'Iceman' Gets 13 Years For 2nd Hacking Offense 289
Hugh Pickens writes "Computerworld reports that Max Ray Butler, who used the hacker pseudonym Iceman, has been sentenced to 13 years in federal prison for hacking into financial institutions and stealing credit card account numbers, the longest known sentence ever handed down for hacking charges. This isn't Butler's first time facing a federal hacking sentence. After a promising start as a security consultant who did volunteer work for the FBI, Butler was arrested for writing malicious software that installed a back-door program on computers — including some on federal government networks — that were susceptible to a security hole. Butler served an 18-month prison term for the crime and fell on hard times after his 2002 release. In desperation, he turned again to cybercrime and by the time of his arrest in September 2007, he had built the largest marketplace for stolen credit and debit card information in the world."
Re:Good. (Score:2, Interesting)
Re:Good. (Score:2, Interesting)
Not all banks limit to 4 digit numbers, my bank required a minimum of 6, suggest 8 and supported upto 10 digits for your pin.
The downside to this was that banks that only used the 4 digit system wouldn't allow you to use your ATM card to withdraw cash.
It was almost impossible to find a place in North Carolina that would accept over 4 digit pins back when I was there...
Good for the FBI (Score:3, Interesting)
Re:Good. (Score:3, Interesting)
Which is rather like saying "It wasn't the murderer's fault Bob got killed, it was Bob's own fault for not walking around in a kevlar vest!"
Re:Good. (Score:3, Interesting)
Saying the banking system is innocent of neglecting security is like saying a security guard who happens to fall asleep on duty isn't responsible if there's a break in.
Re:Interesting..... (Score:3, Interesting)
Perhaps that is the reason we as a society don't like to hire criminals. We think they get off too easy. Make prison something to regret going to. That way, not only do you not want to go back, but you've paid through the nose for your crime and people will understand you've learned your lesson.
And quite frankly, if life sucks so bad that you'd rather be in jail than on the streets, then there's something seriously fucked up about the way we take care of ourselves. If homeless folks can't even make a living better than the crooks behind bars, then crime DOES pay.
I would do these
* Make prison a hellish place for EVERYONE...including those ass-bangers who think it's funny to rape their fellow inmates and get away with it.
* Take care of homelessness
What hard times did he fall on? (Score:2, Interesting)
He broke the law, got out, and had a chance to redeem himself. The article said he fell on hard times in 2002. He's a talented programmer, which means everything from programming and below he could do. I know plenty of folks who get out of prison, and bust their butts struggling, just to stay out, and they don't have near this guy's marketable skills. He's a felon, you say? As if that means he can't get work programming. Guess what: I'm a programmer. I got out of prison last January after serving a 6 year sentence. (10+ year Slashdotter, just posting AC for obvious reasons.) I do consulting. 2009: about $65,000, and that's because I'm just getting my feet on the ground. His eighteen months was supposed to make him harder. Obviously it didn't; he punked out and took the easy way. Since it's obvious he didn't learn the lesson he was supposed to have, he deserves having to go back to try to learn it again.
Re:Good. (Score:1, Interesting)
Security is a parameter. It must be chosen in order to optimize certain characteristics.
For example, I have the most secure server in world. It's on the floor in my closet, disconnected from both power and network. No hacker has broken into it yet. It also has the characteristic of being completely useless to everyone (including me).
Realize that the banks do not pay the costs for security and security breaches. They pass that cost onto their consumers. They carefully weigh the costs of prevention, detection, and impact of security defects against other factors like ease-of-use of their products, and then they make an offering. You are free to have faith in the business analysts at the bank, and open an account there. You are also free to start your own credit union, where security is the highest priority.
Everybody responsible for their own actions. It works.
Warrant for Floyd Landis the cyclist for hacking? (Score:5, Interesting)
That's right the guy who got caught with the performance enhancing drugs during the Tour de France had a warrant issued for him today for hacking. I don't know what it is over but maybe his attempts to tamper with the committee who tested him maybe. I don't know all the info but I just saw it on the news channel.
Nevermind here it is
France Issues Arrest Warrant for Cyclist Floyd Landis
http://www.nytimes.com/2010/02/16/sports/cycling/16landis.html [nytimes.com]
PARIS — The United States cyclist Floyd Landis was stripped of his 2006 Tour de France title after testing positive for performance-enhancing drugs, but the fallout from his doping case has lingered.
Thomas Cassuto, a French judge, issued an arrest warrant for Landis last month, in connection with a computer hacking case, said Astrid Granoux, a spokeswoman for the prosecutor’s office in Nanterre, a suburb of Paris, which is handling the matter.
“That means he would be arrested if he came to France,” Granoux said Monday, adding that the warrant had not been distributed outside of French territory.
Landis, who raced for the Ouch Pro Cycling Team last year, parted ways with the team last fall. He could not be reached for comment Monday.
Cassuto is seeking to question Landis about the data hacking that occurred in the fall of 2006 at the Châtenay-Malabry antidoping lab, which is the facility that conducted the tests on Landis’s urine samples from the 2006 Tour.
