Catch up on stories from the past week (and beyond) at the Slashdot story archive

 



Forgot your password?
typodupeerror
×
Privacy Government The Courts The Internet News

Man Jailed After Using LimeWire For ID Theft 241

angry tapir sends along this excerpt from PC World: "A Seattle man has been sentenced to more than three years in prison for using the LimeWire file-sharing service to lift personal information from computers across the US. The man, Frederick Wood, typed words like 'tax return' and 'account' into the LimeWire search box. That allowed him to find and access computers on the LimeWire network with shared folders that contained tax returns and bank account information. ... He used the information to open accounts, create identification cards and make purchases. 'Many of the victims are parents who don't realize that LimeWire is on their home computer,' [said Kathryn Warma of the US Attorney's Office]."
This discussion has been archived. No new comments can be posted.

Man Jailed After Using LimeWire For ID Theft

Comments Filter:
  • by BadAnalogyGuy ( 945258 ) <BadAnalogyGuy@gmail.com> on Wednesday August 12, 2009 @11:34AM (#29040005)

    Man jailed for ID theft. This is a good outcome, I'd say.

    The Limewire connection is only interesting because it shows social vulnerabilities inherent in the filesharing mechanism. As long as you make it simple to share files and folders, people are going to be lazy and end up sharing files that they never meant to share.

    • by pha7boy ( 1242512 ) on Wednesday August 12, 2009 @11:50AM (#29040269)
      A small change in Limewire should take care of problems like that (for example asking you to select/confirm which folders you share every time you open it up). I don't find the idea that parents who don't know what their kids installed on their computer is an acceptable excuse. If you have a kid, you better know what's installed on that computer... It's called parental responsibility.
      • by Hatta ( 162192 ) *

        Their kids account should not have read access to important financial records in the first place.

        • Your average parent who doesn't work in a technical field is unlikely to even know what tiered access levels are, much less how to set them up.

          When we first setup Windows 2000 on campus when I was doing IT work for my college, 75% or more of the professors bitched and moaned that they had to now LOG IN to their computers and remember a password. Sure different services around campus had always needed them, but not the computer itself. Just the password seemed too much for them. The concept of multiple user

      • Re: (Score:3, Insightful)

        by TheLink ( 130905 )
        With windows you can stick to "limited users" and don't share accounts, and make it harder for someone else's limewire to suddenly share your files without your permission.

        I think that's the better approach, since it makes it harder for the kid to accidentally delete/corrupt/read your files.

        Not impossible of course - since they have physical access to the computer.
      • by Lord Ender ( 156273 ) on Wednesday August 12, 2009 @12:41PM (#29041045) Homepage

        If you have a kid, you should NEVER SHARE A COMPUTER with it. It is not practical to expect parents to monitor everything a kid does on a computer, or to ensure any level of security on a computer used by a kid.

        Get your kids their own computers and assume they are sharing that computer with a hacker and all of 4chan. Prohibit the use of the computer for any financial transaction. A kid's computer is only "safe" if there is nothing worth stealing on that computer.

        • by Joe Snipe ( 224958 ) on Wednesday August 12, 2009 @01:40PM (#29041945) Homepage Journal

          I believe thats what separate user accounts are for.

          • Re: (Score:3, Informative)

            by Lord Ender ( 156273 )

            ...and that's what privilege escalation exploits are for. Seriously, with a "regular user" account, there are a hundred and eleventy ways to get root. Fake login screen, anyone?

            On top of that, are you 100% sure you will log out when you step away from your computer? Are you 100% sure your kids won't just hop on face-space while you're logged in?

            Your "solution" falls way short of the mark. In the era of $200 netbooks, only a reckless parent would share a PC with a child.

      • by DaHat ( 247651 )

        > for example asking you to select/confirm which folders you share every time you open it up

        So you want Limewire to have it's own form of UAC? Or do you think that if you make it scary enough that the majority of users wont just click yes anyway?

    • Got to agree (Score:4, Interesting)

      by SmallFurryCreature ( 593017 ) on Wednesday August 12, 2009 @12:06PM (#29040501) Journal

      the guy's sentence had nothing to do with limewire or even downloading. If he had downloaded said tax records for just a laugh, he would be free. He has been jailed for fraud pure and simple.

