Botnet Brain Pleads Guilty

spge writes "Now that Jeanson James Ancheta has plead guilty to spamming, computer misuse and fraud, it might be worth scanning through the original indictment document, which includes a step-by-step account of how someone goes about setting up an adware business, manages botnets and (thankfully) gets caught." From the BBC article: "'Mr Ancheta was responsible for a particularly insidious string of crimes,' said a spokesman for the US attorney's office in Los Angeles, Thom Mrozek. 'He hijacked somewhere in the area of half a million computer systems. This not only affected computers like the one in your home, but it allowed him and others to orchestrate large-scale attacks.'" We discussed Ancheta's arrest back in October of last year.

In other news...

[dada21]

Security-testing software creator pleads guilty to helping thousands of Internet users see the security issues they're unwilling and too irresponsible to fix, opening the door for other security experts to blog about easy fixes to prevent attacks in the future.

Come on,

Let the worm off the hook. He's learned his lesson. Look at how bad he feels!

Legal spybot generation guide

[poeidon1]

"...includes a step-by-step account of how someone goes about setting up an adware business, manages botnets and (thankfully) gets caught..". Free and legal guide for spybot attacks

Re:Legal spybot generation guide

[Rob+T+Firefly]

Also a free and legal guide to stopping things set up in this way from working.

Re:Legal spybot generation guide

[ZachPruckowski]

Admiral Ackbar - "It's a trap!"

I mean, if they release it, they may well be keeping an eye on those methods, and hopefully include ways that are mostly patched.

Re:Legal spybot generation guide

[theJML]

Next thing you know they'll be selling it on E-bay. Buy it now for $5.95+s/h. Now you can learn how to start your own business and pull in thousands of dollars a week from your 1 bedroom apartment!

Hmmm...

[Otter]

Now that Jeanson James Ancheta has plead guilty to spamming, computer misuse and fraud...

I read that thinking "Jenna Jameson did what? And how badly did the submitter mangle her name?"

Re:Hmmm...

[gowen]

"Jenna Jameson did what?"

I believe the answer to that question is "Practically everyone"

Re:Hmmm...

[arachnoprobe]

me2. Did you know, that she has a show on broadway now?

Re:Hmmm...

[LouisZepher]

On stage in a theatre, or actually on actually on Broadway?

Re:Hmmm...

Somehow, though, I doubt that includes anyone here on Slashdot.

Re:Hmmm...

[Pollardito]

yet another mangled submission that can be chalked up to typing with one hand

Re:Hmmm...

[garwain]

she didn't do me :( When was the slashdot crowd scheduled to enter her?

Two in a row?

[r3adah3ad]

First banner ad, spammers, this must be They've-secured-their-place-in-Hell day at /.

Problems with today's internet.

[PlayCleverFully]

I am a teenager and I have gotten in trouble with school for "hacking"

I had no malintentions, but I see why they have to do such penalties.

However, the main problem is that the code is not secure, not that I was messing around during a free period and found a way to bypass the "security."

I encourage students and others curious to set their own "box" up and use that to "hack" into.

I do not see hobbyist computer hacking as a REAL threat, because if they can hack into a system, that system is definitely NOT secure from true hackers with illegal, immoral fraud schemes, etc in mind.

Remember, set up your own comp to hack into, you will gain the knowledge from seeing how these things work, and not get in trouble.

Re:Problems with today's internet.

[SnarfQuest]

1. The correct word is cracking not hacking. Hacking was originally a word representing something good and useful, but has been taken over by the news media to bean somethine vile and disguisting. Cracking means breaking into something, in order to do vile and dispicable things. What you were doing was cracking, not hacking.

2. However, the main problem is that the code is not secure, not that I was messing around during a free period and found a way to bypass the "security."

So, if I threw a brick through a window of your home, would you thank me for showing that it was not "secure"? Especially after I backed up a sewage truck to the broken window and unloaded it into your house? Why shouldn't IT people be upset when you dump your shit into their systems?

3. I do not see hobbyist computer hacking as a REAL threat, because if they can hack into a system, that system is definitely NOT secure from true hackers with illegal, immoral fraud schemes, etc in mind.

I don't think you should get upset when I dump a tanker full of shit into your house, because it's possible that someone who was a REAL threat might someday come around, they could do something worse. Your house isn't completely secure, so you should thank me for that tanker full of shit.

4. Oh, and every time you fix your house, I'll just try to find another way to fill it full of shit.

You can thank me in advance.

Re:Problems with today's internet.

[Billosaur]

I am a teenager and I have gotten in trouble with school for "hacking"

Good. That's the idea.

I had no malintentions, but I see why they have to do such penalties.

Word of advice: instead of hacking, trying paying attention in English class, specifically grammar.

However, the main problem is that the code is not secure, not that I was messing around during a free period and found a way to bypass the "security."

The problem is that you don't see your hacking as a problem. No one asked you to hack their system, it is not your job to test the school's security, and frankly it is irresponsible. That's like saying the main problem is they lock the vaults, noth that I'm trying to break in and rob the bank.

I encourage students and others curious to set their own "box" up and use that to "hack" into.

That's fine, though perhaps instead of hacking you could be learning to churn out first-class code to do useful work.

I do not see hobbyist computer hacking as a REAL threat, because if they can hack into a system, that system is definitely NOT secure from true hackers with illegal, immoral fraud schemes, etc in mind.

Since when is hacking a hobby? You're trying to compromise a computer system, which is fine if it's your own system, but illegal if it's not. The level of security of the system does not matter, what matters is the system is not your plaything.

Remember, set up your own comp to hack into, you will gain the knowledge from seeing how these things work, and not get in trouble.

Try simply reading books and taking courses in computer programming from people with knowledge and passion and you'll learn a lot more.

Re:Problems with today's internet.

The correct word is cracking not hacking. Hacking was originally a word representing something good and useful, but has been taken over by the news media to bean somethine vile and disguisting. Cracking means breaking into something, in order to do vile and dispicable things. What you were doing was cracking, not hacking.

And 'fag' originally (and still does in Europe) meant cigarette. Start asking for fags from Americans, since it's the "correct" word. Also, you're a pussy, and I of course mean that in the "correct" way.

In short, hacking has a new meaning to most people, get over it.

Re:Problems with today's internet.

[mooingyak]

The correct word is cracking not hacking

Language evolves over time, and sometimes out of the control of the group that originally coined the phrase(s). Of course the real problem is that the word 'hacking' (or hacker or any other variation) is a piss poor choice of a word if you want it to be associated with something good. His use of the word hacking is just fine, even if it doesn't mean now what it used to.

