Microsoft Tricks Hacker Into Jail

CompotatoJ writes "Wired News reported that William 'IllWill' Genovese was sentenced to prison after being tricked by a Microsoft Investigator offering to pay $20 for a copy of the secret source code. From the article: 'The investigator then returned and arranged a second $20 transaction for an FBI agent, which led to Genovese's indictment under the U.S. Economic Espionage Act, which makes it a felony to sell a company's stolen trade secrets ... [Microsoft] has also expressed fears that making its source code public could allow hackers to find security holes in Microsoft products -- though, so far, intruders are doing fine without the source.'"

$200?

[Tx]

You paid $200 for the Windows source? Dude, you got ripped off!

Re:$200?

[Elitist_Phoenix]

I paid $200 for Windows and the source code wasn't included. I got ripped, I mean how am I meant to get applications to compile when I don't have the full kernel source?!

Re:$200?

[smchris]

William 'IllWill' Genovese was sentenced to prison after being tricked by a Microsoft Investigator offering to pay $200 for a copy of the secret source code. From the article: 'The investigator then returned and arranged a second $20 transaction for an FBI agent

Actually, sounds like Microsoft got the FBI a deal. Maybe we should put them in charge of the GSA and the government wouldn't be paying $5000 for popcorn poppers.

Re:$200?

[thesnarky1]

Yea, but he paid with YOUR Paypal account...

Re:$200?

I didn't pay $200 for windows and I didn't even get it :P

Re:$200?

I mean how am I meant to get applications to compile when I don't have the full kernel source?!

Err, you know, Windows has had a stable API (and ABI) since 1.0.

Unlike a certain open source OS with moronic, egomanic developers that change the kernel- and userspace API and ABI at will.

Re:$200?

[Inquisitus]

I sense a sense of humour failure.

Re:$200?

[Mattcelt]

Err, you know, Windows has had a stable API (and ABI) since 1.0.

And it is this stubborn refusal to update the API that allows the same attacks (buffer overflows, etc.) to be successful through four generations of OS.

Microsoft's vulnerabilities aren't just the result of pushy managers and sloppy coding - it's because the APIs weren't written with security in mind, and they have more holes than swiss cheese.

Re:$200?

[dana340]

Well, this is why we pay thousands for Visual Studio, with coding that is differnt from the rest world. just so we can compile for windows. That's fair, right?

Summary wrong, $20 not $200

[Agelmar]

The summary is wrong. It says the investigator paid $200. From TFA:
"According to court records, an investigator hired by Microsoft took Genovese up on his offer and dropped two Hamiltons on the secret source code". Hamilton is on the $10 bill, not the $100 (That would be Franklin). Two Hamiltons is $20, hence the next sentence saying "...another $20 transaction..."

Re:Summary wrong, $20 not $200

[John+Nowak]

Submitter actin' like he never seen a ten before.

Re:Summary wrong, $20 not $200

[Cerberus7]

Snack attack, mutha f*****!!!

Re:Summary wrong, $20 not $200

[Zenmonkeycat]

Maybe he's really rich and he never has to look at anything below a Grant. Or maybe (probably) his entire life savings is invested in one "really nice-looking" Lincoln. Hey, it /is/ a 1995 series, which means it /could/ go up in value!

Re:Summary wrong, $20 not $200

[chris+macura]

It's slashdot, the GP meant that the submitter had never seen a woman "rated" 10. ;-)

Re:Summary wrong, $20 not $200

You could call him Aaron Burr from the way he was droppin' Hamiltons.

Re:Summary wrong, $20 not $200

[Irish_Samurai]

crazy delicious

Re:Summary wrong, $20 not $200

[Mattwolf7]

Well when you live in Mom's basement you never have to touch the money, she always runs to the store for you

Re:Summary wrong, $20 not $200

[ghostfacehallik]

This guy got busted for a fed. offence for 20 Bucks? what a dumba**!!!!!

Re:Summary wrong, $20 not $200

[bombadier_beetle]

Kernel leaks + ping of death = crazy delicious!

Re:Summary wrong, $20 not $200

[JThundley]

It's all about the Hamiltons baby!

Re:Summary wrong, $20 not $200

[CompotatoJ]

Thanks. The article is already changed. I did write $200. I know the difference between a Franklin and a Hamilton, I was just a little tired last night, and I misinterpreted the article.

Re:Summary wrong, $20 not $200

[Funkmaster_G]

You'd think they were Aaron Burr by the way they drop Hamiltons

Re:Semantics...

[EVil+Lawyer]

Um, no...this isn't even remotely entrapment.

Available on P2P?

[killeena]

I haven't exactly gone looking for it or anything, but isn't the Windows source code available on P2P?

If so, that is pretty damn stupid to be selling something that is readily available like that. I am betting these undercover folks would be his only customers.

Re:Available on P2P?

