Slashdot Mirror
Hacker Sentenced To Longest US Sentence Yet
Iphtashu Fitz writes "The Associated Press is reporting that a Michigan man has been sentenced to 9 years in prison for his involvement in hacking into the corporate systems of Lowe's Home Improvement and attempting to steal customer credit card information. The sentence far exceeds the 5 1/2 years that hacker Kevin Mitnick spent behind bars. Two others are awaiting sentencing, including one of the first people to ever be convicted of wardriving. Prosecutors said the three men tapped into the wireless network of a Lowe's store in Southfield, Mich., used that connection to enter the chain's central computer system in North Wilkesboro, N.C., and installed a program to capture credit card information. No data was actually collected however."
They were criminals. These were crackers, not hackers. You don't install credit card number capturing software on someone's retail network unless you're up to no good.
Thanks to our parole system which considers rape, murder, and anything else that isn't drug sales to be harmless to society, he'll be out in just four or six.
For reference, a typical sentence for breaking and entering with intent to steal is about two to four years...
But, hey. It looks better when they catch a guy "breaking" into a computer across the internet then when they catch someone actually breaking into a house. Best to throw the biggest book in the area at them to play the circus up some.
Alito: A vote for Alito is a punch in the eye to put that bitch back in her place!
Wardrivers like that give the wardriving community a bad name. Some wardrivers just want to find free and legal hotspots, and others (although they could have good intentions) just want a free net connection. Wardriving as a cheap way to access corporate networks is just bad taste...
WASTE - The Secure P2P
including one of the first people to ever be convicted of wardriving.
Can you be really convicted of wardriving, or just something you do illegally while you're wardriving?
According to the wikipedia article in the blurb:
Although acessing the files on an open network is illegal, it is not illegal to simply use the internet connection of an open wireless network, this is a common misunderstood concept. Most wardrivers do not in fact use services without authorization.
Seems kind of like saying, "He was convicted for using the Internet" when someone gets convicted of cracking.
Another thing...so you can use the connection, but you can't use any files? What's the justification for that? If you leave the network open and allow it to be used and you leave files open on it, how can it be illegal to use them?
Since when is wardriving illegal?
Jay | http://oldos.org
Let me make a few preemptive arguments before the inevitable "Free Kevin"-esque posts start coming by the hundreds.
/.ers. For proof, look no further than the topic which this is posted under.
/.ers want to sympathize with this guy is the fact that a lot of them are (good) hackers. No matter how dirty his actions were, they don't want to see a fellow hacker put in prison.
This guy is a criminal. He robbed people, or attempted to rob them. This is like robbing a bank, only worse. Nobody should show any sympathy for this guy. In fact, for the identity theft and fraud he commited, nine years is much too short of a sentence.
I know that a lot of the people who read this may tend to sympathize with him. This is the nature of
That's right, "Your Rights Online." Some editors or submitters apparently think that we have the online right to attempt to steal the property of other people, which if you think about for a minute is absurd.
The reason a lot of
But please, think before you post inane things about how our legal system is evil and corrupt. This is good. Thank God for the law.
Le français vous intéresse?
There have been murderers sentenced to one-fourth that length of time. This is ridiculius when people start valuing money over life.
Regards,
Steve
A bit of common sense here - 9 *years* for hacking. That is higher than the average federal sentence for murder http://www.law.upenn.edu/fac/phrobins/OxfordDeterr enceAppendix.pdf
although lower than the average state one.
I'm sorry, but does anyone else find this silly? You can get a longer sentence for hacking than you can for a rape!
And they didn't even get any credit card information..
I mean if they broke in and took down the entire corp. network or put the company into administration then yeah sure, harsh it up...
But where is the justification for a 9year sentence?
Also, if you trespassed (into the office) and tried to steal a book of credit card information and let's add criminal damage (broken window) you would not get near five years let alone 9!
If you live in a country where revenge prevails then prison is the answer.
Well they did get 9 years and kevin got 5 (and kevin got out in like 3 didn't he?) so intenet was considered in the case obviously.
