drm, they should work on the simple solution of providing the best source for their product.

    If the price / convenience / value ratios make you the best source for your product, people will scramble to get it from you. For money even! Back it up with an ad campaign reinforcing how safe and accessible you are and i guarantee you won't lose.

    I wish i was a m
  • The problem now is the value of recorded music is zero. Nobody I know pays. Why would they? Safety? Convenience? When a small bit of common sense will protect you from the robbers and thugs out there and everything you want is available?

    No, the crash is going to come pretty soon I think. Anyone "selling" music is doomed, as is their entire infrastructure. If you create graphics for bands who pay you from music sales, better find a new job. If your job is supplying plastic for jewel cases used by CD
    • by jafiwam (310805)
      Take your white washing elsewhere.

      Last time I checked, RECORD COMPANIES make money from CD sales. BANDS make money from live shows and merchandise. There are a few big name exceptions to this, but for the average "known only to college students that think they are hip" bands, they make squat from CDs.

      So, expect RECORD COMPANIES to collapse. (Which is a good thing, as they, along with the classic buggy whip makers are outdated.)

      I know about 5 bands that are very small, play live a bit, and released their o
    • by gstoddart (321705)

      The problem now is the value of recorded music is zero. Nobody I know pays. Why would they? Safety? Convenience?

      Supporting the artist is why I do it.

      See, the music has value to me in that I want to hear it, and I want to support the people who produce the music I want to listen to. That way, they'll make more of it. Cause otherwise, all that's left is Brittany and whatever other dreck is in the charts.

      I can't stand the *AA's either, but the people who actually produce music, do produce something which has

  • The user's computer exposure to web criminals was not due to the user's lack of attention to minute details of the program, but by the criminal negligence on the part of the programmer to shield the user's data from his program's access.

    In other words, the programmer of the P2P software is at fault for allowing his program to default into a dangerous state! The P2P program should be forcing the user to create a new and specific folder on the hard disk for files that will be shared. Then t
    • The user's computer exposure to web criminals was not due to the user's lack of attention to minute details of the program, but by the criminal negligence on the part of the programmer to shield the user's data from his program's access.

      I'd go further and say that in at least some cases automatically sharing everything (or at least all media files) is an intentional (mis)feature of the P2P programs. The folks that make these programs often gain from the popularity of their programs either through advertisi
  • by Pojut (1027544)
    I've been a torrent monkey for a little while now...although, I was HUGE into Hotline back in its hayday.

    By the by, anyone know if Hotline is still functional and in use?
    • by bruns (75399)
      There are still a few hotline servers left active, as well as several trackers.

      http://hotline.tracker-tracker.com/public/ [tracker-tracker.com]

      The official client is kinda... clumsy, and since Hotline SW isn't in business anymore, no more updates. But there are a few open source clients and the official client works under XP still.
      • by Pojut (1027544)
        wow...tracker-tracker is still up? sweet. Looks like I will be reacquainting myself with an old friend tonight...
  • No, its the risks of non-technical people using a computer. Give people a terminal instead of a 'PC', and problems like this go away.
    • If you line of thinking were to be followed, it would hasten the death of the general purpose computer. If the non-technical masses were to be using these 'terminals', then the general purpose machines would be mostly relegated to hobbyists and business use.
      • by nurb432 (527695)
        I dont see a problem with that scenario. Though i think that a PC in 'buiness setting' is also overkill and unsafe. Business users dont need any more power then a terminal ( think thin-client movement )
        • There are big problems with that scenario.

          The problem with the death of the PC is that once that happens, people will be relegated to basically using glorified game consoles for their 'computing'.

          DRM and content restrictions will be at the beck and call of the manufacturers and their cohorts/sponsors (RIAA, MPAA, etc.) and our essential freedom of the press will be limited.

          I don't see any solid technical reason for thin clients to take precedence. Sun never got anywhere far with them. Power consumption is b
    • WHAT? And let them share the entire server's drive via P2P???

      Listen as long as there are idiots, no software can be safe.
      Howmuchever security you build into a software is based on the assumption that an intelligent user will try to break it.
      Like the saying goes, fools sometimes rush in and get the job done where angels fear to tread.

      dumb people do stupid dangerous things.
       
      • by nurb432 (527695)
        If the provider was running things properly the end user would have to request the software to be installed and configured. ( if it wasnt already and only needed access ) They wouldn't be able to do it on their own and hose things up due to lack of appropriate rights.

        If the 'entre server' was shared, or the end user was able to even install an application, its the providers fault and they should be shut down.
  • This is the consumer equivalent of the age-old problem in the corporate world of printing something to the wrong printer, something that resulted in many a red face and more than a few leaks of confidential information. It is an information security problem -- how do you prevent a user from erroneously placing confidential information in an insecure space? The problem is the same whether the insecure space is a printer, an extranet site, or a directory structure shared by a file sharing program.

    Systems


  • ok, people stop sharing your C:\ drive! WTF! you're basically asking for people to steal your stuff then...
  • Shockingly, if you share your entire hard drive in P2P that WILL include all your personal information and people WILL take it and possibly do bad things with it. Most P2P software actually includes warnings against doing this and by default, only shares a specific created directory. Users would have to manually add their whole hard drive.

    To put it another way: Complete dipshits shouldn't be using P2P.

    I can live with that.

  • 1) zip Backup.zip ~/stuff
    2) mv Backup.zip ~/Kazaa/share/Britney&ParisDoAHorse.mpg
    3) ??
    4) Profit!!
  • lol
      I download something from Napster
      And the same guy I downloaded it from starts downloading it from me when I'm done
      I message him and say "What are you doing? I just got that from you"
      "getting my song back fucker"

Be careful when a loop exits to the same place from side and bottom.

Working...