[NetRAVEN5000]

I'm sure it's available on P2P. . . but do you really think MS doesn't also have fake versions on P2P? Plus, it's probably a HUGE download, so it'd take forever on P2P - but I'm assuming the guy is burning it to a CD when he sells it or making it available through a high-speed connection.

Re:Available on P2P?

[Kadin2048]

I think that's essentially going to be the guy's (admittedly lame) defense -- he didn't actually acquire/misappropriate the source from Microsoft originally, it sounds like he got it from P2P, and then offered it on his website and burned it to CD (or something else) and gave it to the undercover investigator for $20.

I'm not entirely certain with how trade secret law works -- my very vague understanding of it was that you can only go after the first person who steals it from you; once the secret gets into the public domain, secondary redistribution isn't punishable. Perhaps that only works if the distributer can argue successfully that it had already been so diluted, it wasn't a trade secret anymore.

Regardless of the trade secrets, they almost certainly have him for copyright violations anyway, so when the Feds get done with him, then they can move in with a civil suit to fight over the corpse.

Re:Available on P2P?

[geoffspear]

I'm not entirely sure how law works either, but if you think he's going to use that or anything else as his defense, when he's already been covicted and sentenced, you understand the law a lot worse than most people.

See, you're supposed to defend yourself before you're sent to prison.

Re:Available on P2P?

When you download it from P2P, it looks so full of bugs and poorly written, it can't be the real thing!

Re:Available on P2P?

[MindStalker]

I'm not entirely sure how slashdot works either, but if you think he read the article, before he posted his comment, you understand slashdot a lot worse than most people.

See, you're supposed to post first before anyone else can.

Re:Available on P2P?

[BrokenHalo]

...if the distributer can argue successfully that it had already been so diluted, it wasn't a trade secret anymore.

Fair enough; but I would have thought the MS source code wouldn't have been worth keeping secret in the first place, let alone redistributing.

Microsoft's claim that "making its source code public could allow hackers to find security holes in Microsoft products" is putting the cart before the horse. Sure they want to make a buck or two out of selling their binaries, but given their record for dealing with security holes, there is a good argument for giving anyone who finds them a pat on the back, taking them out to lunch and/or giving him a well-paid job.

Re:Available on P2P?

[TheSpoom]

Step 1: Search for any well-known P2P program (Kazaa, SoulSeek, et al) on Google.
Step 2: Click the very top sponsored link.
Step 3: Awe at the fact that they're trying to sell it and yet are STILL in business.

Unfortunately, there are a lot of companies that profit on their customers' stupidity.

Re:Available on P2P?

[E++99]

Yes, it is/was available on P2P, and I believe the article said that the Feds were his only customers. And, yes, lawyers are basically saying that there was no case, as the code was in the public domain at that point. However, the poor sap took the advise of the public defender, so he'll be spending 2 years in jail.

I'd be all for going after the guy who originally distributed this, I think this case really sucks.

Re:Available on P2P?

[ClamIAm]

I'm not entirely certain with how trade secret law works -- my very vague understanding of it was that you can only go after the first person who steals it from you;

I know that in the US, there has been some law-mangling that strengthens trade secrets even after they are out. I don't know exactly what. But even if the secret is out, MS can/will claim copyright on the code.

Re:Available on P2P?

You, Sir, Are An Idiot.

Re:Available on P2P?

[chicagotypewriter]

what about ??? and profit? the two most important steps!

Re:Available on P2P?

If it's readily available, then it's not a trade secret. So, the charge relating to trade secrets is bogus. Also, if it is a trade secret then copyright does not attach (at least under the plain language of the Constitution -- unconstitutional copyright laws need not apply). So, Microsoft most certainly is in big trouble if others have gotten ahold of this. That assumes that this code is in fact what prosecutors/microsoft claims it is.

Also, is claiming code, which has been ordered released under a binding ruling of a court in Europe, is a trade secret really even remotely plausible? This is like the Sun-Mitnick shafting all over again.

Re:Available on P2P?

That was stinkin hilarious

Re:Available on P2P?

[thirdrock]

Best. Post. Ever.

Re:Available on P2P?

[rtb61]

Microsoft doing a little bit of marketing, "we really do what to pursue the criminals wrecking your user experience and blaming our software". This fellow of somewhat questionable character just has to pay with two years of his life and a further 3 years of monitoring (publically acknowledge monitoring, you other /.ers get the secret kind ;-)). As always no stone gets left unturned in microsoft's pursuit of M$=B$ marketing.

Re:Available on P2P?

[rjshields]

Plus, it's probably a HUGE download, so it'd take forever on P2P

That must be why no-one ever downloads DVD ISOs and other huge stuff from P2P ;)

Re:Available on P2P?

[NetRAVEN5000]

It could also be why most people prefer to just get Netflix and rip the DVDs themselves.