Second, while I agree that he has no right to bypass security and enter other people's systems, he's also not dumping shit all over. He's not doing any permanent damage or anything that takes time/effort/money to fix. It's much closer to noticing that someone's front door is unlocked, and then letting yourself in and looking around a bit. He might see some things that no one wanted him to see, and they might have to take some steps to convince themselves that he really didn't steal or damage anything. That's about it. No dumptrucks full of sewage.

Again, that doesn't make it okay, it just means that the real damage isn't quite what you described.

Re:Problems with today's internet.

[Opportunist]

On one hand I agree, on the other I cannot.

The system you hacked and you got in trouble for has one big problem for you: It ain't yours! You have no right to hack a system, no matter how insecure and no matter how good your intentions. I can sympathize, I was like you about 10 years ago. I thought people ought to be thankful that I show them the flaws in their systems and even more thankful that it was me (someone with "good" intentions) to hack them and show them their flaws instead of someone who might have wanted to do some "bad" things to them.

Fact is, people are most happy left alone.

Aside of that, hacking a foreign system is inherently easy. Because you might get to think of some flaw that the admin did not. By far it's more of a challenge to set up a system yourself and try to hack THAT. You also get an immediate feedback on your progress: You learned something that you didn't know before. If you did know before that the security problem existed, you couldn't have hacked yourself since you would have closed the security hole altogether!

That's the way to success and fame. That's the way you learn. That's the way that got me into one of the leading companies dealing with antivirus and anti-intrusion systems. :)

Re:Problems with today's internet.

[javaxman]

You are dead on with most of your comments, except...

Since when is hacking a hobby?

Pretty much since computers had a way to communicate with one another... actually, before then, surely someone here has a story of trying to escalate their user privileges on some mainframe system somewhere. For most people who get into what should more correctly be called cracking, it's just something done for fun- trying to do something you aren't supposed to be able to do.

Yea, it may seem to you like breaking into computer systems is a hobby like breaking into houses is a hobby, but really, it's a hobby and it's been a hobby for a long, long time. Not a great hobby, not one that should be encouraged, but it's still a hobby. I'd encourage anyone thinking about picking up that hobby to waste time writing games, creating websites, and reading instead, though... it's best to have a hobby that can't result in jail time.

Re:Problems with today's internet.

[Xugumad]

There's a time and a place for security testing other people's systems. If you're playing around, and notice something that might be a security hole, correct solution is to find an admin that knows what they're talking about, and say "Hey, I see your system does , isn't that a problem?".

The real problem with "hobbyist" cracking is that, as a sys-admin, I have no way of telling that you're just playing around with a few things, as opposed to you've managed to rootkit my computer, and it's now running half a dozen freaky kernel modules that are hiding whatever you're doing to it, from me, unless I can prove that you didn't manage to get into anything deeper (for example, you might have managed to access a service you shouldn't, but I know that service couldn't give you root access).

Let me be more specific: If we believe a system has been compromised (and yes, we've done this to a system that was just doing "odd stuff" once), we back it up, reformat the drive, and re-install, change all the passwords, then rebuild it from the data in the backups. Depending on which system was compromised, this will generally be upwards of a days work, including time to fix problems that result from having a system down for reinstall.

This is not enough to ensure security is maintained, but is appropriate for the level of security we require. Theoretically, we'd have to do the same for all related systems (for example, we frequently ssh between servers, so a password could be sniffed).

Having said that, we're fairly easy going in terms of policies. For attempted cracking (port scans, HTTP exploits, attempts to brute force an SSH password), we send an e-mail to the person if we can, or to their ISP otherwise, saying there's been a problem with that IP address, and the person responsible should check it for viruses (probably not true in all cases, to I'd certainly expect it to be true for the majority).

For the two times anyone got through our security, the time someone came to us and said "Err, there's a giant security hole here", we basically said "Yeah, we know, could you not tell anyone for the next week while we finish the patch we're working on?". The other time, someone broke into one of our servers from off-site, and last I heard central IT services were tracking them down...

Re:Problems with today's internet.

[ScentCone]

However, the main problem is that the code is not secure, not that I was messing around during a free period and found a way to bypass the "security."

Found a way? Now, if you had spent your free period roaming around parking lot checking teachers' cars for unlocked doors, and then one of them turned out to be unlocked, would you then hasve simply been "messing around and found your way" into that car? Would someone who is just "messing around" and finds that only a simple hammer or two-by-four is needed to get around your household "security" by just breaking a simple piece of glass?

I do not see hobbyist computer hacking as a REAL threat, because if they can hack into a system, that system is definitely NOT secure from true hackers with illegal, immoral fraud schemes, etc in mind.

How about someone who is just a hobbyist B&E guy, who doesn't want to steal anything... he just wants to spend a couple of minutes looking through your underwear drawer. And so, since it only takes an amateur to break into pretty much any house, no harm done, right? He won't steal anything... just looking around!

Remember, set up your own comp to hack into, you will gain the knowledge from seeing how these things work, and not get in trouble.

So, just learn how they work! There's endless material out there explaining it to you. If you want to set up a private network to do that, fine... but remember that practicing break-ins, when seen by other people, is still just practicing your break-in skills.

Re:Problems with today's internet.

[www.sorehands.com]

No, before computers could talk to each other. How many of used the INIT program RSTS/E to log into a priveleged account, so that you can change the MONEY program to treat your account as privileged and then changed the protection code to 232?

The difference is one is done for the fun and challenge -- hobby, and the bad form is do to harm or make a profit.

Re:Problems with today's internet.

[DeanFox]

Imagine a time when you're no longer a teenager and have your own home.

If while at work, some neighbor kid is picking the locks to your home. He's pushing and pulling on the windows to see if they'll open. Perhaps seeing if reaching in from a dog door he can open the door lock.

After discovering the "insecurities" of your home, he lets himself in and does a walk through of your house. Perhaps taking a mental inventory of your music collection and admiring your PC setup. He leaves, stealing nothing.

You get home from work and figure out someone has been in your home. You call the police and they catch this kid while he's looking around inside another neighbors house.

Taking him to jail, all the time he's crying "but I just did it out of curiosity! They should be thankful I wasn't a *real* burglar". On and on he cries...

Grow up and start respecting other people's property. They didn't use you as an example; they punished you for the crime you committed.

JMHO

Re:Problems with today's internet.

[crashcodesdotcom]

Hacking was originally a word representing something good and useful...

Useful yes. Good... err.. no. A Hack = shortterm gain in trade for long term pain. If you fix something with duct tape thats probably a hack.
When I make certain code changes I might refer to them as hacks. "Yeah. I put a hack in place to fix that." Basically I'm saying I put a sucky and hopefully temporary solution in place for a very specific problem that just happens to work. Hack usually implies that a solution was clever yet sucky and hopefully temporary. Unfortunately, most of the time hacks stay in place for much longer than the author intended.