      Don't we hate "X but on the internet" patent claims? Then why are "X with a very loose connection the internet" stories okay?

      • If he had downloaded said tax records for just a laugh, he would be free.

        I've heard this argument on Slashdot before.

        Like every time a geek is sentenced to do hard time after being caught poking his nose into somewhere it didn't belong.

        There are a bare handful of reasons why you could claim to be legally in possession of a someone else's tax records - and none of them are likely to involve a download over the P2P nets.

  • by Wireless Joe ( 604314 ) on Wednesday August 12, 2009 @11:39AM (#29040085) Homepage
    ...shut down by The Man.
  • by davidwr ( 791652 ) on Wednesday August 12, 2009 @11:41AM (#29040119) Homepage Journal

    The crime was using it.

    Here's a moral equivalent:

    Imagine of lots of people left the same forms on their car dashboard for all to see and parked their cars on the public streets. Then I walk along and write that info down in my notebook. So far, I haven't done anything illegal. Or I should say, if I have broken a law, then the laws are broken.

    But once I use this information, particularly if I use it fraudulently, then I've committed a crime.

    • by badboy_tw2002 ( 524611 ) on Wednesday August 12, 2009 @11:48AM (#29040247)

      Apparently the prosecutor did not agree:

      * Wood was sentenced Tuesday to 39 months in prison and three years of supervised release for wire fraud, accessing a protected computer without authorization
      * to commit fraud, and aggravated identity theft. He was tried in the U.S. District Court for the Western District of Washington.

      Key word is "protected computer". Not sure how something sharing *.* on limewire is considered "protected". Guy needed a better lawyer.

      • by Aladrin ( 926209 ) on Wednesday August 12, 2009 @12:03PM (#29040459)

        But he -did- have permission. They have given permission by having limewire share their computer's contents.

        If I put a sign in my front yard next to my lawn chairs that says 'Free chairs', even if I can't read the sign myself, I can't blame anyone for taking the chairs. I did give them permission, even if I didn't know I was doing it.

        And as far as 'protected computer' ... Leaving filesharing open to the world is the opposite of 'protected'. Having a bulldog in your front yard and leaving your front door open does not mean your house is protected.

        • by DerekLyons ( 302214 ) <fairwater.gmail@com> on Wednesday August 12, 2009 @12:22PM (#29040765) Homepage

          If I put a sign in my front yard next to my lawn chairs that says 'Free chairs', even if I can't read the sign myself, I can't blame anyone for taking the chairs. I did give them permission, even if I didn't know I was doing it.

          Which is why we have age-of-consent laws, and laws regarding the validity of contracts, and laws concerning disclosures and waivers... Because the (US at least) legal system does not believe that one can give uninformed permission or consent. (Not to mention that what you are doing here is blaming the victim.)

        • by blackraven14250 ( 902843 ) on Wednesday August 12, 2009 @12:30PM (#29040883)

          Nope, not really. He took this information and conducted fraud. It doesn't matter whether they literally told it to him or he found it in their dumpster or whatever. Fraud is fraud, plain and simple. You don't get away with giving a false driver license to a cop even if the driver gave it to you to use.

          But, I totally agree on the protected computer part from the practical standpoint. It wasn't protected. However, if the law lets them in based on any loophole, it'll be exploited a massive amount. I don't want someone getting into my files because "Windows was already programmed to let them" or some shit like that, and being stuck with no recourse because of it.

          • by CastrTroy ( 595695 ) on Wednesday August 12, 2009 @12:59PM (#29041339)
            The protected computer thing is just an extra charge they have on the books so they can put you in jail for longer, or fine you more. I remember a few years ago on the news, they reported somebody getting charged with a robbery, and one of the charges was "wearing a disguise while committing a felony". There's a lot of extra laws on the books just to increase the number of charges you get when you break an important law. I imagine that had he not actually committed fraud using that data, that there is no way he would have gotten charged, simply for downloading the information from the computer.
            • Well, if it could be proven that he accessed a computer that wasn't his through any sort of method to get this type of information, he could have been if the law doesn't say he needed to commit another crime. I do realize the point you're making about tack-on laws though. "Wearing body armor while committing a murder" comes to mind.
            • I dont like the characterization as these added charges as being superfluous or some kind of anti-justic conspiracy. Of course, all legislation can be abused but here in Illinois we tack on charges if you commit robbery with a gun as opposed to strong arm. Or if you beat someone half to death. Or whatever. It actually helps sentencing make more sense when applied correctly. The kid who ran into the Quickie-mart and stole a snickers bar after telling Apu he'll beat him up if he tried to stop him shouldnt do

          • by geekoid ( 135745 )

            BS.