Re:Available on P2P?

[rjshields]

OK while you're there, can you grab me a copy of the windows source code?

electronic monitoring

[digitaldc]

...will serve three years of supervised release following his prison term, during which he'll be subject to electronic monitoring through special software installed on his computer

Looks like they have finally found a legal use for the Sony Rootkit.

Re:electronic monitoring

[frinkacheese]

This special software on his computer could be whats stopping him from using Linux on the desktop....

Re:electronic monitoring

[destuxor]

You really think the head of a crackers website buys CDs?

Re:electronic monitoring

[dchallender]

From the article
"At the time of the source-code sale, Genovese was on probation for computer trespass and eavesdropping after breaking into some private computers and installing keystroke-logging software."

Wonder if the "monitoring software" is something he is already intimately familiar with..?

Re:electronic monitoring

[AndroidCat]

No, but he'll sell you some for $200 each.

Re:electronic monitoring

[Trish21]

Now, he'll be "monitored by special software." ahh, the irony.

Hacker ?!

[ErrorBase]

Probably just someone stupid enough to think he can make a quick buck by downloading something from a p2p network.

Re:Hacker ?!

[Reignking]

Nah man, this guy got pwned!

Crown Jewels!

[LiquidCoooled]

The company has long maintained that the source code to Windows and other products are its crown jewels, and that making the code public could cause serious harm by stripping it of trade-secret status, and allowing competitors to duplicate the functionality of Microsoft software.

Come on - anybody can code up a BSOD if they really want to.

Should Mark from sysinternals be worried?

Re:Crown Jewels!

Should Mark from sysinternals be worried?

Yes; he encourages Win9x users to copy software from Win2k machines to their own, so perhaps Microsoft will try to send him to jail also.

In all seriousness though, I totally agree. There is nothing in the Windows source that is so brilliant that a competitor would need to copy it. In fact, there are very few original or unique ideas in there at all!

If Microsoft wants to make the claim that the Windows source is so valuable, then they need to produce higher-quality software.

Re:Crown Jewels!

"Should Mark from sysinternals be worried?"

Anyone else use that screensaver? I tried it once at work but it was so realistic (and common) that other coworkers would end up restarting a non-hung box out of habit! The implication is sad.

Re:Crown Jewels!

[Andrewkov]

As a general rule of thumb, don't install that screensaver on a server. Trust me on this.

Re:Crown Jewels!

[loraksus]

Goddamn buggy software. It bluescreened my computer and now it keeps rebooting. Looks like I'm going to have to reinstall as soon as I find my cd.
Dammit!

Source code?

[frinkacheese]

[Microsoft] has also expressed fears that making its source code public could allow hackers to find security holes in Microsoft products

But surely this is good as it'll result in a better, more secure product in the end?
I really do not see what is so secret about Windows source code, what trade secrets can you possible hide in it apart from sekret protocol dox?

Re:Source code?

I really do not see what is so secret about Windows source code, what trade secrets can you possible hide in it apart from sekret protocol dox?

You make them available and appealing to a wider group of people.

Re:Source code?

[symbolic]

But surely this is good as it'll result in a better, more secure product in the end?

Not necessarily. First you have the security flaw, then you have the endless meetings between various groups as they decide who gets to fix it, what else might be affected, etc. After that you have the specification drawn up to determine what resources will be required, and finally, someone decides if fixing it will result in a reasonable ROI. In this case, the "ROI" translates to "people at risk". This is the downside to proprietary software- everything is based on cost/benefit.

heh, microsoft monopoly

[musonica]

paid $200 and the go to jail..

Re:heh, microsoft monopoly

[Big+Nothing]

OMFG, your comment is funny on so many levels it's scary!

Re:heh, microsoft monopoly

Rather, it is recieve $200 and go to jail... :)

Re:Semantics...

[Richard_at_work]

Entrapped means the person was talked into doing something they otherwise wouldnt have done, tricked has similiar connotations. In this case I would say Microsoft caught him fair and square, and the transaction provided all the evidence required to jail him. Good riddance I say.

Re:Semantics...

[SeekerDarksteel]

No, I don't think anyone says "entrapped" because this case has as much to do with entrapment as it has to do with tea in China. Entrapment requires an agent of the government to coerce someone into comitting a crime they would not otherwise commit. In this case, the guilty party offered the source for sale on his website. This is like someone putting up a sign saying "Crack For Sale" in their yard. He was offering regardless of police interference. That's as far from coercion as you can get.

This is sooo untrue!

[cablepokerface]

I heard recently about three hackers which were charged but microsoft later dropped all charges and decided not sue. I believe their names were Whitman Price and Haddad.

Re:This is sooo untrue!

Didn't those guys win last season's The Amazing Survivors?

Re:This is sooo untrue!

Let me introduce you to a new word: who.