Re:Problems with today's internet.

[Cyno]

The problem is that you don't see your hacking as a problem.

Yeah? What's your point? You don't see insecure deisign as a problem? Even for a bank vault?

To tell these kids that stealing your money is wrong and slap their hand does nothing to protect your money from the real threat, people like me. We won't just stop at taking your money, we'll steal your whole identity and use whatever we need to get the next set of credentials. You're just a small fish in a big pond. I think you would be wise to listen to the little kids, who are only trying to show you how someone far more sinister could easily bypass your security.

I think you would be wise to think for yourself and question authority, instead of interrogating peons. If you truely believe children are a threat to your society you have more serious problems than can be addressed in this post. I'd suggest psychelogical help, but its unlikely any amount of therapy can correct the cancerous ideology that's consuming your soul.

Re:Problems with today's internet.

At school, the computers are all also incredibly locked down, but they have this weakness that allows arbitrary code execution of any file that I can get into my home directory(anything on the internet or that I host myself). I could definetly gain administrative access this way, and probably do all sorts of things. But after their complete refusal to do anything sane with the computer system, I use it to occassionally get around their filtering proxy with an ssh connection to home, and also to use Firefox and Google Earth. It's not my responsibility to take care of their security, its just my responsibility to exploit it. If they're going to try to stop all sane communication to-and-from the school's computer. I can't in good concious help them.

Re:Problems with today's internet.

[chgros]

Of course the real problem is that the word 'hacking' (or hacker or any other variation) is a piss poor choice of a word if you want it to be associated with something good.
Is cutting wood something fundamentally wrong???

Re:Problems with today's internet.

[milimetric]

Word of advice: instead of hacking, trying paying attention in English class, specifically grammar.

Pot... Kettle.
Kettle... Pot

Re:Problems with today's internet.

[Procyon101]

Let me just say, that (assuming the OP wasn't karma whoring, which My karma-dar is going off pretty strong on) here you've got a kid who is genuinely fascinated with doing something with the computer beyond playing sims and halo 2 and you are chastising him? He even here admits to setting up a sandbox for the benign exploration of his curiosity, which he must be pretty passionate about to go to all the trouble.

You have a kid with a passion and you just can't wait to knock the wind out of his sails on Slashdot? You tell him his ideas are worthless... learn the stuff that doesn't interest you (yet) instead of wasting your time poking and proding and experimenting. You need to learn solid Engineering principles.. yada yada yada. The kid LOVES what he is DOING and it he is learning alot right now and having a grand time doing it. If he sticks with it, eventually he will learn to do larger, and in your opinion "more productive" programming, but it will be with a greater appreciation for the art than if some dull logician tried to shove java down his unwilling throat. I don't chastise toddlers for whacking rubber balls with plasic hammers because they could be doing something "productive". Screw you; let a kid have a dream. If we don't squash it he'll probably end up showing us all up in 20 years.

Re:Problems with today's internet.

[Billosaur]

Yeah? What's your point? You don't see insecure deisign as a problem?

You better believe it's a problem. If he's so interested in programming and security, let him take classes and develop some skills and then get a job writing and testing virus scanners, or firewalls, or encryption algorithms. Just because I see someone make an illegal U-turn doesn't give me the "right" to stop and arrest them, and just because a system is insecure doesn't give a script-kiddie the "right" to hack it.

Re:Problems with today's internet.

[mooingyak]

The word 'hack' has many definitions. Some of them are neutral (like cutting wood). Some of them are negative, in ways completely unrelated to each other. Some examples:

* A rough, dry cough.
* One who undertakes unpleasant or distasteful tasks for money or reward.

Re:Problems with today's internet.

[Billosaur]

Let me just say, that (assuming the OP wasn't karma whoring, which My karma-dar is going off pretty strong on)...

To which I reply, what would be the point? Karma doesn't interest me, except in the concept of your actions and their results having an influence on your future.

You have a kid with a passion and you just can't wait to knock the wind out of his sails on Slashdot?

You bet! Because this is kind compared with what happens in the real world. He wants to hack his own box, fine (and that is precisely what I said originally) but past that, he's treading on thin ice. Hacking a system that is not your is simply wrong. He took his lumps for it and apparently has learned a lesson. I say apparently because the hacking bug, once it bites, seldom goes away. Once you get a taste of that power, what is there to really stop you from doing it again?

I don't want to pour cold water on anyone who wants to learn and enjoy what they are learning, but when you tread the thin line between legal and illegal, it's time for a new direction. If he's truly interested in making things more secure, then find a better way instead of tempting fate.

Re:Problems with today's internet.

[snookums]

There's a time and a place for security testing other people's systems. If you're playing around, and notice something that might be a security hole, correct solution is to find an admin that knows what they're talking about, and say "Hey, I see your system does , isn't that a problem?".

Hear, hear.

This kid has learned the same lesson that I did when I was at Uni (=college). Twice I got a slap on the wrist and a thread of Academic Misconduct hearing for "hacking". The first time, a friend left himself logged in to a public terminal. I put in a .rhosts allowing me to log in to his account from one of my accounts, and set up a cron job for him to mail the sysadmin every day with some uncomplimentary messages. The second time, I noticed that a mistake in the profile scripts for the main undergraduate CS system had put . in the path before /bin for all users. I created /tmp/ls as a shell script which echoed a warning about checking you $PATH and how I could have done very nasty things with their account. Of course, both of these were very traceable and I got into trouble.

The point of this story is not what I did, but what I learned. I didn't learn much about computer security -- I already knew about the weaknesses I'd exploited. What I learned was the correct way to deal with them. In the first case, I should have logged the friend out and then has a private word with him about his carelessness. In the second case, I should have promptly brought the flaw to the attention of the sysadmin and not attracted the attention of any malicious individuals who might have been inspired to create /tmp/rm as something really nasty. (Actually, when he called me in to his office, he let me help dig through the various scripts to find the source of the problem which was a great piece of practical experience for me.)

This kid has learned his lesson too. If you want practical experience in breaking computer security then you should set up a sandbox. Hell, grab yourself some virtualization software and set yourself up a whole virtual network.

Re:Problems with today's internet.

blame it on his parents. where's corporal punishment when you need it?

Re:Problems with today's internet.

[Tri0de]

"Hacking has a correct use, and then a meaning to idiots. Idiots like you.

I almost like it when fucking morons like you and yours use 'hacking' in a prejorative manner, it lets me know that they don't know shit about computers or technology and I can either stop reading right there or assume that everything else they say is wrong.

Re:Problems with today's internet.