            It's not a loophole and anyone who understands how computers communicate recognizes the fact that this person was invited on to the computer.

            The only thing that happens is people get into truble for doing something they have been authorized to do. You or I, or anyone can't be standing around second guessing what people mean. In reality what would happen is people woudl step up and figure out how to not share there computer.

            To use a broken house analogy:
            If you put a big sign on your house that says come o

            • To use a broken house analogy:
              If you put a big sign on your house that says come on in, and your door is unlocked, you can't claim I was trespassing because you didn't know someone would actually come in.

              So by that logic a welcome mat at your door is a legal open invitation to strangers.

        • by TheLink ( 130905 ) on Wednesday August 12, 2009 @12:53PM (#29041243) Journal
          The Courts could rule that he didn't really have permission. After all a reasonable person seeing those files being shared would realize that it is far more likely that someone has made a mistake than someone has intentionally given permission to the world to access those files.

          Just because I leave my car unlocked with the keys in them doesn't mean you have been given permission to drive the car away. Now if someone naughty then puts a sign saying "free car" on it, and someone else drives it off, it should be a lesser charge (one should realize that to get the free car, some paperwork needs to done to transfer the ownership).

          If I give you my credit card info it doesn't mean you can go around using it to do your online shopping.

          I don't have the full details but another possibility is the "protected computer" is not necessarily the computer with limewire, it could be the _other_ computers (in banks etc) the guy accessed to commit fraud.
          • by BenEnglishAtHome ( 449670 ) on Wednesday August 12, 2009 @01:53PM (#29042111)

            Just because I leave my car unlocked with the keys in them doesn't mean you have been given permission to drive the car away.

            Not always. Rural residents of the Dakotas will often winter in town. When they leave the country place, they may leave their house and cars unlocked and leave the keys in the car. The thought process is: Anybody who knocks on the door of this place in the middle of winter is in mortal danger. They certainly need shelter. They may need transportation.

            Of course, over the last couple of decades with the rise of the cell phone, this sort of behavior has become far more rare. But back in the day, it was pretty common.

            "And that concludes your trivia moment for today. Join us tomorrow for..."

            • by TheLink ( 130905 )
              Yep. The Golden rule applies- Do unto others as you would have them do unto you.

              Which for the intelligent also includes wanting others to use their brains to understand that people have different tastes (not everyone is a masochist who likes being whipped).
        • Just because I know someone's credit card number doesn't give me authorization to use it. That's fraud and is illegal.
      • Re: (Score:3, Insightful)

        Key word is "protected computer". Not sure how something sharing *.* on limewire is considered "protected".

        "Protected", in this context, probably means "within the scope of protection of the particular law under which he was charged", not "protected by technical security measures."

    • by bi_boy ( 630968 )
      Or to fine tune your analogy: a kid has borrowed their parents car and placed a copy of the tax return, bank statement, whatever, in plain view on the dash or passenger seat and parked it on a public street.
  • Outrageous! (Score:4, Insightful)

    by wbren ( 682133 ) on Wednesday August 12, 2009 @11:47AM (#29040217) Homepage

    This is outrageous! Our rights have been trampled on for the last time! We must rise up and fi....

    Wait, wait, wait... are we /.ers for or against doing illegal stuff on P2P networks this week?

    Sorry, between defending one illegal P2P activity (music "sharing") and condemning another (ID theft), it's hard to know what's what...

    Tip: The mod point you're looking for is "-1 offtopic"

    • Wait, wait, wait... are we /.ers for or against doing illegal stuff on P2P networks this week?

      I think it depends on whether or not we would like to be able to do said illegal stuff. If we think we'd like to be able to do it, we fight for said illegal stuff. If we think it's stupid or really TOO illegal for us, then we agree that it should be illegal.