Yes punishments are harsh in the US and there's a good reason for this For one, people like vengence. Oh boy do they like vengence. For another, throwing tougher and tougher laws on the books doesn't piss anybody off. Won't you think of the CHILDREN? 3 strikes your out laws, etc, etc all appeal to about 70% of the population - namely the middle class and the rich (those who vote).
Wait, what about criminals? Chances are people in jail, or those who are affected by these laws, are politically disenfranchised, have never voted and will never vote. In other words, the poor. Mmmm democracy in action! Of course, there is a large section of the US that seems to be getting fed up with certain laws (like drug laws) because they were drug users, and are now middle class, etc and believe the drug penalties to be ridiculous.I do believe New York just overturned some of the toughest drug laws in the country that were originally passed in the 1970s. That and people seem to be getting more and more upset that something ridiculous like 3% of our population has been in Jail during their lives.
This guys was not a hacker. He was a cracker. A criminal hacker. I'm sick of this public misconception. Whenever I talk about software to non tech people and I mention hackers, and the good work they do, people automatically assume I'm talking about some uber geek, crypto cyber punk, virus writing, terrorist whos out to gain control of as many nukes as he can before he downloads copious amounts of porn into their bank accounts.
Seriously, where the hell did this misconception arise from? It's tempting to blame hollywood, but it's more likely to have been some self proclaimed "landmark" NY Times article written by some clueless reporter who knew next to nothing about computer or the net in general outside of what some equally misinformed 133t script kiddies spluttered out to him when he asked them on IRC( The devils internet dungeon!!).
This misnomer of hackers used in the media at large has got to be tackled somehow. Otherwise other FUD might creep in, and pretty soon FOSS apps might be classed as warez by another bumbling journalist looking to rise ranks by jumping for the businees pages to the spanking new IT suppliment section by writing the next domesday tech article, complete with teenage (cr/h)acker masterminds.
May the Maths Be with you!
Yes, but in this case they didn't actually steal anything, although that was probably their intent. This is really more akin to some thief entering your foolishly unlocked home, disabling the lock so he can get back in whenever he wants, and then leaving without taking anything. Yes, he probably wanted to be able to steal things from you whenever he wished, but at that point he hadn't yet.
The higher the technology, the sharper that two-edged sword.
and frankly I think the title should be 'Thief sentenced'. This was about getting rich(er) by theft and had nothing at all to do with 'hacking'. If anything your use of it further disparages the term.
They were not being "nice" but they weren't hurting anyone (at least not yet). The real problem I have is Lowes was putting credit card data on a wireless network! It wasn't secure enough, as someone knew about it, and successfully exploited it.
So what's worse:
Not nice (Hackers),
or _grossly_ irresponsible (Lowes)?
"And we have seen and do testify that the Father sent the Son to be the Savior of the World"
1 John 4:14
"They should lock up the fool that set their network up!"
They should lock up the woman that dressed in that skimpy dress, and those high heels. She was just asking for it.
Would YOU like to pay the taxes required to lock up every hacker and build 7 new prisons in the process? I didn't think so... Jail costs the gov't money... Fines GIVE the gov't money... Now if every hacker was fined, as opposed to jailed, what do you suppose that would do? Not to mention that jail IS pointless... Are they going to hurt anyone if they aren't in jail? Well, chances are they're not going to be mugging anybody, this is a hacker/geek we're talking about. And are they going to hack/phish/whatever for the next few months/years? Not if they're very intelligent. This is just my theory, but I would imagine these people's online activity would be monitored... So if they do try something stupid, we get to collect another fine! But then again, I'm Canadian... (see if you can pick up on the cynicism)
[] an admin who sets up an unsecure wireless network should be convicted for stupidity.
Interesting concept... So lets say someone leaves there front door unlocked, should they go to jail if someone breaks in? Perhaps the front door is locked, but the dog door is unlocked? What if the the windows don't have bars on them?
What bugs me is that the guy illegally accessed the computer but was not successfull in retreiving credit card information. Is such a long term warranted? What about the Corporate crime bosses who bilk millions or billions from people via fraud - they never get this level of sentence.
It's not like they are getting life in prison or something. 9 years is pretty reasonable for breaking in and trying to steal credit card information. What if someone broke into your house and stole all your stuff? Would you want him to return the items and do some community service or actually serve a sentence?
