Sophos welcomes arrest of man accused of identity theft through file sharing

September 12, 2007 Sophos Press Release

Sophos, a world leader in IT security and control, welcomes the news that the US Justice Department made its first arrest of someone using file-sharing digital data to commit identity theft.

Gregory Thomas Kopiloff used the file-sharing program, Limewire, to steal people's personal financial information, which he then used to open new credit card accounts. According to a four-count indictment, Kopiloff charged as much as $73,000 on the cards, reselling all of the purchased items at half-price and keeping the rest. Authorities have identified 83 victims so far.

Concerns about the security of P2P file-sharing applications such as Limewire have been growing during the past several years. Because of the network framework that drives P2P, individuals are able to share files unknowingly, meaning there is a significant opportunity for hackers to access private (and often confidential) information to use to their advantage. Current P2P networks do not have adequate security measures to block users from unknowingly sharing information or warn them that it's happening.

"P2P networks present risks to not only businesses, but also home computer users," said Ron O'Brien, Boston-based Sophos senior security analyst. "For example, if one person in the house downloads an application and stores the file in the 'My Documents' folder and a hacker happens to gain access to that P2P file, he or she can search any file within the entire folder. If the owner of that file has personal documents like medical records, resumes, documents with their address or phone number on it, or any other private, personal information, the hacker can access any of it."

Solutions such as Sophos's Application Control offer network administrators relief from these potentials threats. Application Control allows system administrators to selectively block unauthorized VoIP, P2P, games and Instant Messaging (IM) applications that can present risks to company data and networks. Sophos's solution gives system administrators the power to selectively allow or block usage of applications by individuals or groups. As a result, they can implement flexible policies that reflect the diverse needs of groups across the enterprise. Sophos currently blocks Limewire, as well as popular P2P sites emule, bitorrent, utorrent, morpheus and Azureus.

"Until file-sharing networks integrate enhanced security features, it is imperative that businesses and household users of such programs take proactive measures to protect their intellectual property and private information against potential hackers fishing for personal information to use to their advantage," continued O'Brien. "While implementing technologies like application control solutions is one way to protect yourself, computer users must remember to always update or employ the most recent security features offered to guarantee the utmost protection."