LimeWire cited as identity theft attack vector

Wood entered terms such as "tax return" and "account" to find financial information

The use of LimeWire, a popular peer-to-peer (P2P) service, as a tool for identity theft has been highlighted by a court case in Seattle.

Frederick Wood was sentenced to three years in prison today for using LimeWire to steal personal information, which he then used to fraudulently buy goods online and then sell them on Craigslist.

Wood admitted to using LimeWire to trawl the hard drives of user’s computers, entering terms such as "tax return" and "account" to find financial information. He also searched for college application forms because of the wealth of financial information they contained.

When police raided his computer they found financial information of more than 120 people. This data had been used to forge cheques which were used to buy electrical goods.

LimeWire and other peer-to-peer systems need to be very careful set up when they are first installed, since the default setting is to share all the information on the hard drive online.

This is not only a problem for consumers but also for business. Congress has heard in the past month that key government data, including details of presidential safe houses, was available through the P2P system because IT administrators were not barring LimeWire either on the computer or via the firewall.

Wood was only caught because of a more low-tech crime. He arranged to sell a laptop face to face and switched the computer’s box, leaving the potential customer with a box containing a book and a vase.