I think you're missing the point.
Nine years in prison for a non-violent crime? For a non-violent crime that didn't benefit the criminal? It's excessive, especially when murderers and other violent criminals get substantially shorter sentences
I agree with you that he comitted a crime and should do some time and perhaps a fine to Lowes... but nine years is not justice.
Prisons were originally designed to stop people from committing crimes, commonly they would only lock people up at night so they couln't break into peoples houses or shops. Only in the last couple of centuries with the advent of the idea of reforming people come in, prison sentences got much much longer and the idea of reforming people in the early days was though harsh treatment and work.
The harsh treatment and work didn't have the desired results, but we carried on locking people up not because of there own rehabilitation but because it makes the victums feel better.
The whole system needs a damn hard re-think, and we need to stop puting people in prisons when mabie prisons arn't the best option.
I'll also make a point that the death penalty is only there to satisfy the sadistic perverted desires of revenge that the victums have. Death is no punishment, and if you belive in reincarnation, it might as well be a free ticket out of jail in the form of a new life.
I'm more worried about non-violent "white collar" crime than I am about petty thuggery and street crime. Computer crime is potentially vastly more dangerous than a single person with a gun could ever be.
You see? You see? Your stupid minds! Stupid! Stupid!
Violent crimes effect an individual in a very drastic way, and such criminals should be punished harshly. However, non-violent crimes effect enourmous numbers of people, sometimes in minor ways, but often in profound ways. Violent crimes can destroy a life. Non-violent crimes tear at the fabric of society in a subtle but systemic fashion.
Is the person who dies because their healthcare fund was raided less dead, less of a victim, than someone killed with a gun? If you think so, I'd like to know where you've had your education-- that school system or university may need more funding.
On the way out of court they should assult the judge and rape his underage daughter - they would only get a couple more years on that what a bargin!! I think the western world is over-compensating for not having corporal/capital punishment, instead people are starting to get rediculous sentences, i guess its better than having caining but still..
This comment does not represent the views or opinions of the user.
Even according to an "eye for eye" meter, frauding CC accounts isn't the same as pulling the trigger against someone staring in your eyes begging for mercy or pummeling a desperate chick amidst piercing screams... these are more akin to crimes against the humanity embodied in the victim. CC frauds are a burden to the system, involves added costs and generally make good business for damn insurance companies so, don't you think you're getting too touchy? Jail good for these guys? Shure. 9 years? It sounds like a bloody lot of time... perhaps too much unless they can get parole in at most 2~3 and assigned to some social assistance to recoup the cost they woul've been to society. (and in some low risk detention center; no need to add torture to punishment slamming them together with deranged people)
Mi domando chi à il mandante di tutte le cazzate che faccio - Altan
Is how stiff this penalty is compared to that of serious corporate criminals that are already wealthy. I've seen some of this stuff up close(I worked on the audit of Riscorp, the CEO of which did prison time). There seems to be a lot of hysteria around hackers-and very little around the REALLY big criminals-who are the managers of major corporations and governmental organizations.
Let's throw all those big badass hackers into prison and clog it up even more so that the killers and the rapists can turn parole faster.
Or how about: let's make a headline example of this guy to stop hundreds or thousands from thinking it's a low risk scam worth trying, and so *not* further clog the prisons.
Breaking into a computer system is a non-violent crime.
Absolutely. But that doesn't mean it doesn't cause damage. Damage which can and will filter down to push people on the financial edge into default: homelessness and inability to get medical services. It's not just that some suit will a Lexus with less options next year.
Also because it's a non-violent crime means it carries less physical risk to the criminal, which makes it more attractive to try. See issue above with clogging prisons. You need to make sure people don't do this stuff.
I am in no way saying you're totally wrong, just pointing out the judgement *may* not be entirely on crack.
ie,
Slap the bastard with heavy fines, hit him up with community service and make him pay it back.
yeah, i'm entirely in favor of looking at that option. Does it work well in your country?