Let me also introduce you to a new concept: commas.

Re:This is sooo untrue!

[TClevenger]

Last season's winners?

No. Last season's losers.

Story from a first-person perspective

[nstrom]

You can read about this arrest from a first person perspective at William Genovese's website here. An interesting read, and he lists some of the e-mail and snail mail addresses used in the sting against him.

Re:Story from a first-person perspective

[IngramJames]

Here's a Google cache for that slashdotted site.

Apologies; "A HREF" doesn't seem to want to work with this on slashdot.
http://72.14.207.104/search?q=cache:7K18878iJ3gJ:w ww.illmob.org/+%22William+Genovese%22&hl=en&gl=uk& ct=clnk&cd=9&client=firefox-a"

Re:Story from a first-person perspective

[PsychicX]

I read through that blog, and...wow. That guy is a complete and utter moron. Can't even write a coherent sentence, and stupid as hell when it came to the sting against him too.

Re:Story from a first-person perspective

Having read his writing, I know all I need to know about his character. Good riddance. Too bad he didn't get a longer sentence.

btw, he left off the part where he cried all the way to NY and how his mommy had to post his bond.

Re:Story from a first-person perspective

[elrous0]

One phrase in the article pretty much says it all:

having been through 2 raids before

-Eric

Re:Story from a first-person perspective

What I found most interesting is his lack of understanding of why the investigator bought the video and had trouble downloading it. A snail mail package leaves a trail. An important part of the trail is the post office postage markings. It is a quick confirmation of where he was. City State and Post Office. It narrows down a national search quickly.

Re:Story from a first-person perspective

[AndroidCat]

So, what's his Slashdot username?

Re:Story from a first-person perspective

[heinousjay]

After reading that, I think it's safe to say he won't be getting any plum gigs from security companies when he gets out of prison.

Re:Story from a first-person perspective

[The+Breeze]

This guy is lucky as hell. He now has two years in prison to take some English writing classes. It's obvious he's been neglecting his english studies.

I read his diatribe and all I can think is, "wow, this moron is really almost 30 years old?!"

Re:Story from a first-person perspective

If the cure for cancer wasn't written to your standards, you'd miss it entirely...grammar commandos like yourself should spend more time learning how write web pages that don't look like alt.tripod instead of policing the quality of someone else's personal blog post. For those of you who didn't look at this dude's website and laugh your ass off, here it is: http://www.desertzephyr.com/

Re:Story from a first-person perspective

[pclminion]

Wow, that dude's a real bright spark, isn't he? The fact that he can't comprehend why he should go to prison for what he's done is astonishing. Blaming everyone else is modus operandii for the criminally stupid.

The only unfortunate thing is the connections he'll make while serving his two years. He'll probably be even more dangerous when he gets out.

Re:Those guys at Microsoft are smarter

[NetRAVEN5000]

No, they're not - they didn't even catch the person who stole it.

It even says in TFA:
"Genovese would have had a viable defense had he gone to trial, because the documents were widely available on peer-to-peer networks at the time of the sale, said Mark Rasch, a former Justice Department cybercrime prosecutor.

'This guy didn't participate in the misappropriation, and probably didn't conspire with anybody to misappropriate it,' said Rasch, a vice president at security company Solutionary."

Re:Ah, so THAT'S how they can get away w' entrapme

[InsaneGeek]

Why exactly do you think this is even remotely like entrapment? Here's a thought, since you obviously don't know what entrapment is, why don't you go and look up what it means before you engage your fingers here again.

So in theory, I can put Microsoft in jail, too

[layer3switch]

Only if I can sucker Microsoft to buy the Brooklyn Bridge...

---
Don't let the fools fool you. They are the clever ones."

Re:So in theory, I can put Microsoft in jail, too

[Americano]

Actually no... that would put you in jail for some type of fraud.

If Microsoft offered to sell YOU something that they had no right to profit from selling (i.e., The Brooklyn Bridge -- it's not their property, and they have no legal right to sell it, or profit from the sale of it), and you paid for it, then you would have a case against them, and could probably take them to court.

And you would then be roundly praised on /. for being The Man Who Took On Microsoft. Which would give you serious geek cred... as long as you wouldn't mind that everybody else would think you were just a dumb asshole who tried to purchase the Brooklyn Bridge.

Re:So in theory, I can put Microsoft in jail, too

[irablum]

If Microsoft offered to sell YOU something that they had no right to profit from selling (i.e., The Brooklyn Bridge -- it's not their property, and they have no legal right to sell it, or profit from the sale of it), and you paid for it, then you would have a case against them, and could probably take them to court.

You mean, like an operating system for my computer?

Ira

Re:So in theory, I can put Microsoft in jail, too

[Americano]

Well, sure, if you can explain your -- nonsensical -- apparent claim that Microsoft has no business profiting from the sale of an operating system that it created & owns...?

