Follow Slashdot stories on Twitter

 



Forgot your password?
typodupeerror
×
Security IT

'Iceman' Gets 13 Years For 2nd Hacking Offense 289

Hugh Pickens writes "Computerworld reports that Max Ray Butler, who used the hacker pseudonym Iceman, has been sentenced to 13 years in federal prison for hacking into financial institutions and stealing credit card account numbers, the longest known sentence ever handed down for hacking charges. This isn't Butler's first time facing a federal hacking sentence. After a promising start as a security consultant who did volunteer work for the FBI, Butler was arrested for writing malicious software that installed a back-door program on computers — including some on federal government networks — that were susceptible to a security hole. Butler served an 18-month prison term for the crime and fell on hard times after his 2002 release. In desperation, he turned again to cybercrime and by the time of his arrest in September 2007, he had built the largest marketplace for stolen credit and debit card information in the world."
This discussion has been archived. No new comments can be posted.

'Iceman' Gets 13 Years For 2nd Hacking Offense

Comments Filter:
  • long term sentence (Score:5, Insightful)

    by girlintraining ( 1395911 ) on Monday February 15, 2010 @03:14PM (#31147908)

    And lesson we've all learned today, class? Don't crap in your own backyard.

  • by zero_out ( 1705074 ) on Monday February 15, 2010 @03:15PM (#31147918)
    Looks like Iceman is being put on ice for 13 years. It's well-deserved, IMO.
  • by otherniceman ( 180671 ) on Monday February 15, 2010 @03:16PM (#31147942)

    12 Years, 11 months of the sentence for using the pseudonym Iceman.

    • Re: (Score:3, Funny)

      by Anonymous Coward

      His ego was writing checks that his body couldn't cash.

      • Re: (Score:2, Funny)

        by Anonymous Coward

        Was his Goose cooked? And tenderized?

        Lol too soon.

    • by gad_zuki! ( 70830 ) on Monday February 15, 2010 @05:28PM (#31149614)

      >12 Years, 11 months of the sentence for using the pseudonym Iceman.

      And after 12 years, 11 months he'll be using the pseudonym Assman.

    • Re: (Score:3, Funny)

      by niknatas ( 193028 )

      12 Years, 11 months of the sentence for using the pseudonym Iceman.

      I have some photos of what the "Iceman" may look like after his release.

      http://imgur.com/KJHkT.jpg

      -Cheers

  • Good. (Score:5, Insightful)

    by AnotherUsername ( 966110 ) * on Monday February 15, 2010 @03:18PM (#31147962)
    I hope that he has to serve the full sentence, and doesn't get out on parole. Credit card fraud is not fun. I can only hope that more people convicted of credit card fraud receive sentences like this.
    • Re:Good. (Score:5, Insightful)

      by Hatta ( 162192 ) on Monday February 15, 2010 @03:51PM (#31148366) Journal

      If you really want to reduce fraud, make the banks financially responsible for it. As it is, there's little incentive for the industry to increase their security.

      I'm not saying this guy shouldn't be in jail. We should absolutely punish those who take unfair advantage of the system. But if we really want results, we should fix the system.

      • Re:Good. (Score:4, Interesting)

        by Obfuscant ( 592200 ) on Monday February 15, 2010 @06:04PM (#31150042)
        If you really want to reduce fraud, make the banks financially responsible for it.

        And make the rape victims responsible. And the carjacking victims. Yeah man!

        We should absolutely punish those who take unfair advantage of the system. But if we really want results, we should fix the system.

        What would be the results of "fixing the system"? If you make the banks eat every penny of fraud, you'll wind up with a system that is much more inconvenient for the honest users. You might as well not have a credit card.

        Here's an example. I was travelling. As in I was not at home. I made a charge in Holland. VISA called me at home, where I wasn't, and left a vague message saying "call us". I went on to England and made some more charges. I got home and "got the message". I called VISA. They asked me if I had made the charge in Holland. I said yes. "No problem". Two days later, another "call us message". I did. "Did you make this charge in Holland?" Yes. "Did you make this charge in England?" Yes. "No problem."