Now, why do corporate crime bosses get off so easy for bilking people out of millions? It's the same reason why Hollywood actresses don't serve time for shoplifting. Money, power, and politics. Trust me, the rest of us peons WILL pay full price via canned judgements for our crimes (real or imagined) because nobody really gives a shit about the weak and unknown.
LOL, ok, so if we don't do something about all this internet craziness, we'll end up doing, err... what is that?
The internet IS a ghetto of spyware, crackers and phishers. Nobody is going back to carbon copy credit card swipes, human tellers in banks and grocery checkouts where the clerk codes in prices into his mechanical cash register.
How does this particular crime, even if it had payed off, going to put a dent in computer use? It might piss some people off at Lowes, result in a lot of charge backs and be an inconvienence to credit card companies - but I guarantee that VISA or whoever would be most hurt by this, would NOT in any way change their use of computers.
If SPAM doesn't keep people off the computer thingy, than a few stolen credit card numbers isn't going to do much at all.
No, jail does two things for most criminals:
1.) Makes them even more angry at "the system", invokes feelings of alienation. They feel like they are a criminal and that is that.
2.) Gives them time to plot other crimes. Also gives them resources like other criminals to discuss their failures and plan for better crimes, as they are surrounded only by other criminals.
I'm not throwing blind guesses like most slashdotters here - I've done time. For my own reasons, I stopped doing what I was doing. Jail, though, only made things worse.
The fact that the computer was involved is *not* the issue. This was strait up attempted larceny or shoud have been, there is no need for other charges. The fact the computers were part of the means has nothing to do with the elements of theft. There realy does not need to be an specific laws for *computer crimes*. If someone broke into a neuclear power plant it would be covered by Anti Terrorism laws, possibly treason or sabotage and public order laws. The computer is just an instrument in all of these crimes. Does it make any difference if I burgle your home by smashing the padlock on you garage door or picking it? No I broke and entered a home regardless of wether the instrament was a paperclip or a big rock. People think because a computer is involved some specail rules should apply and thats just stupid.
These guys are theifs and should be prosecuted as such, plain and simple. Just like the guy who hacks into the neculear plant is comminting a crime aginst the state and should be charged with treason and fried. I don't care wether he used his Thinkpad or a UHALL filled with TNT its THE SAME CRIME or should be.
Repeal the 17th Amendment TODAY! Also Please Read http://www.gnu.org/philosophy/right-to-read.html
You steal a Ford or you steal a Ferrari,
is it the same crime?
Should the value of the car change the sentence?
Yes, the value of the car should change the sentence. If I steal $5, should I get the same sentence as if I stole $10,000? Of course not, because the scale of the crime is different. These people didn't try to steal 1 credit card number, or even a thousand cc#s. They tried to steal an infinite amount of numbers. If this program hadn't been caught, they would have had access to every single card number to go through Lowes. That is a HUGE amount of numbers. So yes, they should be punished more than someone who tried to steal1 number, because it is an entirely different class of crime.
"Information wants to be expensive" - Stewart Brand, the same guy who said "Information wants to be free"
A single hacker messing around with the right financial data can ruin the lives of thousands or millions of people, causing more harm in aggregate than a even a few murders.
Murder's bad, don't get me wrong, but the impact of one human being killed vs. the impact of massive computer fraud can be worse. If an economy tanks badly enough, it can destabilize an entire country, resulting in mayhem and more deaths than a lone gunman on a killing spree could "aspire" to.
You see? You see? Your stupid minds! Stupid! Stupid!
or a non-violent crime that didn't benefit the criminal?
Intent is an element of a crime, not success. What does it matter that he criminal did not benefit?
Rape isn't funny, you moron.
Ok, say Lowes processing 100k credit cards in a day. So for each day these guys were in the system you charge them with one count of attempted larceny, in which case 9 years is a cake walk.
Why do people continue to appologize for criminal behavior?
This "hacker" never actually stole CC data, but still got nine years.
If Ken Lay is even given jail time, I doubt that he'll be doing 9 years. He'll probably get 1 year max at the place with the golf course and squash court.
I think much of the complaint is not how much time the hacker is getting, but how little time other people who take part in similar crimes but without the "hacking" element.
"You spoony bard!" -Tellah
Somebody, PLEASE find a solution to this semantic quandary.