I know that here on Slashdot, bashing Microsoft is always in vogue (it's the new black!), but I can only see a couple meanings to your comment, and neither of them are even remotely reasonable.

1. You feel that Microsoft "forces" you to buy a computer with Windows on it. Last I checked, you could build your own, or buy stock hardware with no Operating System preinstalled. You're not compelled by Microsoft to do anything you don't want to do in that case.

2. You feel that Microsoft has no right to its Windows code base, because they've jacked most of their concepts from someone else. Which is kind of like saying that the people who work on Linux & it's associated applications have no rights to their code because they jacked their concepts from various Unix implementations. [Re-]Implementation of an existing good concept != Theft.

Re:So in theory, I can put Microsoft in jail, too

[irablum]

or 3. I was making a bad joke.

Realistically, 1 is closer to the truth. having built a new computer lately, I know that I spent several hundred dollars more to build my computer than I would have if I had purchased one pre-built with windows on it. so the answer is that I have to pay for the privledge of NOT buying windows. In other words, I'm paying Microsoft to not use their software. (of course, I'm not paying microsoft, I'm paying the store who in turn is paying the distributer who's paying the manufacturer (like dell) who is paying microsoft for the oem license)

Ira

Not entrapment

[msobkow]

For it to be entrapment, someone would have had to approach him with an offer to buy the stolen source code. He posted an offer to sell the source code on a website, so he initiated the exchange.

Re:Not entrapment

I think everyone other than Microsoft realized the offer to sell was not meant to be taken seriously.

Re:Not entrapment

[Americano]

Actually, for it to be entrapment, the government would have had to coerce or induce him to sell the source code when he was otherwise unwilling to do so. A conversation like this would be entrapment:

Gov't == Government Agent; DF == Dumb Fuck

Gov't: Psst. Hey. I want to buy the source code to the Microsoft Windows operating system, I hear you have it.
DF: No, I don't have it. And I wouldn't sell it anyway, even if I did. I'm a law-abiding citizen.
Gov't: Awww, come on. We KNOW you have it. You better sell it to us, or we'll break your kitten's knees.
DF: No, seriously, I don't want to!
Gov't: You sure? I really want to buy it from YOU. How about if I sweetened the offer -- I'll leave your pets alone, and I'll pay you one bazillion dollars for it.
DF: Well........ if you make it two bazillion dollars, and throw in a puppy, I'll think about it.
Gov't: Okay, great. Two bazillion dollars and one pokey little puppy for the source code? Deal!
DF: Okay, here it is. Where's my two bazillion? Hey! Wait! What?! Who are these guys in FBI coats?
[crashing, thumping, sound of handcuffs closing around DF's wrists]
Gov't: Ha ha ha... we knew we'd entrap you by offering you two bazillion dollars... you're going to jail son. Sippowitz! Take him down town.

It's not just a matter of approaching him with an offer to buy stolen source code... it's the inducement and/or coercion that constitutes entrapment.

Entrapment

[Fiachra06]

Unfortunatle it only counts as entrapment if the offer is made by a member of a law enforcment agency. Funny thing though technically if it's illegal to sell the stuff I would assume it's illegal to buy it so the microsoft investigator committed a crime too. If I were to buy illegal narcotics from someone and then tell the cops about it I would most likely be done for possession. These are the things I think about when I should be working. Ho hum.

Re:Entrapment

[gromitcode]

no it would not have been entrapment EVEN if it was a government law official, look up the meaning of entrapment before posting. entrapment requires a government official to talk into or coerce someone to do something illegal that they otherwise would not have done, this moron offered the code for sale on his web site and then followed through on his offer when approached. no entrapment, just another moron.

Re:Entrapment

[TheRaven64]

Microsoft owns the Windows source code, so they are presumably allowed to buy and sell copies of it. If you bought something someone had stolen from you[1], then you would probably not be liable for handling stolen goods. If you arranged to buy something that had been stolen from you, had the police arrive at the exchange, and were able to prove that the item had originally belonged to you (and been stolen), then this would probably lead to a quick arrest.

[1] Yes, copyright infringement is not theft, but the concept of original ownership is the same in both cases.

Re:Entrapment

[BarryNorton]

Unfortunatle it only counts as entrapment if the offer is made by a member of a law enforcment agency

The offer was made by the defendent (advertising on his web site), so entrapment doesn't come into it...

Re:Entrapment

[orielbean]

In the article, the investigator said he returned the money and then had the FBI guy buy it.

Re:Entrapment

I am sure that their terms of agreement has a clause that allows for them to investigate where their source code is going. As for the entrapment, the defendant allegedly started the transaction by advertising. It would be different if the FBI agent intiated the conversation and requested the stolen goods without said advertisement.