[Procyon101]

I wasn't implying you might be karma whoring. PlayCleverFully is the one that sets off the radar ;)

I'd have to disagree with you that the hacking(cracking) bug seldomly goes away. It did with me and everyone I knew. A hacker's life tends to be one of curious exploration where you know just enough to be dangerous. Once you get good and the mystery on that level is gone, you have reached computer science and that's where you can do anything you can dream. Hacking is messing around with people's creations whereas science is messing around with God's :) Hacking is a fleeting stage in most people.

OTOH, playing around with the artificial construct of the human creations is where we pick up alot of the concepts which will later be our computer science or engineering "gut". Since it appears the kid has already gotten his hand slapped and found an alternative (legal) medium to mess around (he has ceased being the "cracker" and is now just a hacker) I can see very little things he could be doing that are MORE productive than beating up an old windows box through ethernet, since that is where his passion lies right now. If he was more passionate about writing a video game, then THAT's where his time should be spent. In his larval stage, his time is best spent where he doesn't spend it begrudgingly. He'll learn a lot no matter where he puts his time (hell, here I am, a fully experienced computer scientist and I'm learning alot right now setting up a scanner on a headless gentoo box :) )

Re:Problems with today's internet.

[drinkypoo]

Second, while I agree that he has no right to bypass security and enter other people's systems, he's also not dumping shit all over. He's not doing any permanent damage or anything that takes time/effort/money to fix. It's much closer to noticing that someone's front door is unlocked, and then letting yourself in and looking around a bit.

Note that in meatspace, this changes the nature of the crime quite a bit. If someone's door is locked and you kick it in and enter their house, then you're "breaking and entering". If it was unlocked, and you walk in without their permission, then the most you can get popped for (assuming you don't break or use anything) is trespassing, a much less serious crime, and in many jurisdictions you're not trespassing until you're ordered to depart and decline to do so.

Re:Problems with today's internet.

[nitpicking]I think the original mainframe hacks were so that a user could get more time or clock cycles (when these were both much more limited as resources than they are today) rather than privilege related[/nitpicking]

Re:Problems with today's internet.

[drinkypoo]

Found a way? Now, if you had spent your free period roaming around parking lot checking teachers' cars for unlocked doors, and then one of them turned out to be unlocked, would you then hasve simply been "messing around and found your way" into that car?

It's not illegal to open car doors and look inside, as long as they're not locked and you don't touch anything. Breaking into a car is illegal, damaging a car is illegal, and taking things that don't belong to you out of it is illegal, but it's not illegal to open an unlocked car and look inside or else all the people who park a car out someplace and don't lock it so that people can look in it and find out if they want to buy it would get pretty upset. Another piss-poor automotive analogy from the slashbots.

Would someone who is just "messing around" and finds that only a simple hammer or two-by-four is needed to get around your household "security" by just breaking a simple piece of glass?

That someone would be guilty of vandalism, breaking and entering, and maybe trespassing. The only thing this kid did (at least, the only thing that fits a meatspace analogy) is trespassing.

How about someone who is just a hobbyist B&E guy, who doesn't want to steal anything... he just wants to spend a couple of minutes looking through your underwear drawer. And so, since it only takes an amateur to break into pretty much any house, no harm done, right? He won't steal anything... just looking around!

As I mentioned in my previous comment (which is newer than your comment, so I'm just mentioning it) if you don't actually break in it changes the nature of the crime from "breaking and entering" to "trespassing" - if that.

He didn't have to damage the software to enter, right? So why is this so serious, when walking into someone's unlocked house isn't?

Remember, set up your own comp to hack into, you will gain the knowledge from seeing how these things work, and not get in trouble.

So, just learn how they work! There's endless material out there explaining it to you. If you want to set up a private network to do that, fine... but remember that practicing break-ins, when seen by other people, is still just practicing your break-in skills.

So what? All the best computer security professionals have not only broken into computers (you can't prove it can be done without doing it and you can't do it unless you know how) but most of them have actually also written exploit proof of concept tools and such. That's right, they've developed software for circumvention of access protection! That's prohibited by the DMCA! Oh noes!

Re:Problems with today's internet.

[drinkypoo]

Yeah, he stays in jail until he gets bailed out, then he gets busted for trespassing, but since you left a door/window open he didn't have to break in which is what changes it to B&E, and then he gets 20 hours of community service and a strong admonition to stay out of other people's houses. Some kid who noses around in a computer system could get years in the lockup. At least one of these situations should change.

Re:Problems with today's internet.

[mooingyak]

I suppose this is really closer to breaking and entering than trespass, since it's not a case of the door being unlocked but the lock on the door being worn out and rusty or very trivially picked. The lock is obviously insecure, but you still have to bypass it somehow to get in. Which in turn might make it a kind of attractive nuisance.

Re:Problems with today's internet.

[drinkypoo]

I don't know the details of the hack but it seems to me more like a doorknob that when you try to turn it lightly, seems locked, but when you wrench on it, it opens just fine, and it turns out to not have been locked. However, I really think that all of these metaphors disintegrate when you get close to the system and so IMO you really have to look at the damage done, and the intent. The first should be the most important factor, but if no damage is done, then you can look at the intent and decide if you should punish them as harshly anyway. Similarly, if there was damage, but they were trying not to do any, then the court might be inclined to be lenient if the benefit to society from leniency is greater. Certainly, putting people in prison tends to lead to more criminal activity, and the statistics bear that out.

Re:Problems with today's internet.

[hkb]

1. The correct word is cracking not hacking. Hacking was originally a word representing something good and useful, but has been taken over by the news media to bean somethine vile and disguisting. Cracking means breaking into something, in order to do vile and dispicable things. What you were doing was cracking, not hacking.

You're a complete moron and you're wrong, ESR Junior. You're either clueless and haven't been around long, or you're purposely trying to mislead people.

Re:Problems with today's internet.

[mooingyak]

From the Nth degree ancestor post (the one from playfullyclever):

I am a teenager and I have gotten in trouble with school for "hacking"

I had no malintentions, but I see why they have to do such penalties.

However, the main problem is that the code is not secure, not that I was messing around during a free period and found a way to bypass the "security."

It sounds like he wasn't supposed to go in, knew he wasn't supposed to go in, and tried to find a way anyway. We still don't know what he did, but it sounds like he had to do something to break in.

Do you have any links to research that indicates that prison time causes crime? I've heard various opinions on the subject, some of which are logical and support your position, but I don't know of any actual research done on the matter.

BTW, is your sig a quote from 'Bombtrack'? I could look it up but that feels like cheating.

Re:Problems with today's internet.

[javaxman]

No, before computers could talk to each other.

Funny, I thought I'd covered the "before computers could talk to each other case"...