      It appears to really all come down to whether or not we see any value in the "illegal stuff." Apparently, most /.ers see value for themselves in being able to download music free, but don't feel the need to commit ID theft/fraud on P2P networks.

      In oth

      • Re: (Score:2, Insightful)

        by jahudabudy ( 714731 )
        Well, perhaps some of us decide what actions are and are not acceptable based on our own personal morality and don't really care what the law says (as far as determining right/wrong). In this case, identity theft vs. copyright infringement seem to me to have wildly different moral implications - direct harm vs. not so much any harm.
    • Re:Outrageous! (Score:5, Insightful)

      by mcgrew ( 92797 ) on Wednesday August 12, 2009 @12:16PM (#29040633) Homepage Journal

      Wait, wait, wait... are we /.ers for or against doing illegal stuff on P2P networks this week?

      Some perfectly moral actions are illegal (e.g. smoking marijuana). Some abhorently immoral actions are perfectly legal (e.g. adultery). Sharing copyright files is illegal, but its morality is debatable. Defrauding someone of their hard earned cash is illegal, and its immorality is not debatable.

      But I'm sure someone here will try to debate it anyway. :/

      • Re: (Score:2, Troll)

        by wbren ( 682133 )

        Sharing copyright files is illegal... Defrauding someone of their hard earned cash is illegal...

        You just proved my point. Those two things are essentially the same thing.

        The only difference is that you justify one and not the other by claiming it's alright to steal from a large company but not an individual. It's a Robin Hood mentality that, while romantic and popular, is still wrong. You're basically confusing "moral" with "popular".

        You might feel better about stealing music from RIAA-affiliated labels, bu

        • Re: (Score:3, Funny)

          by Anonymous Coward

          Let's get our terminology straight. It's not identity theft, since nobody is being denied use of their own identity.

          How about calling it identity infringement, which may be legal in some countries...

        • Re: (Score:3, Informative)

          by mcgrew ( 92797 )

          What I said was it is debatable. Personally, I think infringing a copyright is wrong to a certain extent. IMO Infringing a ten year old copyright is wrong, enforcing a fifty year old copyright is just as wrong. Enforcing a dead person's copyright is even worse.

          Nowhere did I say or even imply that it's ok to steal from a corporation. Don't go putting words in my mouth, mr strawman.

          If you're not American your mileage will probably vary, but my concept of what copyright should be is based on the US Constitutio

        • by Wildclaw ( 15718 )

          If anything it is current copyright and patents that are immoral. In the case of patents, they have been used to justify the deaths of huge amounts of people in the name of profit of the few. There is nothing moral in restricting the spread of information that can improve the quality of life for millions upon millions of people.

          Current copyright and patents laws are among the most immoral laws on the books. Few other laws can compete with their destructive tendencies. Copyright and patents are about as prod

    • by Abreu ( 173023 )

      Illegal does not necessarily mean "wrong"

      However, this guy was doing something that was both wrong and illegal

    • Re: (Score:3, Interesting)

      by BobMcD ( 601576 )

      So maybe go with your own opinion and worry less about what other people think?

      Sorry, between defending one illegal P2P activity (music "sharing") and condemning another (ID theft), it's hard to know what's what...

      You've lumped violating copyright in with identity theft. In my view they're not even in the same ballpark, even though I do not personally participate in trafficking of files online.

      You can say 'the law is the law' if you'd like, but if that's the case I'd like to know where my legal right to own slaves went. Unless of course it is possible for some laws to be right and some to be wrong.

      But then, that would require taking a po

    • Re: (Score:3, Insightful)

      by Drakonik ( 1193977 )

      Although technically what you present as an average slashdotter's mindset is true, it's an oversimplification. Music piracy is condoned or at least given more leeway because it's largely the symptom of a bigger problem, that being copyright and DRM asshattery where a user who pays for music ends up unable to use it for whatever reason.

      ID theft, though, is simply theft and exploitation of others for profit.

      At least, that's how I see it.

    • Re:Outrageous! (Score:5, Insightful)

      by mmaniaci ( 1200061 ) on Wednesday August 12, 2009 @12:49PM (#29041179)

      The mod point I'm looking to give you is "-1 Flamebait." Since when is destorying someone's personal life akin to stealing an album? Get some perspective on life, please. Laws do not define right and wrong! Sorry for the flame, /., but people that are blind enough to believe laws are some sort of unchangeable and divine Truth need be burned.