        A few days later, yet another "call us" message. I did. Again, "did you make this charge in Holland?" Yes. Yes. I asked why I was repeatedly being called about this, and finally someone forwarded me to the fraud department. "Those people are morons" (paraphrasing). "Your card was compromised in Holland, we are cancelling it and sending you a new one."

        Well, that's very nice, I said, but I'm leaving on a trip tomorrow at 6AM and I need that card to pay for things. Why didn't you do this the first time I called? "Those people are morons." (paraphrased)

        So I get my new card and realize that my webhosting is paid on the old one. I've cut up the old one and destroyed it, and I'm not near my vast files filled with past statements, but I know I need to get the account data changed. "I need to change the account for my billing," I say. "What's the old account number?" "I dunno, I don't have that card anymore." "We can't change accounts without the old number." Sigh.

        So, no, I don't think the system should be fixed because the system becomes unusable when the security becomes tight. I LIKE being able to order stuff over the phone and have it shipped to my work instead of billing address (because of the security issue of UPS just dropping stuff on my front step with no signature). I sometimes NEED to be able to buy stuff with my personal card and have it delivered to odd places around the world so I can get my work done when I'm there.

        Security and convenience is a trade-off. You want to err on the side of security. Most people want to err on the side of convenience.

    • Re: (Score:3, Insightful)

      by Lumpy ( 12016 )

      Yet the scumbags at AIG and the financial institutions robbed most americans blind and they were given end of the year bonuses!

    • Re: (Score:3, Informative)

      I hope that he has to serve the full sentence, and doesn't get out on parole

      Since he's up on federal charges, he'll have to serve a minimum of 85% of his sentence time--about eleven years.

  • Interesting..... (Score:5, Insightful)

    by LordPhantom ( 763327 ) on Monday February 15, 2010 @03:27PM (#31148072)
    "It is a shame that someone with so much ability chose to use it in a manner that hurt many people," Dembosky said in an e-mail message."

    That in light of

    "Butler served an 18-month prison term for the crime and fell on hard times after his 2002 release, he said in a sentencing memorandum filed Thursday. "I was homeless, staying on a friends couch. I couldn't get work," he wrote. In desperation, he turned again to cybercrime."

    I'm not saying he's right, but it does highlight something interesting about finding work as an ex-con.
    • by Attila Dimedici ( 1036002 ) on Monday February 15, 2010 @03:33PM (#31148144)
      Of course it didn't help that he was convicted of abusing the trust that people gave him when offered his services as a security consultant in the first place (which appears to be his only marketable skills).
      • And of course "I couldn't get work" is often used as a proxy for "they are not handing me the exact job I think I deserve." There ARE jobs out there people. There IS work to be done. Oh, not good enough for you? Yes, I can see your only recourse is to become a thief. Uh huh. The people I've known who were thieves always came up with very good reasons why they just HAD to steal. Bullshit.
        • Re: (Score:2, Insightful)

          by Anonymous Coward

          The right answer is to lie and say you aren't a felon.

      • by fm6 ( 162816 ) on Monday February 15, 2010 @04:11PM (#31148616) Homepage Journal

        So, when a criminal does his time, gets out, and can't find a job, your only response is, "It's your own fault." That's just stupid.

        There seems to be a widespread belief that if you have a social problem, all you need to do is find somebody to blame. As when ex-cons can't find work: it's their own fault for breaking the law. Moral myopia aside, that just doesn't work out. If a criminal has no chance to "go straight" you're guaranteeing that he'll go on comiting crimes.

        Yeah, yeah, many ex-cons will do that no matter what. But does that mean we have to make it their only choice? Perhaps helping them find lawful alternatives sticks in your self-righteous craw, but ask yourself, is that any worse than paying the huge costs (about $22K per prisoner per year) of an ever-growing prison population [wikipedia.org]? Not to mention the huge economic and human costs of the crimes this culture of punishment is facilitating.