Pretty much since computers had a way to communicate with one another... actually, before then, surely someone here has a story of trying to escalate their user privileges on some mainframe system somewhere.

I guess we get to agree on this one :-)

Re:Problems with today's internet.

[Cyno]

I guess we'll have to wait until he takes some classes and developes some skills and gets a job writing and testing virus scanners or firewalls or encryption algorithms before we'll get that securely designed system.

But you don't actually seem to care about real security. I think you're only interested in punishing people you consider beneath you, children, script-kiddies, etc.

Its the same problem we get from multi-billion dollar corps like Microsoft. Its not like they couldn't solve their security problems. They could have taken out ActiveX or set sane defaults or designed the system with security in mind from the start. The reason they don't is simple. Its not the most profitable short-term strategy. In the long-term there is no strategy. So you get what we have here. Which is the way you want it. Well, you get it.

Fortunately for me, I won't ever have to deal with script-kiddie problems. I'm an expert. Security is simple, stupid.

Re:Problems with today's internet.

[drinkypoo]

Do you have any links to research that indicates that prison time causes crime? I've heard various opinions on the subject, some of which are logical and support your position, but I don't know of any actual research done on the matter.

This isn't quite what you're looking for - so the short answer is no - but I find the following interesting: Bureau of Justice Statistics Criminal Offenders Statistics on Recidivism (and other info.)

The best part: "Of the 272,111 persons released from prisons in 15 States in 1994, an estimated 67.5% were rearrested for a felony or serious misdemeanor within 3 years, 46.9% were reconvicted, and 25.4% resentenced to prison for a new crime."

So no, I don't have a link, but the statistics are pretty telling, at least in telling us that our prison system isn't working to reduce crime. Oh sure, they'll tell you that crime drops when you increase sentences and all that shit - but as soon as they get out, they get sent back again... well, once they get caught.

And instead of just telling you the name of the song:

This time the bullet cold rocked ya
A yellow ribbon instead of a swastika
Nothing proper about ya propaganda
Fools follow rules when the set commands ya

The title of the song (more or less) is about two lines later.

Re:Problems with today's internet.

[mooingyak]

The problem with recidivism stats is that we don't really know what they would have done had things turned out different (not been caught) or with some alternate punishment/rehabilitation/whatever. The only way to be sure of what could happen is to execute everybody (which obviously has its own problems) or devise an acceptable but non-prison based form of punishment and see how the recidivism rates between the groups compare. And even then it only matters if the alternate does not incorporate the characteristics of prison that are suspected to cause recidivism.

I semi-cheated and listened to the album. I picked Bullet in the Head on the third try (after Bombtrack and Take the Power Back). It's been a couple years since I listened to that.

Re:Problems with today's internet.

It's not illegal to open car doors and look inside, as long as they're not locked and you don't touch anything. Breaking into a car is illegal, damaging a car is illegal, and taking things that don't belong to you out of it is illegal, but it's not illegal to open an unlocked car and look inside or else all the people who park a car out someplace and don't lock it so that people can look in it and find out if they want to buy it would get pretty upset. Another piss-poor automotive analogy from the slashbots.

It quite likely qualifies as Trespass, i.e. being within a boundary that you are not legally entitled to be within. Just because property doesn't have a fence, or a visible boundary, or locks on the access points doesn't mean that trespass won't be prosecuted.

Re:Problems with today's internet.

I am a teenager ... but I see why they have to do such penalties.

Teenager!? Lies! Oh teh lies!

Re:Problems with today's internet.

[drinkypoo]

At least in California, you're not trespassing until someone tells you to leave and you refuse. Those "POSTED Tresspassing KEEP OUT" signs mean jack diddly in court. However, the cops aren't allowed on your land without a warrant if you have a locked gate and no breaks in the fence, for what that's worth...

Re:Problems with today's internet.

[gowen]

The correct word is cracking not hacking. Hacking was originally a word representing something good and useful, but has been taken over by the news media to bean somethine vile and disguisting.

Well, before that, hacking meant riding your horse over open countryside, or striking repeatedly at something with an edged implement. So, I suggest that if you want the right to uniquely define what your neologism means, you should start with a word that doesn't already have a load of different meanings.

Re:Problems with today's internet.

I disagree. As someone who was 'high school hacker' during my high school days, I'm pretty sure that laying a blanket statement against high school hackers is bad. Sure there are those people who break into the system to change grades or mess with the teachers or something, but my friends and I were not those people. We would hack boxes because if you didn't you couldn't run programs you had created in the programming labs on the computers, due to heavy handed security measures. In the library, we were unable to do research because of net filters and such. Our computer teacher (off the books of course) encouraged us to try and hack her laptop. There is no better way to learn how a computer / net system works then trying to figure out what breaks it and what doesn't. Reading a good programming book teaches you none of those things... practice makes perfect. And yes occasionally we did break into the grading system, because that was a bigger challenge then any other computer on the school net, although we never changed anything(to my knowledge) except for a file in the roots home dir listing how we were able to break in. Nothing ever came to us of this, and eventually our method of breaking into the computers didn't work anymore.

Just my two cents.

There's a Botnet named Brain?

[Prairiewest]

Every once in a while I misread the Slashdot article titles - albeit because they're worded in such as way as to be easily misconstrued. Do the editors do this on purpose just to mess with my head? Is that part of the fun of being an editor? :)

Re:There's a Botnet named Brain?

[PhysicsPhil]

A botnet named Brain. Coming soon, a botnet named Pinky.

Re:There's a Botnet named Brain?

[Ken_g6]

Or better yet, a botnet formed a brain!

Today the infamous Botnet Brain pled guilty to attempting to take over the world. It has agreed not to infect any more computers, and will spend the rest of its days in jail computer labs performing community service.

Re:There's a Botnet named Brain?

[Spaceman40]

Do the editors do this on purpose just to mess with my head?

Actually, it was most likely the submitter - just to mess with your head. :-P

All windows systems?

[joshsnow]

'He hijacked somewhere in the area of half a million computer systems

One assumes these were all systems running MS Windows? Firewalls, spyware detection software, alternatives to IE and Outlook express - the world needs educating.

:)

Thats all?

[catahoula10]

From the link:
"Under a plea agreement, Mr Ancheta is expected to receive from four years to six years in prison when he is sentenced on 1 May, though the deal has to be approved by a judge.
He also agreed to pay $15,000 (£8,800) in restitution to the military facilities affected and forfeit the proceeds of his illicit activities, including more than $60,000 (£35,000) in cash and a 1993 BMW. "

Anyone believe he had only 60 thousand in the bank?

4-6 years, will probably get out in 2.

Just a slap on the hand.

Re:Thats all?

