Man Jailed After Using LimeWire For ID Theft

angry tapir sends along this excerpt from PC World: "A Seattle man has been sentenced to more than three years in prison for using the LimeWire file-sharing service to lift personal information from computers across the US. The man, Frederick Wood, typed words like 'tax return' and 'account' into the LimeWire search box. That allowed him to find and access computers on the LimeWire network with shared folders that contained tax returns and bank account information. ... He used the information to open accounts, create identification cards and make purchases. 'Many of the victims are parents who don't realize that LimeWire is on their home computer,' [said Kathryn Warma of the US Attorney's Office]."

Remove the buzzwords

[BadAnalogyGuy]

Man jailed for ID theft. This is a good outcome, I'd say.

The Limewire connection is only interesting because it shows social vulnerabilities inherent in the filesharing mechanism. As long as you make it simple to share files and folders, people are going to be lazy and end up sharing files that they never meant to share.

Re:how dumb

[orthancstone]

Do people not understand how file-sharing works?

Correct

Crime was not accessing the data

[davidwr]

The crime was using it.

Here's a moral equivalent:

Imagine of lots of people left the same forms on their car dashboard for all to see and parked their cars on the public streets. Then I walk along and write that info down in my notebook. So far, I haven't done anything illegal. Or I should say, if I have broken a law, then the laws are broken.

But once I use this information, particularly if I use it fraudulently, then I've committed a crime.

Re:how dumb

[MightyMartian]

I don't know how they couldn't. The thing is so bloated and slow, and degrades system resources so much, you'd think people would go "Hey, WTF is going on here?" Unless of course they already have tons of malware, and their private info has been lifted by half a dozen botnets already, in which case Limewire is probably the most secure network app they're running.

Outrageous!

[wbren]

This is outrageous! Our rights have been trampled on for the last time! We must rise up and fi....

Wait, wait, wait... are we /.ers for or against doing illegal stuff on P2P networks this week?

Sorry, between defending one illegal P2P activity (music "sharing") and condemning another (ID theft), it's hard to know what's what...

Tip: The mod point you're looking for is "-1 offtopic"

Good but not Great

[Monkeedude1212]

I mean the guy should go for jail for it, no doubts there - but the fact that it can happen is the real issue that needs to be addressed.

I mean it's not the victim's fault, they probably don't even know what Limewire is, let alone how to use it or how it can be dangerous. It's not Limewire's fault, I mean any method they put in to prevent this will either detract from their service or will just spawn more problems.

And little Billy Downloady just put My Docs as the shared folder so his music goes into the music folder and the movies go into the movies folder. Having no idea that his parents happened to keep sensitive info in there.

I Guess the solution... Encrypt your Data regardless your situation?

Interesting

[geekoid]

Clearly using the information is wrong.
I don't think getting data from a folder someone has publicly shared is wrong.

And before someone uses that lame ass house analogy, it doesn't apply becasue that's not how computer communicate.

Re:Remove the buzzwords

[pha7boy]

A small change in Limewire should take care of problems like that (for example asking you to select/confirm which folders you share every time you open it up). I don't find the idea that parents who don't know what their kids installed on their computer is an acceptable excuse. If you have a kid, you better know what's installed on that computer... It's called parental responsibility.

Protected!?

[SendBot]

Wood was sentenced Tuesday to 39 months in prison and three years of supervised release for wire fraud, accessing a protected computer without authorization to commit fraud, and aggravated identity theft.

What chain of idiocy determined the computers he accessed to be "protected"?

Wood: Hey, do you have any files with names like this?
Computer: Yeah, I do.
Wood: Can I have them plz?
Computer: No problem - here they are for you.

Re:how dumb

[CannonballHead]

Then why are these idiots letting their kids use their computer?.........No wait.......

That would be a very large debate. But hey, if "parenting" consists of "taking kids to daycare" and when they are older "taking kids to school" and when they are older "buying kids a car," it's no wonder they let their kids use "their" computer.

Ouch

[pak9rabid]

Yet another damn good reason not to let your kids have free reign on your computer that you also use for banking and filing your taxes.

Re:Crime was not accessing the data

[Aladrin]

But he -did- have permission. They have given permission by having limewire share their computer's contents.

If I put a sign in my front yard next to my lawn chairs that says 'Free chairs', even if I can't read the sign myself, I can't blame anyone for taking the chairs. I did give them permission, even if I didn't know I was doing it.

And as far as 'protected computer' ... Leaving filesharing open to the world is the opposite of 'protected'. Having a bulldog in your front yard and leaving your front door open does not mean your house is protected.

Nobody in this article has any common sense

[schwit1]

Frederick Wood: did he think passing off boxes of junk as computers would never fail?

First craigslist victim: you wrote a check without checking the product?