        • Re: (Score:3, Insightful)

          So, you would have no problem hiring a guy to be your bookkeeper who had been convicted of embezzling from the last guy he worked for as a bookkeeper?
          • Re: (Score:3, Insightful)

            by fm6 ( 162816 )

            I suppose I would have a problem. That's not the point. This isn't about whether employers should ignore an applicant's criminal records. This is about what we do to try to re-integrate people who've left prison. And right now we don't do shit.

            Take your embezzling bookkeeper. It's safe to say that once he's been convicted, he's going to have to find a new way to make a living. So it makes sense to retrain him to do something else while he's incarcerated. Otherwise, all the good will in the world won't help

      • by Deanalator ( 806515 ) <pierce403@gmail.com> on Monday February 15, 2010 @04:39PM (#31148952) Homepage

        That's what the prison sentence was for.. I find it extremely unfair that even after you get out, the only job you can get with a felony like that is gas station attendant. I think equal opportunity laws should cover people with criminal records for this very reason.

    • by Ungrounded Lightning ( 62228 ) on Monday February 15, 2010 @03:38PM (#31148198) Journal

      I'm not saying he's right, but it does highlight something interesting about finding work as an ex-con.

      His first conviction was for criminally violating the trust of his employer and working in direct contravention to his employer's interests and mission. His skills are such that to be employed effectively he must be trusted.

      Oops!

      He did it to himself. No employment for him. (He'd have been lucky to find burgers to flip.)

      So then he starts a business. High corporate positions may have been barred to him by his first conviction, but a lot of smaller stuff still was open. Yet what does he chose? Cybercrime.

      Oops!

      When he finally gets out from THIS one he'll be watched so closely that even organized crime is unlikely to work with him.

    • by elnyka ( 803306 )

      "It is a shame that someone with so much ability chose to use it in a manner that hurt many people," Dembosky said in an e-mail message." That in light of "Butler served an 18-month prison term for the crime and fell on hard times after his 2002 release, he said in a sentencing memorandum filed Thursday. "I was homeless, staying on a friends couch. I couldn't get work," he wrote. In desperation, he turned again to cybercrime." I'm not saying he's right, but it does highlight something interesting about finding work as an ex-con.

      What type of work was he trying to get? Not that it is easy to find work as an ex-con, but it isn't impossible either (so long as the person lowers his expectations... read flipping burguers.) That is part of the cross an ex-con got to carry, right or wrong.

    • Re: (Score:2, Insightful)

      I couldn't get work," he wrote. In desperation, he turned again to cybercrime."

      Cry me a river.

      Try standing out in front of Lowe's or Home Depot on a Saturday morning. It seems to work for others.

      There's plenty of work for ex-cons who want to work. He just took the easy way.

    • Re: (Score:3, Insightful)

      I do agree, why does it have to be a forwarning to employers that you had a criminal past. If I spent my time in jail as decreed by the law for my crime, I have served my sentenced and therefor deserve the respect of doing the time, and start with a clean slate. No one will hire a criminal because they do not believe they have been reformed. I tend to agree the system is faulty, but I would start with making it somewhat less complicated for an ex con to get a job.

      If he was young, and made a mistake, and pai

      • Re: (Score:3, Interesting)

        by shentino ( 1139071 )

        Perhaps that is the reason we as a society don't like to hire criminals. We think they get off too easy. Make prison something to regret going to. That way, not only do you not want to go back, but you've paid through the nose for your crime and people will understand you've learned your lesson.

        And quite frankly, if life sucks so bad that you'd rather be in jail than on the streets, then there's something seriously fucked up about the way we take care of ourselves. If homeless folks can't even make a li

    • One thing about developing a bad reputation like this is that afterward you are completely dependent on the charity of others to help sort it out. That's the way it should be. If you see someone else doing the exact opposite of what you did, there is some hope that you might understand the consequences of your own actions repent from them. Of course, finding someone in the position to help you out, with the heart to do so, can be really tough. I don't like they idea that we should atomically give people

    • I'll bet if he tried hard enough he could've gotten a small employer to understand his situation, especially if he has the coding skills he appears to have. Over the course of years/decades he could've rebuilt his reputation. A brilliant coder is hard enough to find, let alone one that has to work for relative peanuts. He could've found a job, it just wouldn't have been paying him what he was "worth".