[SharpFang]

Just make sure everyone in the prison knows what the guy did, and the sentence will get extended with lifetime requirement to use diapers.

Re:Thats all?

That sentence is way too light. There ought to be some per-victim punishment.

Get this guy out of the gene pool, his balls should be cat food.

Re:Thats all?

[John+Hasler]

> Just a slap on the hand.

Even two years in prison is certainly not a "slap on the hand". The problem here is not insufficient punishment. it's insufficient enforcement. If he had not made the mistake of breaking into military computers he would have never been prosecuted.

Re:Thats all?

[abbamouse]

This is a federal trial. There is no parole in federal prison. Six years means six years. Oh, and I suspect they'll insist on the standard "you can't work with a computer" clause that will keep the guy from making a decent living for another decade after he leaves prison.

Not that I have any sympathy for the scum.

Re:Thats all?

[slashdotnickname]

4-6 years, will probably get out in 2.
Just a slap on the hand.

Yeah but this is 2 years in an U.S. prison... do you know what they do to a chubby tech guys with soft hands in a federal prison?!!!

I give the guy 2 days before this happens:

"Oh, so you think you're smarter than me cuz work on 'em magic box things?"

*ziiip*

GAME OVER!

Re:Thats all?

Yeah because prison rape is really something funny to laugh about.

Hey gues what he will probally get aids too. How cool is that !!1111!

Re:Thats all?

[ivan256]

Anyone believe he had only 60 thousand in the bank?

I'm actually impressed he had $60K sitting around. Most of these guys blow every penny on stupid shit.

Re:Thats all?

[swb]

I would think that if you were in this guy's line of work or other similar occupation, you'd strongly consider buying some rural land under a fake name and burying money in a pvc pipe for later.

Re:Thats all?

[John+Hasler]

> Oh, and I suspect they'll insist on the standard "you can't work
> with a computer" clause that will keep the guy from making a decent
> living for another decade after he leaves prison.

Such "clauses" are always conditions of parole and expire at the end of the sentence.

Re:Thats all?

[putko]

Exactly. Restricting freedom after someone does their time is wrong -- they either do their punishment and rejoin society (perhaps losing some rights, like the right to vote) -- or they are still being punished.

Also, that why some "hard" cases tell the state they don't want parole. Because when they get out, they want the freedom to be bad to the fucking bone.

Mr. Ball Peen hammer killer was like that: he killed his math prof with a ball peen hammer in front of his class. He didn't want parole, with its irritating terms like sometimes calling in to say if you've been by the hardware store lately, because some hammer is calling for you to resuce it from a life of drudgery. The ball peen hammer killer wanted to be a free man.

I think got he got in trouble just after getting out though. Surprise surprise.

Rope. Tree. Neck.

[NoseBag]

...some assembly required.

Now that I vented a bit I'll grant that this statement is probably excessive, but - dammit! - this guys crud affected us all. Throw the book at him. He should never be allowed access to the net or a PC again.

Re:Rope. Tree. Neck.

[Cheeze]

I think they should ship him off to India to be a tech support lackey for a few years. At least then, he indirectly gets to clean up his own mess.

Re:Rope. Tree. Neck.

[LaCosaNostradamus]

"Rope. Tree. Neck. ...some assembly required."

Some? That's a stretch.

{ducks}

If he was smart...

[Opportunist]

he'd have made sure his bots don't infect .mil and .gov computers, and nobody would've cared...

Re:If he was smart...

[HTL2001]

yea... you see that on virus definitions quite frequently... that the virus avoids .gov and things like microsoft.com

Re:If he was smart...

[Opportunist]

Another one in the biz? :)

The "do not infect" list of some viri is rather interesting to read...

"ZOMG HE HAXORED TEH MILITARY!11!111"

[Caspian]

The "mainstream media" story on this guy that I read (on cnn.com, probably provided via the Associated Press) prominently mentioned the fact that some of the computers this guy controlled were military computers. The first thing that struck me upon reading that was "they're just trying to make tihs guy seem more sinister than he actually is; his software probably infected those military computers randomly, the same way they infected any others." How much do you wanna bet that all this "ZOMG HE HAXORED TEH MILITARY!11!111 EVIL TERORIST HAXOR!111!111" brouhaha boils down to some lame-brained civvies working menial office or consulting jobs for the military getting their work machines (connected to the commodity Internet) infected?

The story was phrased in such a way that would easily make a technologically naive reader go "Wow, he 'hacked into' the military, so evil", but in reality, it was probably all done by his software.

Re:"ZOMG HE HAXORED TEH MILITARY!11!111"

[Opportunist]

Sure, what else?

The .mil area is just like any other. No matter how top-secret and ultra-tight some areas are, others are just day to day routine office desk jobs. There are normal people doing normal routine accounting, they get normal, spam email, they have normal, uneducated techs...

Just like any office in Anywhere, USA.

I bet you my new computer 'gainst an ice cream cone that THIS is the kind of computer that got affected. Not the ultra-top-super-hyper-secret machine buried somewhere under Area 51.

Re:"ZOMG HE HAXORED TEH MILITARY!11!111"

[Caspian]

Of course, as I surmised as well. But that's not what Joe Reader will think when he reads stories stating that some guy infected military computers.

Re:"ZOMG HE HAXORED TEH MILITARY!11!111"

[amigabill]

The story was phrased in such a way that would easily make a technologically naive reader go "Wow, he 'hacked into' the military, so evil", but in reality, it was probably all done by his software.

If they wanted to make him a poster child for why not to hack the military, they probably could have thrown the Patriot Act at him, called him an enemy combatant instead of a criminal, thrown him in jail someplace and forget about him and no one would ever see him again...

Re:"ZOMG HE HAXORED TEH MILITARY!11!111"

What's more alarming is that the military doesn't have strict enough controls to avoid being 0wn3d by some worm.

Re:"ZOMG HE HAXORED TEH MILITARY!11!111"

[Caspian]

Sure, but that would have backfired. He would have gotten a reasonably competent lawyer, who would have demonstrated that the military computers [A] were not connected to any high-security networks and [B] (more importantly) were "hacked" by automated systems, NOT by this guy.

Re:"ZOMG HE HAXORED TEH MILITARY!11!111"

[Caspian]

What's more alarming still is that the military runs Windows at all! They should be running OpenBSD or the NSA's secure GNU/Linux dist (forget its name) on both desktops AND servers. Yes, it'd be "inconvenient" for stupid-assed soldiers who only know Windows, but tough shit-- it's the fucking military, it's supposed to be as secure as possible (and, when you need to connect things to the Internet, OpenBSD pretty much fits that bill).

