Slashdot Mirror
Hacker Sentenced To Longest US Sentence Yet
Iphtashu Fitz writes "The Associated Press is reporting that a Michigan man has been sentenced to 9 years in prison for his involvement in hacking into the corporate systems of Lowe's Home Improvement and attempting to steal customer credit card information. The sentence far exceeds the 5 1/2 years that hacker Kevin Mitnick spent behind bars. Two others are awaiting sentencing, including one of the first people to ever be convicted of wardriving. Prosecutors said the three men tapped into the wireless network of a Lowe's store in Southfield, Mich., used that connection to enter the chain's central computer system in North Wilkesboro, N.C., and installed a program to capture credit card information. No data was actually collected however."
That's the longest sententence indeed.
They were criminals. These were crackers, not hackers. You don't install credit card number capturing software on someone's retail network unless you're up to no good.
Thanks to our parole system which considers rape, murder, and anything else that isn't drug sales to be harmless to society, he'll be out in just four or six.
They should lock up the fool that set their network up!
The an admin who sets up an unsecure wireless network should be convicted for stupidity.
Wardrivers like that give the wardriving community a bad name. Some wardrivers just want to find free and legal hotspots, and others (although they could have good intentions) just want a free net connection. Wardriving as a cheap way to access corporate networks is just bad taste...
WASTE - The Secure P2P
Since when is wardriving illegal?
Jay | http://oldos.org
While I think sentences (including this one) in the United States are excessive, and I think prison in fact fails to solve anything because it is used as a punishment rather than a rehabilitation and in fact makes people worse rather than better, I sort of rankle at this person being compared to Kevin Mitnick.
Kevin had no interest in any sort of financial gain from his activities. He was only interested in exploring and seeing what he could find. He was an annoying guy, but not one with ill intention.
I don't know the details about these individuals, but it seems to be implied that it was a moneymaking operation. That makes it far worse than anything Kevin did.
That said, prison isn't the answer. Only violent people should go to prison (and those prisons should be run such that they don't create the atmosphere for violence inside that they do today -- i.e. don't use the prisoners as an unwritten "punishment" against eachother -- punishment is counterproductive.)
I bet he isn't looking forward to having his security hole exploited while in prison!
-- "Makes Little Debbie look like a pile of puke!" - Moe Szyslak
Let me make a few preemptive arguments before the inevitable "Free Kevin"-esque posts start coming by the hundreds.
/.ers. For proof, look no further than the topic which this is posted under.
/.ers want to sympathize with this guy is the fact that a lot of them are (good) hackers. No matter how dirty his actions were, they don't want to see a fellow hacker put in prison.
This guy is a criminal. He robbed people, or attempted to rob them. This is like robbing a bank, only worse. Nobody should show any sympathy for this guy. In fact, for the identity theft and fraud he commited, nine years is much too short of a sentence.
I know that a lot of the people who read this may tend to sympathize with him. This is the nature of
That's right, "Your Rights Online." Some editors or submitters apparently think that we have the online right to attempt to steal the property of other people, which if you think about for a minute is absurd.
The reason a lot of
But please, think before you post inane things about how our legal system is evil and corrupt. This is good. Thank God for the law.
Le français vous intéresse?
There have been murderers sentenced to one-fourth that length of time. This is ridiculius when people start valuing money over life.
Regards,
Steve
You break into a computer and steal my money, and it's going to become a violent crime when I break into your face and cause some non-monetary damages. Go to jail, go directly to jail, do not pass go, do not collect two-hundred dollars.
Is it fascism yet?
A bit of common sense here - 9 *years* for hacking. That is higher than the average federal sentence for murder http://www.law.upenn.edu/fac/phrobins/OxfordDeterr enceAppendix.pdf
although lower than the average state one.
I'm sorry, but does anyone else find this silly? You can get a longer sentence for hacking than you can for a rape!
And they didn't even get any credit card information..
I mean if they broke in and took down the entire corp. network or put the company into administration then yeah sure, harsh it up...
But where is the justification for a 9year sentence?
Also, if you trespassed (into the office) and tried to steal a book of credit card information and let's add criminal damage (broken window) you would not get near five years let alone 9!