A police officer can't walk up to a scantly clad woman and hold out a $20, but a scantly clad police officer can wait for someone else to hold out a $20 and make a clear verbal offer ("Can you say that again, a little louder and into my only piece of jewelry please?").

Re:Entrapment

[JourneymanMereel]

The original purchase could not be considered entrapment because he did make the offer on his website, but according to his account of what happened, when the second purchase was made for the sake of the investigator he said that he "didnt [sic] have a copy of it anymore" and that the person contacting him "could prolly still find it on p2p etc." The contacting person apparently then claimed "'im too stupid to find that kinda stuff, if you can find it again ill give you $40 for your trouble'" which could be considered entrapment. (Suspect says no, cop sweetens pot).

Re:Entrapment

[ClamIAm]

I think it's more like if you had a cow stolen, and then you bought a calf born from that cow. Although I'm not sure how that would work if the guy that stole it tried to sell calves to other people.

Re:Entrapment

[MoneyT]

Part of entrapment is intent. That is, it's entrapment if you had no intention of comiting the illegal act but the cop provided incentive to coerce you into commiting the act. It would be pretty tough to argue that after having sold the source once, and then saying "I don't have it anymore" that he was unwilling to comit the crime. IANAL/IANALEO/IANAPL/YMMV

Re:Entrapment

[theJML]

If you bought something someone had stolen from you[1], then you would probably not be liable for handling stolen goods.

Isn't that like when someone asked if they could borrow your pencil and then tried to make you to buy it back from them? I believe the words Idiot and Gullible apply to someone who would actually pay money to get something they own back, especially if it's stolen. But hey, it's M$, so I guess that's accurate.

Re:Entrapment

[pclminion]

Funny thing though technically if it's illegal to sell the stuff I would assume it's illegal to buy it so the microsoft investigator committed a crime too.

You think it's illegal for a copyright holder to purchase their own copyrighted material from somebody? Uh...? How the hell does this compare to narcotics? Narcotics are an illegal substance, the MS Windows source code, to my knowledge is not (though it should be).

Notice corporate rights vs personal rights

Pamela Anderson's private home sex video stolen and sold is legal to sell because it's public interest a judge ruled.

Microsoft source code stolen and sold is industrial espionage with 3 year sentence.

Re:Notice corporate rights vs personal rights

It's really sad that personal rights and corporate rights have flipped so much. It use to be corporations had no rights. Someday this back-asswords world will be fixed. =/

Re:Notice corporate rights vs personal rights

[RzUpAnmsCwrds]

Pamela Anderson's private home sex video stolen and sold is legal to sell because it's public interest a judge ruled.

Microsoft source code stolen and sold is industrial espionage with 3 year sentence.


Pamela's sex video isn't trade secret. The source code to Windows is.

But, hey, why let facts get in the way of a nice anti-corporate comment?

Re:Notice corporate rights vs personal rights

[Cheapy]

If she was a prostitute it would be a trade secret of her...

Re:Notice corporate rights vs personal rights

[PatHMV]

Your AC comment would indeed be "insightful," were it not completely wrong. In the end, at least one company was forced to pay Pamela and Tommy Lee substantial damages for making the video available on the internet. The only battle that the porn people won was its claim that the couple signed away their rights in their initial settlement agreement with the porn people who first aired it. After the trial judge's throwing the case for internet distribution out of court was overturned on appeal, the porn people threw in the towel and judgment was rendered against them for the illegal distribution of the video.

Re:Notice corporate rights vs personal rights

Pamela's sex video isn't trade secret.

Of course it is. You don't think people were watching Baywatch hoping to catch a glimpse of her huge acting skills, do you?

Re:Notice corporate rights vs personal rights

Yeah, we ought to be asking how it is a trade secret and a copyright violtion. Copyrights go to the public domain eventually, or are "public works", so they cannot be a trade secret.

Or they are a trade secret and the code cannot be public at the same time so is not copyrighted.

hacker?

[jtalerico]

I do not see how he is a hacker? It was some guy that has Kazza running and came across something that seemed cool... So he downloaded it! How is that a hacker? I am pretty sure my grandmother could get a P2P program running and possibly come across the source code and download it. What a crock.

Re:hacker?

Yeah a true hacker would have downloaded the source code and made a new BSOD for it, an ansi art version. Then instead of selling it he would changed a few things in it and GPLed it.

Re:hacker?

[amliebsch]

a new BSOD for it, an ansi art version.

How exactly would that look different than the current BSOD?

Re:Hacker?

While the article may not be entirely clear on the subject, illwill was a Hacker. I can not attest to his skill level but his criminal record does prove that he has previously performed acts that meet the standard definition of Hacker. The fact that he was stupid enough to publicly offer to sell stolen goods (it doesn't matter how you get them, they are still stolen) does not revoke his capability to hack (though removing his hands might).

Re:Hacker?