Re:"ZOMG HE HAXORED TEH MILITARY!11!111"

and, when you need to connect things to the Internet, OpenBSD pretty much fits that bill

Yes, and we all know with our govnerment's special relationship with Theo that this will happen shortly!

So that's how he got caught...

[thePowerOfGrayskull]

He also agreed to pay $15,000 (£8,800) in restitution to the military facilities affected and forfeit the proceeds of his illicit activities, including more than $60,000 (£35,000) in cash and a 1993 BMW.
If he hadn't have gotten that BMW, they might have never suspected...

Good deal for him

[99luftballon]

So he serves two years with good behavior, comes out to enjoy his earnings a little later and in the meantime gets to pick up lots of useful contacts inside.

I'd recommend the complete stripping of all assets as a two year community service order upgrading spam filters.

Re:Good deal for him

[budgenator]

No he'll serve a minimum of four years inside, and to get out early he'll have to
agree to the terms of parole which will cover at least the remainder of the six years
1. no computer or internet access
2. his residence is searchable without probable cause
3. he'll have to pay the restition (at least $15,000) and for his weekly appointments with his parole officer.
4 he'll have to pay interest and penalties to the IRS for the income on ttheillicit proceeds he had to surrender.
5. and of course he'll have to maintain a job while on parole and afterwards, probably flipping hamburgers for minimum wage

he's fucked in ways most of us will never understand, just consider the implications of items 3 through 5.

Re:Good deal for him

[HardCase]

Actually, since it's a federal case and he's in a federal prison, he'll serve the full term. There's no parole in the federal prison system. You serve what you get.

-h-

Re:Good deal for him

[GoodOmens]

Maybe they will make him take some english classes. Or was I the only one to read and laugh at the quotes in the pdf file?

Re:Good deal for him

[budgenator]

To look good to the parole board
1. High/school completetion or GED backed by some college or trade school while in.
2. AA or NarcAnon, maybe joining a religious group
3. no tickets, they'll set him back about 6 mo.s for a minor, a major will basicaly eliminated his early out.
4. good job record on that prison job paying $0.28 an hour
that's a Lot of tickets to get punched in four years

Attack of the BotNet Infected Zombies!

[digitaldc]

Mr Ancheta admitted selling access to his botnet to firms which fed pop-up ads to the infected computers.

This sounds like some B-rate horror movie about a blackmailing mad scientist finally getting his revenge.

How do these 'firms' escape prosecution when they contributed to this whole mess?
Why is it that this one guy gets singled-out for wrongdoing, isn't this a collaborative affair?

Re:Attack of the BotNet Infected Zombies!

[Opportunist]

You really DO want to cause another dot.com stock crash, right?

Jeesh, no reverence for shareholder values the young people of today...

New business plan

[digidave]

Summary: "includes a step-by-step account of how someone goes about setting up an adware business, manages botnets and (thankfully) gets caught."

1. Setup adware company.
2. Manage botnets.
3. Skip getting caught step.
4. Profit!

Now that's an interesting legal precedent

[77Punker]

The botnet brain plead guilty. That's really something. Now that a neural network of computers can be put on trial in court, what's next for our judicial system? Also, when did a "brain" of computers gain the ability to reason its own guilt?

Well, no time to read the summary. Gotta go to class!

Huh?

[thePowerOfGrayskull]

Botnet Brain Pleads Guilty
Wow. The AI in botnets must have come a really long way while I wasn't looking.

Jenna Jameson a botnet brain?

[Jack+Johnson]

I've loaded the main page three times today and read it that way every time.

I wonder if MS could get more bang for its buck...

[buddyglass]

...by just offering bounties to law enforcement agencies for the arrest and incarceration of guys like this? I mean, they've got cash to burn, and are by all accounts sinking alot into security enhancement, regardless of how effective you think that effort has been. Maybe offering $100k to the individual(s) responsible for getting a conviction would motivate law enforcment officials to devote more energy to these types of crimes. MS could also supply engineers with technical expertise if a smaller agency didn't have the requisite know-how in-house.

KILL ALL HYPOCRITES!

[Thud457]

He should get the same treatment that Sony got.

Re:KILL ALL HYPOCRITES!

[Tarkadot]

Which would be what?
Having to offer a coupon for 5$ worth of free pop-ups to each of his victims?

WTF

[louden+obscure]

FTFA "Among the machines infected were US military computers in California and in Virginia."

nice to see my tax dollars hard at work first buying redmond software, then being exploited for profit. i am disappointed that a 1993 beemer was the best they could do vehicle wise. what do gates and ballmer drive?

Re:WTF

[el_gordo101]

Apparently, Bill has a soft spot for exotic Porsches.

The only question that I have is......

[8127972]

..... Is the botnet that he created and sold access to still around? Is it still a potential threat?

TFA isn't clear on this point.

PARENT IS NOT OFF-TOPIC.

[Caspian]

Mods are on crack. Read the parent post; it's specifically about this "botnet brain" guy and what he allegedly did.

i know i'm safe

[blhack]

Well thank god I just upgraded to AOL 35.0 for broadband, now with Uber anti-hax0r security suite!

Re:i know i'm safe

[c4ffeine]

I've heard that it has a new security feature. When you break in, it says, "Congratulations, you're now an AOL user". It's the only security software with a 100% success rate...

Re:I wonder if MS could get more bang for its buck

[jfengel]

There are ethical issues associated with tipping law enforcement officials. Police, etc. are supposed to be unbiased, responding equally no matter who has been harmed. When rich people or corporations start paying for better service, genuine gratitude becomes bribery rather quickly.

You can offer them some coffee and cherry pie, but that's about it.

Man, did they ever stop short.

[mmell]

He was accused of taking advantages of flaws in Microsoft's Windows operating system . . .

Exactly what portion of liability is Microsoft's? If I were to manufacture and sell any tangible product with so many demonstrable flaws, I would be spending my days making out judgement checks and issuing product recalls.

Which reminds me . . . has this kind of thing (cracking) ever resulted in a fatality? I would be very interested in seeing how our courts adjudicate a proceeding in which someone has been killed or injured due to a computer exploit.

Re:Man, did they ever stop short.

[Genjurosan]

Read the comments above about breaking a home window and filling that home with shit.

Microsoft has no liability, nor should they.

Re:Man, did they ever stop short.

[celticryan]

the next Law and Order Series: Law and Order: IT. They can deal with the horrors of crackin' systems in a world that cannot spend more then 2 hours away from their computer at a time...

Re:Man, did they ever stop short.

[wayward]

I'm not aware of cracking resulting in a fatality, but I remember reading about people breaking into the Sloan-Kettering Cancer Center. Maybe a safety-critical communication system, e.g. air traffic control, being cracked could result in fatalities.

heh

[JavaLord]

From Page 2 of the pdf:

ACHETA used the following usernames ...., IamJames85@yahoo.com...