Prosecutor: what 'protected computer' was accessed? Do you have a different definition of protected?

ID theft Victims: what are you thinking putting sensitive information on a computer used by teenagers?

Re:how dumb

[mcgrew]

You're confusing ignorance with stupidity. Everyone is ignorant, nobody knows everything. Anyone who assails the intelligence of someone because they don't posess a certain bit of knowledge that they do is stupid.

Re:Good but not Great

[Otto]

I still blame the parents for not creating a decent separation of their data vs. their kids. Why does little Billy Downloady have the equivalent of root access, so he can install the software to begin with? Why does he have access to the tax records in the first place?

You don't need to resort to hard core encryption. Simple user separation would have prevented this sort of thing. Heck, even Windows rather lame user system would work just fine to prevent this.

Family members should have separate accounts on the local PC. It just makes sense.

Re:Outrageous!

[mcgrew]

Wait, wait, wait... are we /.ers for or against doing illegal stuff on P2P networks this week?

Some perfectly moral actions are illegal (e.g. smoking marijuana). Some abhorently immoral actions are perfectly legal (e.g. adultery). Sharing copyright files is illegal, but its morality is debatable. Defrauding someone of their hard earned cash is illegal, and its immorality is not debatable.

But I'm sure someone here will try to debate it anyway. :/

Re:Crime was not accessing the data

[Anonymous Coward]

Well, if that's the case, Media Sentry's guys should be doing long terms, since this is exactly what they do, for fun and profit.

Not Surprising

[Dekks]

I'm still amazed how many people think it's a great idea to have their resume on their personal website, along with their date of birth, address and believe it or not I've actually seen people put their SSN on their resumes.

Re:how dumb

[InlawBiker]

For a bunch of techies on Slashdot it's hard to understand. It's like a car mechanic saying, "How could you not know your valves needed adjusting by how the engine was running? Now your motor is destroyed" and the customer's answer is "What's a valve?" I bet the auto mechanic web forums are full of people laughing at the "dumb" end users of expensive, ruined machines.

There are a whole combination of technical details to know with file sharing - Windows shares, file system permissions, why you shouldn't run applications as admin by default, IP, port address translation (if you have a typical NATing home router). Even if you think you understand the software, how can you be sure you're 100% safe when you install software that's DESIGNED to open up your computer to the world?

Re:how dumb

[mrsquid0]

No, they do not. Many people think that they are searching some sort of repository of files that was set up specifically to be searched. They do not realize that they are searching other people's hard drives, and other people are searching theirs. Even when they realize that people are downloading from them many people think that the downloading is restricted to music files. The idea that their entire hard drive may be open for searching is alien to some people.

Re:how dumb

[Orion Blastar]

Actually it is usually the children that install Limewire to get free music and video games. Most parents don't know what Limewire is, and share the computer with their children. When they notice a slow down on the Internet they think it is a virus or just Windows as usual. Not knowing that Limewire is sharing their "MyDocuments" folder including all of their personal documents and files in that folder.

My son, for example, uses a PC different from mine. So mine does not get infected with viruses or get all of the files shared via Limewire or some other program. But then I am Tech Savvy enough to know what Limewire and other file sharing programs are, and take them off of my system.

Re:Outrageous!

[Drakonik]

Although technically what you present as an average slashdotter's mindset is true, it's an oversimplification. Music piracy is condoned or at least given more leeway because it's largely the symptom of a bigger problem, that being copyright and DRM asshattery where a user who pays for music ends up unable to use it for whatever reason.

ID theft, though, is simply theft and exploitation of others for profit.

At least, that's how I see it.

Re:Crime was not accessing the data

[DragonWriter]

Key word is "protected computer". Not sure how something sharing *.* on limewire is considered "protected".

"Protected", in this context, probably means "within the scope of protection of the particular law under which he was charged", not "protected by technical security measures."

Re:Crime was not accessing the data

[blackraven14250]

Nope, not really. He took this information and conducted fraud. It doesn't matter whether they literally told it to him or he found it in their dumpster or whatever. Fraud is fraud, plain and simple. You don't get away with giving a false driver license to a cop even if the driver gave it to you to use.

But, I totally agree on the protected computer part from the practical standpoint. It wasn't protected. However, if the law lets them in based on any loophole, it'll be exploited a massive amount. I don't want someone getting into my files because "Windows was already programmed to let them" or some shit like that, and being stuck with no recourse because of it.

Re:Remove the buzzwords

[TheLink]

With windows you can stick to "limited users" and don't share accounts, and make it harder for someone else's limewire to suddenly share your files without your permission.

I think that's the better approach, since it makes it harder for the kid to accidentally delete/corrupt/read your files.

Not impossible of course - since they have physical access to the computer.

Re:Protected!?

