Complain about a product or service

Denver DA Probes LimeWire Thefts

Peer-to-Peer Software Enables Identity Theft, Cops Claim

By Martin H. Bosworth
ConsumerAffairs.com

October 30, 2006

Identity Theft • Consumers Cautioned About Voter Registration Scams • Young Adults Seen As Prime Identity Theft Targets • Researchers Find Security Flaws In Online Banking Sites • 'Red Flags Rules' for Identity Theft on the Way • Identity Theft: One Woman's Story • Xbox or PC Stolen? Don't Forget to Cancel Your Credit Cards • Identity Theft a Growth Industry in Texas Border Towns • FTC Warns Consumers About Tax Rebate Scams • Big Banks, Telcos Top Identity Theft List • Identity Theft Tops FTC Complaint List Again • Study Claims Identity Theft 'Continues To Decline' • 650,000 Retail Customers Exposed In Data Breach • Children Becoming Prime Identity Theft Targets • FTC Finds 8 Million Identity Theft Cases • New Jersey Wants Banks to Help Fight Phishing Scams --- • More ...

Denver authorities are warning consumers of an alleged identity theft scam involving the use of LimeWire, a popular peer-to-peer (P2P) file sharing program that lets users send music, videos, and documents to each other over the Web.

The warning came after a search of a LimeWire user's apartment turned up documents belonging to local businesses on the user's hard drive.

Lynn Kimbrough, spokeswoman for the Denver District Attorney's office said that the investigation turned up 75 documents belonging to businesses "from all over the country" that the suspect using LimeWire. One arrest had been made and three more suspects were being sought for questioning, Kimbrough said.

Details were scarce as to the nature of the investigation and how the program was "exploited." Denver authorities noted that the Federal Trade Commission (FTC) issued an alert warning consumers of the dangers of using file-sharing programs.

"Computer users might consider uninstalling and deleting file-sharing software from their computers and consider having their computers screened by a reputable computer professional," Kimbrough said.

But is this all there is to it?

Peer-To-Peer Perils

LimeWire's P2P service works by enabling users who have downloaded LimeWire to remotely search each other's hard drives and upload or download files that they want.

The user enables the folders they want to open to other LimeWire users for sharing.

For example, if a LimeWire user sets up their computer's "My Documents" folder for sharing, other LimeWire users can access that folder for something they may want.

If a LimeWire user was storing sensitive business documents in a folder enabled for sharing, other users could easily avail themselves of the information without any special exploitation of the program. The program has to be active and running for files to be shared.

Without knowledge of the particulars of the investigation, it can only be speculated that an unscrupulous user may have found other users' personal information and business documents in their shared folders.

Many P2P service users will leave applications like LimeWire running for hours or even overnight when downloading multiple files, so documents could be uploaded with no one being the wiser.

LimeWire is one of the largest remaining P2P file-sharing programs active, as many of its contemporaries have been litigated into oblivion for copyright violation, or become legitimate (and less successful) for-pay download services, such as Napster.

The Recording Industry Association Of America (RIAA) has sued LimeWire on charges that it "induces" users to engage in illegal file-sharing, based on the Supreme Court decision of MGM vs. Grokster.

In Grokster, the Court ruled that P2P services could be used to "induce" copyright infringement, which the RIAA took as carte blanche to sue any file-sharing service that didn't comply with its terms.

In response, LimeWire sued the RIAA in September for what it called violations of antitrust law.

"This case is but one part of a much larger modern conspiracy to destroy all innovation that content owners cannot control and that disrupts their historical business models," the company said in its suit.

What You Can Do

Whether or not you believe file-sharing is identity theft, or that sharing files via P2P is copyright infringement, the reality is that allowing unknown users to have access to your personal computer files is very dangerous if you don't have protective measures set up. These can include the following:

• Only set up a file-sharing program if you have up-to-date antivirus software and firewalls running. Scan any uploaded files for viruses or other nasty tricks before putting them in your folders.

• Don't use any file-sharing program that installs additional files onto your machine. Many services come bundled with spyware and adware programs that can cause irreparable harm to your machine. Consider using a "premium" paid model rather than a basic "free" model, as the latter often has many unexpected—and unwanted—additions when you download it.

• Don't enable any directory or folder for sharing that exposes private documents to other users. If you want to share documents, music and images, set up specific folders to open up to your P2P service, and move the files you want to share into those folders only.

• Turn off any file-sharing application if you're not using it. This can be trickier than it sounds, as many programs will continue to run in the background even if you've exited from active use. Make sure to enable your program's settings to shut off completely when you want it to.

Report Your Experience
If you've had a bad experience -- or a good one -- with a consumer product or service, we'd like to hear about it. All complaints are reviewed by class action attorneys and are considered for publication on our site. Knowledge is power! Help spread the word. File your consumer report now.