That must have been a tough catch. Obviously this man is a super hacker.

Re:I wonder if MS could get more bang for its buck

[Opportunist]

That ain't something you can hand to your marketing department as a hook to make managers buy your junk. If you put a bounty on every head that hacks your system, a manager will only ask "yeah. But how does that make MY system more secure?"

On the other hand, if you, an (amongst managers) highly respected, company tell him that you invested $100k into making your system "more secure" (don't bother trying to tell him how, he won't understand), he'll buy it. Because you spent $100k to make it more secure.

Re:I wonder if MS could get more bang for its buck

[John+Hasler]

> ...by just offering bounties to law enforcement agencies for the
> arrest and incarceration of guys like this?

Trouble is, if he had stayed away from the military computers he'd be safe. Taking over 500,000 home computers is not a violation of the computer fraud and abuse act.

You know when you're really in trouble when....

... the press includes your middle name when they announce who you are.

Re:You know when you're really in trouble when....

[Procyon101]

And I thought that rule was only for serial killers!

Re:You know when you're really in trouble when....

[MedBob]

It's just like your parents using your middle name....

He is a fool...

[freedom_india]

He is a fool and an ignorant idiot... He should have settled for $7.50 per infraction with one audio album (created by himself) downloadable free from his site.

Don't these fuckers learn anything from news?

Send presents

[www.sorehands.com]

Why not send his cellmate some of the penis enlargment pills and cialis pills that his botnet sent?

Re: Liability

[mmell]

Poor analogy. A computer OS is not like a pane of glass; it's understood that the glass windows on your house are subject to breaking easily, it's inherent in their nature. You can't say the same thing about Microsoft Wind. . .

Oh, wait. Never mind.

Re:I wonder if MS could get more bang for its buck

[buddyglass]

Are you just speaking ethically in the abstract, or are there actual laws in place to prevent such "tipping" of law enforcment officials?

Perhaps, rather than tipping individuals, they could tip entire agencies. Maybe do some sort of cooperative deal with the FBI whereby they (largely) fund a specific computer crime unit dedicated to busting up botnets.

I understand this isn't something marketing can easily "package" for purchasing managers, but it seems like something that could give them (Microsoft)a little PR boost. So many people despise spam and malware, they could score points just by casting themselves as the company that's "sticking it to the bad guys". I know I'd give them a virtual high-five.

Re:I wonder if MS could get more bang for its buck

[buddyglass]

Solution: have a non-sensitive branch of the military set up a honeypot. Allow it to become infected. Then use it as a means to prosecute botnet administrators under the tougher law.

Re:Thats all? Funny

Yes because both american women and american men hate men; it's how the 19th ammendment was ratified. No wonder the middle east hates us: the men there don't hate themselves or eachother, do not want worthless whores for wives, do not want to be jailed for marrying young females nor divorced by them nor have their children taken from them.

Re:I wonder if MS could get more bang for its buck

[jfengel]

I'm not a lawyer, but I'm fairly certain that most if not all jurisdictions have laws preventing people from giving money to law enforcement officials.

I'd love to see law enforcement at all levels be more appropriately focused. It's all a question of resources: more officers/agents spent catching dipsticks like in this article is fewer agents catching terrorists, copyright infringers, and Martin Luther King Jr. But if private investment made the job more lucrative, maybe there would be more people willing to do it.

Doh! Forgot one line in my botnet program.

[pahoran]

He'd be rich now if he hadn't forgotten this little snippet:

if (hostname == chinalake.mil ||
        hostname == disa.mil ||
        hostname == *.mil) { /* don't try to exploit this network */

}

What about Sony?

Didn't Sony manage to get their rootkit onto more gubberment computers than Ancheta? Too bad he couldn't afford Sony's lawyers...

1/2 Million PC's - is that a lot?

[daveb]

'He hijacked somewhere in the area of half a million computer systems.

Sure 500,000 PC's is quite a few - but does this really stack up as a MAJOR botnet? I would have thought multiple millions of devices would be involved in the really major league events. No?

Re:1/2 Million PC's - is that a lot?

[Sigg3.net]

Sure 500,000 PC's is quite a few - but does this really stack up as a MAJOR botnet? I would have thought multiple millions of devices would be involved in the really major league events. No?

Heeey! I know you!
You're the guy from the cinema, right? In the middle of King Kong you stood up shouting: "What?! There's ONLY ONE MONKEY!?! AND HE DIES?!!"
I knew there was something familiar with your nick, Dave.

I've hacked school computers

[SheeEttin]

I've hacked school computers... and I never got in trouble.
Why? Simple. Didn't get caught.

It's simple--if you're going to change something, change it back before you go. Either that or create yourself a new account and keep it ultra-secure.
And don't go around telling the admin password to random people. If you do, teacher's'll hear about it, and pass it along to the deans and such. Then the passwords will be changed and the computers'll be locked up even tighter.

Oh, and one more thing: if your school has computers that need to be "ghosted" (as in Norton Ghost), check out C:\Deploy. The ini file in there should be interesting, especially the adminpassword= and encryptadminpassword="no" lines.

Professional Hacker==QA Analyst==Security Expert

[jaaronc]

Hacking is not for everyone, but being able to find holes in security IS a job skill. As a Network Admin, a QA analyst, or a Software Engineer trying to create secure software, the ability to spot vulnerabilities is key. Hacking (or cracking, if you prefer) into a system that you've set up yourself is a great hands-on learning experience. I will agree that hacking into a system that does not belong to you is immoral, and fortunatly this student has realized this and moved on to one that does, and encourages others to do the same. The knowledge gained by this activity can be used for either good or bad, but that's pretty universal when it comes to knowledge. The knowledge itself is pretty much amoral.

(Side to student) Ignore the comment about grammer -- not many people on /. paid much attention to grammer...

Where's the connection?

The article about Ancheta's arrest last October says that 3 men were arrested in Holland. I don't really see the connection to this article, was he one of those 3 men arrested last year? if so, what happened to the other 2?

Corporate Cops

[MochaMan]

While I agree with you that I'd like to see more arrests of this type, corporate-funded bounties are not the answer.

The practical consequences of such a scheme are that the police will have added incentive to pursue crimes/criminals with bounties than those without. This would give large corporations undue influence over the police, who are supposed to be acting in the interests of the community at large.

The logical extreme of this is the privatisation of the police and a 'user pay' scheme, where if you want the burglary of your home investigated, you pay a fee. Services go to the highest bidder, and chances are the multi-national corporations can afford more than you can.

Consider if you'd like your police funded by the RIAA, MPAA, Disney, Microsoft, and the banks.