      • Re: (Score:2, Informative)

        by wbren ( 682133 )

        I'm not putting music theft and ID theft on par with each other, merely comparing our culture's attitudes towards each. My point is that we justify one thing which is clearly wrong (stealing music) and condemn another that is clearly wrong (ID theft). In no way did I trivialize ID theft or claim that it isn't a big deal.

        And just for future reference, you lose all credibility with reasonable people when you call for the burning of an individual with a differing opinion. Grow. Up.

    • by 4D6963 ( 933028 )

      Replace "P2P" with "shotguns", "music sharing" with "illegal hunting" and "ID theft" with "homicide" and you get yourself a good firearms analogy showing how it's different.

  • Good but not Great (Score:4, Insightful)

    by Monkeedude1212 ( 1560403 ) on Wednesday August 12, 2009 @11:47AM (#29040225) Journal

    I mean the guy should go for jail for it, no doubts there - but the fact that it can happen is the real issue that needs to be addressed.

    I mean it's not the victim's fault, they probably don't even know what Limewire is, let alone how to use it or how it can be dangerous. It's not Limewire's fault, I mean any method they put in to prevent this will either detract from their service or will just spawn more problems.

    And little Billy Downloady just put My Docs as the shared folder so his music goes into the music folder and the movies go into the movies folder. Having no idea that his parents happened to keep sensitive info in there.

    I Guess the solution... Encrypt your Data regardless your situation?

    • Encrypt your Data regardless your situation?

      I wonder how many people, if they don't know that LimeWire is installed and running, are going to know how to encrypt their data....

    • Re: (Score:3, Insightful)

      by Otto ( 17870 )

      I still blame the parents for not creating a decent separation of their data vs. their kids. Why does little Billy Downloady have the equivalent of root access, so he can install the software to begin with? Why does he have access to the tax records in the first place?

      You don't need to resort to hard core encryption. Simple user separation would have prevented this sort of thing. Heck, even Windows rather lame user system would work just fine to prevent this.

      Family members should have separate accounts on t

    • by geekoid ( 135745 )

      It's the victims fault that they had a system that specifically gave permission for people to connect to their system.

      The parents are responsible for the kids action.

      They aren't at fault for the misuse of the gathered information.

      You aren't a victim of trespass if you tell people there allowed onto your property.

      The solution is to understand what goes on with your computer.

  • Interesting (Score:3, Insightful)

    by geekoid ( 135745 ) <{moc.oohay} {ta} {dnaltropnidad}> on Wednesday August 12, 2009 @11:48AM (#29040249) Homepage Journal

    Clearly using the information is wrong.
    I don't think getting data from a folder someone has publicly shared is wrong.

    And before someone uses that lame ass house analogy, it doesn't apply becasue that's not how computer communicate.

    • Re: (Score:3, Interesting)

      by amorsen ( 7485 )

      I don't think getting data from a folder someone has publicly shared is wrong.

      Around here, if you get an email by mistake (e.g. the wrong address was entered, or someone sent a private email to a work account which you are legally monitoring), you have no right to read it. You have to stop reading as soon as you realize that the email isn't for your eyes, and you have no right to share or use the information you received by mistake.

      I think that analogy is quite close to the case of opening someone's Quicken file.

      • Re: (Score:3, Informative)

        by Aladrin ( 926209 )

        Cripes, with some of the crazy emails around here, I -have- to read the entire email to be absolutely sure it wasn't for me.

        • by amorsen ( 7485 )

          Cripes, with some of the crazy emails around here, I -have- to read the entire email to be absolutely sure it wasn't for me.

          Well, you aren't obligated beyond your abilities...

      • by qwijibo ( 101731 )

        There's a subtlety in that the mistake isn't on the part of the email or the receiver, it's that the sender addressed the email to someone other than the intended party. While it's lame and unethical to exploit such a mistake, I doubt there would be any legal recourse if that person were to do anything they wanted with the information they received. The sender could be penalized for disclosing information to an unauthorized party, but there's no obligation on the part of the receiver of the email.

        The lega

      • Re: (Score:3, Insightful)

        by geekoid ( 135745 )

        Can you cite the law?