[Itanshi]

well if he wasn't a hacker, he'd be giving up the posibility for another hacker to use the stolen code for misdeeds. So yes, maybe we should remove their hands mm?

Re:Hacker?

[trandism]

A bloody CRACKER... not a hacker, pls spare us from fox news terminology

Re:hacker?

[E++99]

IRC, he had a prior conviction for some hacking offense (and breaking into cars, etc). So I think he was a hacker, just not as related to this case.

Re:Hacker?

[bill_mcgonigle]

Fox News?

Why pay $200 when you can just get the BitTorrent?

He should have known it was entrapment,
because only a n00b or a fed would offer to pay $200 for something that can be downloaded for free.

Technically Speaking . . .

[Dausha]

"Microsoft Tricks Hacker Into Jail"

That's not a very good headline. I mean, aren't many /.ers who write code self-described hackers? This guy was trading in pirated software. So, he is a "Pirate," not a "Hacker." I'd complain about the editing, but this is /..

Ben

Re:Technically Speaking . . .

I'd complain about the editing

You just did.

And hacker is a catch-all for most pirates, crackers, phreakers, script kiddies, etc. Just deal with it and move on.

Re:Technically Speaking . . .

Man, can we get over this already ?

Re:Technically Speaking . . .

[s31523]

Yeah, not a good headline at all... Tricks? Come on! Sounds like a good ol' fashion sting to me. Ever hear about the cops who bust people by sending out fake lottery winning notifications? The headline should be "Mircosoft Suckers Wannabe-Hacker Into Jail".

Re:Technically Speaking . . .

[booch]

I would also suggest that he is not a "pirate". A pirate is one who uses physical force to take things away from people, leaving the people without those items. And likely leaving them without their life. The person in the story, while still committing a crime, did not deprive anyone from use of any item, and did not use any physical force or threats.

I have a bigger problem with the word "trick" in the headline. It implies that he wouldn't have committed the crime otherwise. And sting operations are fairly standard procedure in crime fighting.

Re:Technically Speaking . . .

[nneonneo]

Technically speaking, that's the Wired news title.

Though I do agree, the word hacker isn't even appropriate (it should be "cracker" if the man broke into a system, which he did not).

It should really be a generic criminal or a pirate.

Re:Technically Speaking . . .

[slavemowgli]

A pirate? You mean he sailed the seven seas, sunk other ships, stole their goods, raped their women and murdered the crew?

I agree that the headline is typical Slashdot flamebait and that it's important to point out the difference between hackers and crackers, but it's also important to point out the difference between copyright infringment, stealing and piracy - those are three very distinct things (and only two of them are criminal offenses, too, FWIW).

Re:Technically Speaking . . .

[Malc]

Perhaps one could argue he was just selling stolen goods. In which case "fence" might be a more appropriate label.

Re:Technically Speaking . . .

[gd23ka]

Yeah well you're right of course, technically speaking. But you know, this being /. and all that... It is however in its own right a pretty cool story about our favorite bunch of scumbags going after some poor mentally challenged jerk.

However the story I would have wanted to read would have had this headline: Hacker tricks Microsoft's Ballmer into jail. Now that's what I would really call a story.

Re:Technically Speaking . . .

[chicagotypewriter]

It should really be a generic criminal or a pirate.

It should be, but then who would read "Microsoft Tricks Generic Criminal Into Jail?"

Re:Technically Speaking . . .

I would also suggest that he is not a "pirate". A pirate is one who uses physical force to take things away from people, leaving the people without those items.

Yup. Exactly the same way how a person who copies another's writing is not a "plagiarizer" since a plagiarizer is a guy who abducts other man's child or slave.

Re:Technically Speaking . . .

[Dunbal]

Arr, ye call yeself a pirate matey?

      I stole the seven seas, raped their ships, murdered their goods, sunk their women and sailed their crew, arr...

Not a hacker, and not very tricked

[vm146j2]

FTFA Genovese would have had a viable defense had he gone to trial, because the documents were widely available on peer-to-peer networks at the time of the sale, said Mark Rasch, a former Justice Department cybercrime prosecutor.

"This guy didn't participate in the misappropriation, and probably didn't conspire with anybody to misappropriate it," said Rasch, a vice president at security company Solutionary. "Once it's posted online, it's just not secret anymore. At some point it becomes public information."

Microsoft must be getting really serious 'bout this issue; not any security issue, mind you, but a PR one, thats for sure.

They went after some guy who tried to sell what he found, and then was dum enuf to sell for $40 online, but who had no connection whatsoever to leaking anything, and, by his own description, is less than the sharpest tack in the bulletin board:

"Basically, everything I do, I do ass-backwards," Genovese said in an instant-messaging interview ahead of Friday's sentencing. "I like drawing, so I spray paint. I like music, so I took some radios of kids I hated in high school. I like computers, so I hack."