A very public dispute between Landis and the lab’s officials was the crux of Landis’s defense in his doping case, which ended in his being barred from the sport for two years. Landis and his defense team had alleged that the lab’s testing procedures were sloppy, so its test results could not be trusted.
Pierre Bordry, the lab’s director, said a security breach of the facility’s computers occurred because hackers wanted to obtain data to discredit its scientists. He said that some of the stolen data had been altered to make it seem as if the lab had made errors.
In November 2006, lab officials filed a formal complaint saying that its computer data had been stolen and used in Landis’s defense. That confidential data was also sent to other labs and news media, officials said. A subsequent search of the lab’s computers turned up a Trojan horse, which is a program that allowed an outsider to remotely download files.
Investigators concluded that the program could have originated from an e-mail message sent to the lab from a computer using the same Internet protocol address as Arnie Baker, Landis’s coach.
Landis and Baker, who continue to insist that Landis did not use performance-enhancing drugs to win the Tour, deny being involved in the computer hacking.
So... in essence (Score:2, Interesting)
Re:So... in essence (Score:3, Interesting)
How many counts of stealing? Was he charged with first degree grand theft? And, not just stealing but also establishing a marketplace for stolen information, that could be one or more counts of facilitation, conspiracy, racketeering, etc.
Seeing as you don't know the number of charges nor what the actual charges were, your statement is foolish at best.
Re:Good. (Score:4, Interesting)
And make the rape victims responsible. And the carjacking victims. Yeah man!
We should absolutely punish those who take unfair advantage of the system. But if we really want results, we should fix the system.
What would be the results of "fixing the system"? If you make the banks eat every penny of fraud, you'll wind up with a system that is much more inconvenient for the honest users. You might as well not have a credit card.
Here's an example. I was travelling. As in I was not at home. I made a charge in Holland. VISA called me at home, where I wasn't, and left a vague message saying "call us". I went on to England and made some more charges. I got home and "got the message". I called VISA. They asked me if I had made the charge in Holland. I said yes. "No problem". Two days later, another "call us message". I did. "Did you make this charge in Holland?" Yes. "Did you make this charge in England?" Yes. "No problem."
A few days later, yet another "call us" message. I did. Again, "did you make this charge in Holland?" Yes. Yes. I asked why I was repeatedly being called about this, and finally someone forwarded me to the fraud department. "Those people are morons" (paraphrasing). "Your card was compromised in Holland, we are cancelling it and sending you a new one."
Well, that's very nice, I said, but I'm leaving on a trip tomorrow at 6AM and I need that card to pay for things. Why didn't you do this the first time I called? "Those people are morons." (paraphrased)
So I get my new card and realize that my webhosting is paid on the old one. I've cut up the old one and destroyed it, and I'm not near my vast files filled with past statements, but I know I need to get the account data changed. "I need to change the account for my billing," I say. "What's the old account number?" "I dunno, I don't have that card anymore." "We can't change accounts without the old number." Sigh.
So, no, I don't think the system should be fixed because the system becomes unusable when the security becomes tight. I LIKE being able to order stuff over the phone and have it shipped to my work instead of billing address (because of the security issue of UPS just dropping stuff on my front step with no signature). I sometimes NEED to be able to buy stuff with my personal card and have it delivered to odd places around the world so I can get my work done when I'm there.
Security and convenience is a trade-off. You want to err on the side of security. Most people want to err on the side of convenience.
Re:Good. (Score:1, Interesting)
Not really. What you need to be is stupid. Doing what this guy was doing requires that you expose yourself to the mob, and eventually leaving some kind of track that can lead the police to you.
He actually got away with it for quite a while, but he was stupid enough to keep doing it.
I know I could steal some nonzero amount if I put my skills to it. I also know the odds of not getting caught for a good enough figure, are not worth bothering.
If I was to steal money, I would target cash loaded members of the local mob in a dark alley after tracking their behavior for a while. It is less morally wrong, not really harder than targeting old ladies, they probably won't report it to the police, and the chances of being actually killed by a mobster are a lot lower than when directly dealing with them.
Re:What hard times did he fall on? (Score:3, Interesting)
Re:In THIS case I blame the criminal (Score:3, Interesting)
IMO, if there really is no more legal way to feed one's dependants then stealing is more moral than allowing them to starve. It is then better to steal from one who would miss what he has lost less, because that does less harm to others. It all depends if you consider your duty to your family/friends more important than your duty to society at large.
feeding oneself is more morally grey, but I suspect that most people would take care of themselves before worrying about strangers if they truly are that desperate.
Re:Good. (Score:3, Interesting)
Funny you should mention that; a week or so ago, I printed out that same passage, and the page or two surrounding it, and stowed it away in my wallet for the next time a clerk insists on seeing my ID in order to complete a sale.
(Some people might think I'm a man of principle. Most others would probably say that I'm just an asshole, making it harder for the commonfolk who "are just doing their jobs." Myself, I see it like this: If I have to follow the rules when I deal with people, then so does everyone-fucking-else when they deal with me.)