Don't shop at Lowes. They keep their credit card information on a computer accessible from an insecure wireless access point.
Please... A hacker that was busted could probably turn around and write a book for 500 grand, and the TV show appearances and possible job opportunities (if so motivated and skilled) would simply be gravy on top of the mashed potatoes.
This scenario is lose/lose. The hacker is in federal-pound-me-in-the-ass-prison, and we (the taxpayers) have to shell out about $30,000 a year to keep him there--which ammounts to about half of that 500 grand.
Know what I say? Charge these assholes half of what it would have cost us to put him in prison (135,000 over ten years isn't THAT bad, but it's enough to put a man straight), and let the poor bastard out on probation, so that he can hopefully do something productive (community service, and a real job).
It's unfair to on one hand charge someone with something, and simultaneously claim that it didn't happen. So either they did gather the cc numbers and should (perhaps) be charged with their theft (whatever that means, which is imo nothing) or they did not and should be charged only with the *attempted* theft of credit card numbers.
This is the digital age, and people are finding out more and more, how empowering it can be to know a few things. This is not the world of 20 years ago, and the fact as some have pointed out, that what he did was fairly easy to accomplish for many people here, should be a warning bell. So by giving a harsh sentence they may hope to stem the tide of people figuring they can finally get that big heist scheme to work.
I had a ridiculous conversation at a drinking party once, years ago. This guy I knew was blearily insisting that I needed to 'hack' a bank, because he was sure I could do it. I didn't know about that, I'm just a regular geek, scanning x.25 networks for outdials isn't the same as breaking into a bank. He was insisting it would definitely work. We could have it all planned out see, and, "Oh you could totally do it man, we should so do that!" I kept insisting that it was incredibly dangerous, and that I didn't know how ("Oh you can figure it out man, I know you can!"), and he just wasn't having any of my protests. Stealing, or for that matter almost anything that risks jail time, doesn't appeal to me anyway. Now imagine someone with his attitude and also the knowledge to follow buddy from the article. This sort of idea can become more widespread as technology reaches everyone, and is a scary thought for those with things to lose from it. People such as, well, any random person alive, could be you, could be me, could wreck a lot of lives.
ohhh your post hurts to read.
surely you acknowledge that much that is good in this world is subtle, while much that is bad is sensational. material gain, i think for many, in the long run anyway, is not commonly found to be as valuable as friends and most especially family. From that angle, I don't think a price tag could or should be applied to the value of a person's presence in others' lives. To avoid getting too pussy, even keeping within the hard and accountable view of things, there is SO much a person can accomplish during their lives, from acts deserving fame to the humble role of supporting another person's life. Why do insurance policies pay out such lotto-worthy amounts? because that's (a poor, imho) accounting of your worth from the view of how much responsibility live and produce you have.
Give it up. We have lost the cracker/hacker language war. When will the /. community get over the fact that the rest of the world calls 'em hackers now. All the kicking and screaming's not going to change anything.
They were not being "nice" but they weren't hurting anyone (at least not yet).
... So we have to wait until they (ab)use credit cards before they should be stopped?
'Yet'
The real problem I have is Lowes was putting credit card data on a wireless network!
I agree this is pretty dumb, but it's still no reason for it to get cracked. Think about this: you have an expensive house and several heavy locks on your door. One day you forget to lock them. Does this justify every burglar that walks up to your house, opens the door, enters your house and sets up camera's? Okay, they didn't steal anything (yet), but it's really your fault. Yeah right. They knew exactly what they were doing, and the fact that the security wasn't good enough is *no* reason whatsoever to justify this crime.
He robbed people, or attempted to rob them. This is like robbing a bank, only worse.
No, it's not. Theft and robbery are different animals. These guys never held a gun to someone's head, never threatened anyone. They are more akin to cat burglers than "robbers".
Nine years is longer than a manslaughter conviction. Longer than most murder convictions. Longer than rape convictions. What kind of fucking idiot are you to value some large corporation's potential bottom line (since they actually stole nothing) more than the life of another human being?
This conviction is bullshit, made solely to prove a point by sadistic bastards like yourself.