        I know a lot of people put those disclaimers at the bottom of their emails, but I don't think they have any real legal weight.

  • Protected!? (Score:5, Insightful)

    by SendBot ( 29932 ) on Wednesday August 12, 2009 @12:01PM (#29040417) Homepage Journal

    Wood was sentenced Tuesday to 39 months in prison and three years of supervised release for wire fraud, accessing a protected computer without authorization to commit fraud, and aggravated identity theft.

    What chain of idiocy determined the computers he accessed to be "protected"?

    Wood: Hey, do you have any files with names like this?
    Computer: Yeah, I do.
    Wood: Can I have them plz?
    Computer: No problem - here they are for you.

    • Re:Protected!? (Score:5, Informative)

      by wbren ( 682133 ) on Wednesday August 12, 2009 @12:21PM (#29040747) Homepage

      What chain of idiocy determined the computers he accessed to be "protected"?

      The U.S. Congress -- More specifically, the Identity Theft Enforcement and Restitution Act expanded the definition of "protected computer" to include basically any computer with a network connection. More information is available at:

    • by BobMcD ( 601576 )

      Is it a bad-faith argument? That the LimeWire users only intended to share media, and not sensitive data?

      IANAL, but it seems possible that Wood knew what he was doing was not the intended purpose of the product, and thus is culpable for any damage caused through his own actions.

      It would be morally, if not legally, similar to exploiting a vulnerability in Windows to gain the files. I mean, the user CHOSE to run Windows, and they CHOSE not to patch it, so they should expect to get breached, right?

      No, probab

    • Re: (Score:2, Insightful)

      by herksc ( 1447137 )
      Agreed.
      This is from the The Computer Fraud and Abuse Act [wikipedia.org] that states it is a criminal offense when: "Knowingly accessing a protected computer with the intent to defraud and there by obtaining anything of value."

      Poorly written law if you ask me. What if the computer is protected but some of the files are not? How do you define a "protected" computer anyway? What if it is locked in a safe, but connected to the internet with no safeguards? By definition of this law, if I retrieve national security info
      • Re: (Score:2, Informative)

        by herksc ( 1447137 )
        Some corrections:

        This law actually states it is a crime when "Knowingly accessing a computer without authorization in order to obtain national security data". So even if the computer is not protected, it is a crime if you access it knowingly without authorization to to retrieve national security information. That part's not so bad.

        It does state though that "Knowingly accessing a protected computer with the intent to defraud and there by obtaining anything of value" is a crime. So using a computer to
      • Re: (Score:2, Interesting)

        by bws111 ( 1216812 )

        A protected computer is defined very precisely in the law:

        (2) the term "protected computer" means a computer-

        (A) exclusively for the use of a financial institution or the United States Government, or, in the case of a computer not exclusively for such use, used by or for a financial institution or the United States Government and the conduct constituting the offense affects that use by or for the financial institution or the Government; or

        (B) which is used in interstate or foreign commerce or communicat

    • by Inda ( 580031 )
      The folder containing the tax return spreadsheet was actually hidden. And named "secret". Probably.
  • Ouch (Score:3, Insightful)

    by pak9rabid ( 1011935 ) on Wednesday August 12, 2009 @12:03PM (#29040457)
    Yet another damn good reason not to let your kids have free reign on your computer that you also use for banking and filing your taxes.
  • by schwit1 ( 797399 ) on Wednesday August 12, 2009 @12:07PM (#29040527)
    Frederick Wood: did he think passing off boxes of junk as computers would never fail?

    First craigslist victim: you wrote a check without checking the product?

    Prosecutor: what 'protected computer' was accessed? Do you have a different definition of protected?

    ID theft Victims: what are you thinking putting sensitive information on a computer used by teenagers?
  • Not Surprising (Score:4, Insightful)

    by Dekks ( 808541 ) on Wednesday August 12, 2009 @12:20PM (#29040709)

    I'm still amazed how many people think it's a great idea to have their resume on their personal website, along with their date of birth, address and believe it or not I've actually seen people put their SSN on their resumes.

  • With all that crap in the MS system tray, it's a wonder anyone has any idea when new things appear on their machine.

There are never any bugs you haven't found yet.

Working...