True, but the point is valid: had they physically broken into a store and walked off with a bunch of credit-card receipts, would they have received a similar sentence? Or is this just being blown out of proportion because it involves "the Internet"? On top of that, they actually managed to steal nothing ... as the prosecutor said, it was the amount of damage they could have imposed that resulted in the "substantial sentence", not what they actually did. So, in other words, these guys are having a larger book thrown at them than they probably deserve simply because the government would like to make an example of them. Is that a good thing? Perhaps ... but it does indicate that the punishment may not be fitting the crime any too well. That is wrong in and of itself, but has always been the pattern of law enforcement regarding white-collar computer crimes. I suppose that there is a genuine desire to create a deterrent effect (ineffectual as it has been), but there is often an equally genuine ignorance of technological issues by law enforcement.
The higher the technology, the sharper that two-edged sword.
and frankly I think the title should be 'Thief sentenced'. This was about getting rich(er) by theft and had nothing at all to do with 'hacking'. If anything your use of it further disparages the term.
You're right, breaking into a computer system is a non-violent crime. Are you saying that since it only concerns monetary damages it doesn't warrant a jail term? I suppose ENRON execs would certainly share your viewpoint. Grip on reality?, I imagine your views on the subject would change if your credit card was charged for purchases you never made. It would stand to reason that someone doing this doesn't have the money to back up the offenses he/she has done so there would be no recouping of lost money. Hit him up with community service? Sure, in each community of the owners of those cards, 100 hrs each. Again you're right, we can't throw everyone who inconveniences us in jail, but we can make sure that those that break the law end up there.
Some may argue that the punishment does not fit the crime, that it is much more severe then other forms of monetary crime. But what makes cracker crime so dangerous to the IT industry is that it attacks the trustworthiness of the infrastructure. If consumers turn away from online transactions, if businesses decide to reduce their reliance on computers, then IT employment will drop or not increase to its full potential.
Look at the analog of this in meat-space -- people would rather shop, go to work, enjoy entertainment, etc. in a safe environment. Businesses that try to operate in crime-ridden neighborhoods don't do as well, don't have as many customers, don't hire as many employees, and don't pay as well.
IT employment depends on the continued adoption and use of IT by businesses and consumers. If the internet and computing becomes a ghetto of spyware, crackers, and phishers, the economics of IT will suffer. To the extent that people avoid using computers for fear of crime is the extent that ITer will see their jobs disappear.
Two wrongs don't make a right, but three lefts do.
It's not like they are getting life in prison or something. 9 years is pretty reasonable for breaking in and trying to steal credit card information. What if someone broke into your house and stole all your stuff? Would you want him to return the items and do some community service or actually serve a sentence?
I find your pro-crime stance to be a breath of fresh air.
Not mentioned yet, but he _is_ a repeat offender. He brought down a local bbs--insert obligatory plug for arbornet.org!--back in 2000 and was the first charged with hacking under michigan law. http://www.merit.edu/mail.archives/netsec/2000-09/ msg00009.html
I dunno, but you'd think he'd have wised up by now.
I think you're missing the point.
Nine years in prison for a non-violent crime? For a non-violent crime that didn't benefit the criminal? It's excessive, especially when murderers and other violent criminals get substantially shorter sentences
I agree with you that he comitted a crime and should do some time and perhaps a fine to Lowes... but nine years is not justice.
Violent crimes effect an individual in a very drastic way, and such criminals should be punished harshly. However, non-violent crimes effect enourmous numbers of people, sometimes in minor ways, but often in profound ways. Violent crimes can destroy a life. Non-violent crimes tear at the fabric of society in a subtle but systemic fashion.
Is the person who dies because their healthcare fund was raided less dead, less of a victim, than someone killed with a gun? If you think so, I'd like to know where you've had your education-- that school system or university may need more funding.
Crackers, people. Not Hackers.
ELOI, ELOI, LAMA SABACHTHANI!?
Even according to an "eye for eye" meter, frauding CC accounts isn't the same as pulling the trigger against someone staring in your eyes begging for mercy or pummeling a desperate chick amidst piercing screams... these are more akin to crimes against the humanity embodied in the victim. CC frauds are a burden to the system, involves added costs and generally make good business for damn insurance companies so, don't you think you're getting too touchy? Jail good for these guys? Shure. 9 years? It sounds like a bloody lot of time... perhaps too much unless they can get parole in at most 2~3 and assigned to some social assistance to recoup the cost they woul've been to society. (and in some low risk detention center; no need to add torture to punishment slamming them together with deranged people)
Mi domando chi à il mandante di tutte le cazzate che faccio - Altan
The fact that the computer was involved is *not* the issue. This was strait up attempted larceny or shoud have been, there is no need for other charges. The fact the computers were part of the means has nothing to do with the elements of theft. There realy does not need to be an specific laws for *computer crimes*. If someone broke into a neuclear power plant it would be covered by Anti Terrorism laws, possibly treason or sabotage and public order laws. The computer is just an instrument in all of these crimes. Does it make any difference if I burgle your home by smashing the padlock on you garage door or picking it? No I broke and entered a home regardless of wether the instrament was a paperclip or a big rock. People think because a computer is involved some specail rules should apply and thats just stupid.