      He made his choice twice now... throw him away.
      (Yeah, it's cold, but he's stealing MY credit card n
    • Re: (Score:3, Informative)

      by dissy ( 172727 )

      I'm not saying he's right, but it does highlight something interesting about finding work as an ex-con.

      And that is why in the USA, even a 2 week sentence to jail is identical to a life sentence in prison, because a 2 week stay in jail will ruin all of the remaining years of your life (by design)

      When you are starving and can't get money legally because the government set it up that way, its obvious what one must do to survive.

      Personally I do blame the government for creating directly so much crime that wouldn't happen otherwise.
      You see much less of this problem in countries with sane punishments for the harm

  • For writing? (Score:2, Flamebait)

    by HungryHobo ( 1314109 )

    "Butler was arrested for writing malicious software that installed a back-door program on computers "

    I hope that's for releasing/using the software rather than the simple act of writing it.

    • It's right there in the summary "...installed a back-door program on computers — including some on federal government networks...". 'Installed' not 'was capable of installing'. Basic literacy ftw?
  • by netik ( 141046 ) on Monday February 15, 2010 @03:36PM (#31148174) Homepage

    This isn't about a 13 year sentence for "Hacking."

    This is a 13 year sentence for credit fraud, credit card theft, and oh yeah, he also stored the credit card numbers on a computer where other people could get to them.

    There's no cleverness here that needs awarding. Back doors are easy to install when the FBI has already allowed you to contract there.

  • Butler served an 18-month prison term for the crime and fell on hard times after his 2002 release, he said in a sentencing memorandum filed Thursday. "I was homeless, staying on a friends couch. I couldn't get work," he wrote. In desperation, he turned again to cybercrime."

    Well yeah, that makes sense, seeing as it worked so well the first time. . .

    • He's not homeless anymore.

      Ok, kidding aside - if you know you're screwed, that means that you have less to risk on a second attempt. He's already an ex-con. When he gets out after this sentence he's going to be...an ex-con. Nothing will have changed, his prospects will be exactly the same. It's a good gamble, if you look at it from a game theory-ish kind of viewpoint.

      But that being said I find it unlikely that he couldn't find any work at all. I mean hells bells, he's got the balls to install backd

      • Re: (Score:3, Insightful)

        by mosb1000 ( 710161 )

        Usually when people say they can't find work, they mean work they are willing to do. He might be able to get a job at McDonalds or 7-eleven, but they probably weren't up to his standards.

        I have a lot of friends who say they can't find a job because of the job market. When I ask them if they've tried at applying for a job at a fast food place with a help-wanted sign on the door they universally respond with something like "I won't work fast food" or "I'm looking for more money than that". It's hard to ear

        • Re: (Score:3, Informative)

          by Lumpy ( 12016 )

          My wife has tried that. She holds a CPA and cant get a job flipping burgers. Why? the "overqualified" bullshit response. They know that the second a real job comes along she will bolt and run. Honestly you have to outright lie to employers today. Hide your experience and education if you might be overqualified.

      • Ok, kidding aside - if you know you're screwed, that means that you have less to risk on a second attempt. He's already an ex-con. When he gets out after this sentence he's going to be...an ex-con. Nothing will have changed, his prospects will be exactly the same. It's a good gamble, if you look at it from a game theory-ish kind of viewpoint.

        A sentence of several years suggests he did have a lot to risk, more than versus his first attempt in fact.

  • Good for the FBI (Score:3, Interesting)

    by tobiah ( 308208 ) on Monday February 15, 2010 @03:50PM (#31148346)
    This is the kind of investigation and prosecution they should be doing a lot more of. While we generally refer to it as spam, a good bit of it is attempted robbery. It's pretty brazen behavior; someone trying to rob me every day, every few minutes. As our national criminal investigative body, the FBI is the appropriate department to pursue these crimes. They've been a little slow to adapt, but I'm glad to see the FBI can catch someone at this.
  • No sympathy. (Score:3, Insightful)

    by Beelzebud ( 1361137 ) on Monday February 15, 2010 @03:56PM (#31148442)
    No sympathy from me. Why should I feel any more sorry for him than someone that snatches purses, or robs liquor stores?
  • He won't have to worry about where his next meal will be coming from or whether he can pay the rent....