[herksc]

Agreed.
This is from the The Computer Fraud and Abuse Act [wikipedia.org] that states it is a criminal offense when: "Knowingly accessing a protected computer with the intent to defraud and there by obtaining anything of value."

Poorly written law if you ask me. What if the computer is protected but some of the files are not? How do you define a "protected" computer anyway? What if it is locked in a safe, but connected to the internet with no safeguards? By definition of this law, if I retrieve national security information that someone posts on a /. comment, then I break this law, because the computer that hosts /. is "protected" in a co-lo.

Of course in this case, they had him on the Wire Fraud and Aggravated Identity Theft also.

The good thing about this law is that it does not state it is a crime to "Knowingly access a protected computer with no intent to do harm".

Re:Outrageous!

[jahudabudy]

Well, perhaps some of us decide what actions are and are not acceptable based on our own personal morality and don't really care what the law says (as far as determining right/wrong). In this case, identity theft vs. copyright infringement seem to me to have wildly different moral implications - direct harm vs. not so much any harm.

Re:Remove the buzzwords

[Lord Ender]

If you have a kid, you should NEVER SHARE A COMPUTER with it. It is not practical to expect parents to monitor everything a kid does on a computer, or to ensure any level of security on a computer used by a kid.

Get your kids their own computers and assume they are sharing that computer with a hacker and all of 4chan. Prohibit the use of the computer for any financial transaction. A kid's computer is only "safe" if there is nothing worth stealing on that computer.

Re:Outrageous!

[mmaniaci]

The mod point I'm looking to give you is "-1 Flamebait." Since when is destorying someone's personal life akin to stealing an album? Get some perspective on life, please. Laws do not define right and wrong! Sorry for the flame, /., but people that are blind enough to believe laws are some sort of unchangeable and divine Truth need be burned.

I Blame the System Tray

[AtomicDevice]

With all that crap in the MS system tray, it's a wonder anyone has any idea when new things appear on their machine.

Re:Crime was not accessing the data

[CastrTroy]

The protected computer thing is just an extra charge they have on the books so they can put you in jail for longer, or fine you more. I remember a few years ago on the news, they reported somebody getting charged with a robbery, and one of the charges was "wearing a disguise while committing a felony". There's a lot of extra laws on the books just to increase the number of charges you get when you break an important law. I imagine that had he not actually committed fraud using that data, that there is no way he would have gotten charged, simply for downloading the information from the computer.

Re:how dumb

[rrhal]

... Only if the button is clearly labeled "Do Not Press"

Most parents know that being computer literate is an important part of their childrens' education. They probably bought the computer in the first place for their kids to use so they would learn more about computers than their forebears.

Re:how dumb

[DrLov3]

Yes, but only with computers can you get away with your ignorance

If your car has the "break" light flashing in the dashboard for 2 years, and you don't get your car checked, and one day you're totally out of break fluid and you run over a pregnant mother, you will be held responsible and you won't be able to claim it's not your fault because you don't know anything about cars.(P.S.: I don't know anything about cars, but I know I'd be responsible )

If you steal a 52inch plasma T.V. from a home in broad daylight and you get arrested by the cops, ... the defense : "I did not know it was a crime to steal stuff before 9:00 P.M." will not work, because none should ignore the law.

If I get stomach pain, I get a doctor to look at me, because if I ignore the issue, I won't be able to complain to GOD that I am dead because I wasn't a Doctor posting stuff on doctor's forums and that it isn't fair, nor that it is not my fault cuz I didn't know and that he should give me my life back.

So...... When I don't know how to fix my car, I don't ignore the problem, hope for the best, knowing I can claim ignorance and ignore the safety threat that I am to other people out there, I get a mechanic to fix it

Why not the same for people using computers, don't know anything about them, call a tech. By making them accountable for their own ignorance it would solve a large part of the problem. Example : I bet there wouldn't be anymore SPAMS or almost none because people would no longer be part of large botnets if they we're prosecuted for sending the spams.

Re:Remove the buzzwords

[Joe Snipe]

I believe thats what separate user accounts are for.

Re:how dumb

[geekoid]

People are not stupid, they are ignorant.

Re:Interesting

[geekoid]

Can you cite the law?

I know a lot of people put those disclaimers at the bottom of their emails, but I don't think they have any real legal weight.

Re:how dumb

[MightyMartian]

Then you'd best lock up Bill Gates and the Windows 95 development team, because it did pretty much the same thing.

Re:Not Surprising

[ScytheBlade1]

That's no reason to toss it on something like a resume, which is designed to be shuffled around like the cheap paper it was printed on. Sure, some companies shred resumes when they're done, but considering the sheer amount of private information that can be found dumpster diving is impressive....

I don't put my address, date of birth, or SSN even on my resume. Just because these types of things is needed information at the end of the day doesn't mean that they need to be put on something as obviously public as a resume.