Man stole data from U.S. service members via P2P

Rene Quimby was sentenced to 75 months in prison Thursday on fraud and identity theft charges

A California man who dug up sensitive information belonging to U.S. service members on peer-to-peer networks, and then used it to order iPods, cameras, and even washing machines from an online store, was sentenced to 75 months in federal prison Thursday.

Rene Quimby, 42, had already pleaded guilty to fraud and identity theft charges in May. According to court filings, Quimby stumbled upon the scam four years ago after uncovering military rosters listing sensitive information online. His victim was the Army and Air Force Exchange Services (AAFES), the organization that does about US$10 billion in business annually, running the post exchange retail outlets on military bases.

"Quimby learned of the website when he downloaded a file that contained a service member's username and password for an AAFES account," reads a factual resume signed by Quimby in May when he entered his guilty plea. "He then learned that he could use service members' social security numbers and dates of birth to log into the site."

His next move was to chat with the website's customer support staff. Using the same stolen information to answer their security questions, he'd get them to tell him the victim's STAR credit card number, used to make purchases with the AAFES. He then would spend as much as he could in an online shopping spree, buying computers, cameras, iPods, even washing machines. He'd have the goods mailed to different addresses in California, where he'd pick them up and fence them.

In some cases, Quimby found digital images of victims' checks. Using the account and bank routing numbers visible on the checks, he'd set up online fund transfers and empty checking accounts to pay down the balances on his stolen STAR cards. Then he'd "'max-out' the military STAR credit cards over and over again," the factual resume states.

The scam ended when finally changed its policy and stopped handing out credit card numbers via online chat.

Investigators found more than 16,000 identities on Quimby's computer, and he'd compiled detailed dossiers on 650 victims, the U.S. Department of Justice said in a statement.

Data leakage on peer-to-peer networks has emerged as a serious problem for consumers and corporations. Often peer-to-peer users don't realize that they're sharing folders or files that they'd really prefer to keep secret. Apparently that is how Quimby was able to uncover all his data, using popular file-sharing programs such as Etomi Pro and Frostwire.

The problem got so bad that last year that the U.S. Federal Trade Commission sent out letters to about 100 U.S. companies warning them that they were inadvertently publishing customer information such as social security numbers and driver's licenses on peer-to-peer networks.

Quimby was sentenced in the U.S. District Court for the Northern District of Texas. He must also pay more than $210,000 in restitution to AAFES. His attorney, Carlton McLarty, did not return messages seeking comment.

Robert McMillan covers computer security and general technology breaking news for The IDG News Service. Follow Robert on Twitter at @bobmcmillan. Robert's e-mail address is

Join the CSO newsletter!

Error: Please check your email address.

Tags U.S. Department of JusticeInternet-based applications and servicesArmy and Air Force Exchange ServicessecuritylegalgovernmentIdentity fraud / theftinternetcybercrime

More about Department of JusticeFederal Trade CommissionFTCIDG

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Robert McMillan

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place