These guys are theifs and should be prosecuted as such, plain and simple. Just like the guy who hacks into the neculear plant is comminting a crime aginst the state and should be charged with treason and fried. I don't care wether he used his Thinkpad or a UHALL filled with TNT its THE SAME CRIME or should be.
Repeal the 17th Amendment TODAY! Also Please Read http://www.gnu.org/philosophy/right-to-read.html
I haven't been in jail but I have clients who have. Jails are infuriating. For example, a few weeks ago I went to the local county jail to see one of my clients. I'm standing at the window waiting my turn. A middle aged guy is there and explains that his son went to court for some hearing and was placed in jail for whatever reason. He had lent his truck to his son to get to court. His son had the keys on him and so they were now in property. He asked if he could get them out. Was told "no - not unless his son made a written request within 24 hours of being booked". After that 24 hrs, the keys stay in property till the son gets out of jail. So he wants to contact his son in a timely fashion. Nope, he can't do that either - he can send a letter or try visiting hours the next day. But then 24 hrs would pass and his sons written request to release the keys would be worthless. They went round and round like this for a while and in the end, the jail won.
A small thing but I can't imagine how much those constant small things would add up. I don't have to go down there much, but I hate every minute of it. If I spent even a week on the inside, I'd come out with a real passion for getting at the gov't any way I could.
What changed under Obama? Nothing Good
Don't shop at Lowes. They keep their credit card information on a computer accessible from an insecure wireless access point.
"perhaps too much unless they can get parole in at most 2~3"
This guy is going to Federal prison. There IS NO parole from Federal prison. You get what is called "supervised release" at the end of your sentence - which is effectively similar to parole, but is not the same thing.
Oh, yeah, you can get time off for "good behavior". But the Feds changed that a few years ago. Before, you used to get 53 days a year knocked off your sentence if you didn't get any incident reports. Once you got 53 days for a given year, you had it - they couldn't take it back if you got incident reports in the future.
Now you don't actually get your time off "vested" until the day you're actually due to be released based on whatever time you COULD get vested. This allows the Feds to hit you with more incident reports, take your good time, and keep you longer.
And since it is virtually IMPOSSIBLE to do Federal time without incident reports of some kind, this means the Feds get to keep most people longer.
This allows them to increase the prison population, demand more prisons and more money for the Bureau Of Prisons, and increase both their job security and their career paths.
And THAT'S why it was done.
As for where this guy will be going, it depends on his "points", which in turn depends on the crime, the number of criminal charges they were indicted on, any violence, presence of firearms, the amount of any money involved, etc. If they had access to hundreds of thousands of dollars worth of credit cards, they could get enough points to end up in a Federal Penitentiary (the second highest level in the Federal system - the first being a "Super-Max", the third being a Federal Correctional Institution, and the lowest being a Federal Camp.) He could easily end up in Leavenworth. After X years of his sentence with no incident reports, his points could be reduced enough to get down to an FCI, and eventually a Camp if he's lucky.
How he fares at a place like Leavenworth will depend on his smarts in dealing with people who are (presumably) much dumber (but more violent) than he is, as well as factors such as his physical presence, his attitude, his age, etc. I did four years at Leavenworth (after four years in other facilities), including two in "The Hole", and was never physically assaulted (by inmates, anyway - I was pushed around once by a correctional officer.)
Richard Steven Hack - This sig is TOO GODDAMN SHORT TO DO ANYTHING USEFUL WITH! MORONS!
They were not being "nice" but they weren't hurting anyone (at least not yet).
... So we have to wait until they (ab)use credit cards before they should be stopped?
'Yet'
The real problem I have is Lowes was putting credit card data on a wireless network!
I agree this is pretty dumb, but it's still no reason for it to get cracked. Think about this: you have an expensive house and several heavy locks on your door. One day you forget to lock them. Does this justify every burglar that walks up to your house, opens the door, enters your house and sets up camera's? Okay, they didn't steal anything (yet), but it's really your fault. Yeah right. They knew exactly what they were doing, and the fact that the security wasn't good enough is *no* reason whatsoever to justify this crime.