Gregory Kopiloff, a Seattle man who pleaded guilty last November to stealing identity information over peer-to-peer file-sharing networks, has been sentenced to 51 months in prison.
In addition, Seattle District Court Judge James Robart ordered Kopiloff to serve in a three-year supervised release program at the end of his prison term.
Kopiloff, 35, was arrested by federal authorities in September 2007 and charged with using P2P software such as Limewire and Soulseek to snoop for and steal banking and credit information belonging to users on file-sharing networks. He was the first person in the US to be indicted on charges of committing identity theft over P2P networks.
According to court documents, between March 2005 and August 2007 Kopiloff surreptitiously gained access to banking, financial and personal data stored on the computers of other users on file-sharing networks. To get to that data, Kopiloff sometimes specifically searched for federal income tax returns, student financial aid applications and credit reports stored on users' systems. He also used the data to screen potential victims based on their income levels and credit histories in order to identify the most credit-worthy people.
He then used the stolen data to open fraudulent credit accounts or to make fraudulent purchases that he then had shipped to different locations in the Seattle area. The merchandise was later resold — typically for half its purchase price, court documents said.
At the time of his arrest, Kopiloff had bought between US$73,000 and US$120,000 worth of merchandise using identity information belonging to at least 83 individuals.
Kopiloff in November pleaded guilty to mail fraud, accessing a protected computer without authorisation to further fraud and aggravated identity theft. He faced a maximum of 20 years in prison and fines of up to US$250,000.
Robart's sentence appeared to be in line with the government's call for a 54-month prison term.
In arguing for a prison term, prosecutors described Kopiloff's use of P2P networks as a "particularly pernicious and devious" technique for committing identity theft. "The defendant exploited the recent developments in 'peer to peer' computer file-sharing technology to access the most private financial information imaginable from the personal home computers of scores of victims, located throughout the United States," Assistant US Attorney Kathryn Warma said in court documents.
Warma noted that the use of P2P software on home computers, sometimes installed by young people without their parents' consent, can open up all of the data on these systems to criminals. Typically, victims have no clue how their identity information and other confidential data leaked out, she said.
Warma said that Kopiloff's techniques were not "run of the mill" and deserved a "sentence at the high end" of what would be applicable.