  • by Anonymous Coward

    He broke the law, got out, and had a chance to redeem himself. The article said he fell on hard times in 2002. He's a talented programmer, which means everything from programming and below he could do. I know plenty of folks who get out of prison, and bust their butts struggling, just to stay out, and they don't have near this guy's marketable skills. He's a felon, you say? As if that means he can't get work programming. Guess what: I'm a programmer. I got out of prison last January after serving a 6 year s

    • Re: (Score:3, Interesting)

      by LordLucless ( 582312 )
      Not all crimes are equal in the eyes of your employer. If you got put away for dangerous driving occasioning death, for instance, you're likely to find it easier to get a job when you get out that if you were put away for ripping off your last employer.
  • by sponga ( 739683 ) on Monday February 15, 2010 @04:11PM (#31148624)

    That's right the guy who got caught with the performance enhancing drugs during the Tour de France had a warrant issued for him today for hacking. I don't know what it is over but maybe his attempts to tamper with the committee who tested him maybe. I don't know all the info but I just saw it on the news channel.
    Nevermind here it is

    France Issues Arrest Warrant for Cyclist Floyd Landis
    http://www.nytimes.com/2010/02/16/sports/cycling/16landis.html [nytimes.com]

    PARIS — The United States cyclist Floyd Landis was stripped of his 2006 Tour de France title after testing positive for performance-enhancing drugs, but the fallout from his doping case has lingered.

    Thomas Cassuto, a French judge, issued an arrest warrant for Landis last month, in connection with a computer hacking case, said Astrid Granoux, a spokeswoman for the prosecutor’s office in Nanterre, a suburb of Paris, which is handling the matter.

    “That means he would be arrested if he came to France,” Granoux said Monday, adding that the warrant had not been distributed outside of French territory.

    Landis, who raced for the Ouch Pro Cycling Team last year, parted ways with the team last fall. He could not be reached for comment Monday.

    Cassuto is seeking to question Landis about the data hacking that occurred in the fall of 2006 at the Châtenay-Malabry antidoping lab, which is the facility that conducted the tests on Landis’s urine samples from the 2006 Tour.

    A very public dispute between Landis and the lab’s officials was the crux of Landis’s defense in his doping case, which ended in his being barred from the sport for two years. Landis and his defense team had alleged that the lab’s testing procedures were sloppy, so its test results could not be trusted.

    Pierre Bordry, the lab’s director, said a security breach of the facility’s computers occurred because hackers wanted to obtain data to discredit its scientists. He said that some of the stolen data had been altered to make it seem as if the lab had made errors.

    In November 2006, lab officials filed a formal complaint saying that its computer data had been stolen and used in Landis’s defense. That confidential data was also sent to other labs and news media, officials said. A subsequent search of the lab’s computers turned up a Trojan horse, which is a program that allowed an outsider to remotely download files.

    Investigators concluded that the program could have originated from an e-mail message sent to the lab from a computer using the same Internet protocol address as Arnie Baker, Landis’s coach.

    Landis and Baker, who continue to insist that Landis did not use performance-enhancing drugs to win the Tour, deny being involved in the computer hacking.

  • by jumping into a Chinese or Russian embassy.

  • by russotto ( 537200 ) on Monday February 15, 2010 @04:54PM (#31149112) Journal

    He starts by doing legitimate penetration testing; he leaves backdoors for himself, but doesn't do anything nasty with them. Then he starts hacking into government computers, and does the same thing; leaves a door open but doesn't do anything else nasty. The FBI catches him for it... but rather than bust him, they attempt to enslave him. He helps them bust another computer criminal ring. But after a while he refuses to serve them and they do bust him. They lie and claim he was of no help, and throw him in jail for a year and a half. When he gets out, his skills are now useful for nothing but crime; no legitimate company will touch him. So, naturally, he does turn to crime. This time actually doing some damage. Well, what did you expect?

Make sure your code does nothing gracefully.

Working...