Selling other people's stuff that you find laying around may not be legal or especially smart, but making a big deal out of the 800 billion lb. gorilla "catching" a petty criminal in the act ain't much news, either, unless MS wants to spend their PR highlighting their own incompetence....Oh, now I get it.

Re:Not a hacker, and not very tricked

"This guy didn't participate in the misappropriation, and probably didn't conspire with anybody to misappropriate it," said Rasch, a vice president at security company Solutionary. "Once it's posted online, it's just not secret anymore. At some point it becomes public information."

This argument doesn't seem to have worked in regards to Scientology Documents....

Re:Ah, so THAT'S how they can get away w' entrapme

[CaymanIslandCarpedie]

You really have no idea what entrapment is do you? ;-) Did you just think it sounded cool?

$20!?

[Turn-X+Alphonse]

Who even gets out of bed for $20 these days? I'd want at least $50

Re:$20!?

[Zemplar]

"Who even gets out of bed for $20 these days? I'd want at least $50"

Apparently you've never even used windows. $20 is a rip-off!

Re:$20!?

[SlowEmotionReplay]

Stings just aren't as glamorous as they were in the old days. Remember when FBI agents would carry in a briefcase filled with stacks and stacks of unmarked $100 bills? I couldn't help but picture (in grainy, "secret camera" black and white) an undercover agent opening a briefcase to reveal.....two $10 bills.

William Gates...

[fitchmicah]

...deserves to get donkey punched

M$

[sloths]

Google doesn't trick people into jail.

Re:M$

[nanio]

Unless they're Chinese.

Re:M$

[Churla]

No, but given a chance I bet they will help the Chinese government put some there.

Re:M$

[pmenefee]

Google has done a very evil thing in China.

Re:M$

[sloths]

Censored, legal Google is better than no Google at all.

Re:M$

Not to create censorship technology is better than to create it.

Re:Semantics...

[Zuke8675309]

But that wouldn't have made for a good story on Slashdot...

The open source method

[quickbasicguru]

[Microsoft] has also expressed fears that making its source code public could allow hackers to find security holes in Microsoft products

I guess Microsoft thinks having many eyes on the source won't work as well as it does for the open source projects...

Re:The open source method

[claus.rosito]

yeah, right, making the source code makes software a lot more insecure and vulnerable to attacks, like linux, freebsd, etc.

we should start thinking about a campaign to make windows free software and open source. we should put the code in a public cvs or subversion server and start making a better and safer os out of it.

there is the example of transport tycoon, a great game written in the mid '90s. the developer didn't want to update it any further or add any new features. a group of enthusiasts created openttd (www.openttd.org), which is opensource, based on the original- and much better than the original.

Re:The open source method

[GrayCalx]

I guess Microsoft thinks having many eyes on the source won't work as well as it does for the open source projects...

Heh, right. Some cracker/hacker gets ahold of the MS source code, the first thing he does is :

1. Begin parsing the application for security holes, immediately plugging them when possible, adds an anti-virus kernel to it, and sends it back to Microsoft with a box of chocolates.

OR

2. Inserts an animated gif of Clippy performing some autoerotic asphyxiation.

Re:Semantics...

[Shihar]

Parent is absolutely right. The "summary" couldn't be any more wrong then it is.

First, this guy was not a 'hacker'. He downloaded the source from a P2P program. My mother could do that.

Second, if anyone had bothered to read the actual article, they would see there was absolutely no entrapment here. He downloaded the software and offered it up for sale on his website. The only 'entrapment' was that an agent bought what he was already offering. This guy was an idiot. He wasn't pushed by the authorities into doing anything illegal. Hell, he was the only one to be indited even though everyone and their dog has thsi source code because he was the only one stupid enough to try and sell what was freely avaliable. Not only that, but he already had a rap sheet.

This guy was just a moron, pure and simple.

I'm not even kidding now

[fitchmicah]

I just read the blog and it almost made me cry.

Trade secret law?

[Dr.+Manhattan]

My understanding was that if a trade secret gets out, the company doesn't really have any legal standing to go after people distributing it. They can go after the people who leaked or stole it, provided they actually did something illegal in the process of discovering it, but people that they give the secret to (so long as they weren't co-conspirators in the illegal acts) didn't do anything wrong under the law.

So apparently this is wrong, or at least has been amended a bit by the act referenced in the summary. Would this guy have been in the clear if he'd just been offering a trade secret for download? (With source code, it's complicated by the fact that the code is subject to copyright, too, though. What if we were dealing with, say, the formual for Coca Cola, to take the canonical example?)

Re:Trade secret law?

[elrous0]

My understanding was that if a trade secret gets out, the company doesn't really have any legal standing to go after people distributing it.

They do if it's copyrighted.

-Eric

Re:Trade secret law?

[damsa]

Normal trade secret law isn't a criminal issue. The economic espionage act is a Federal statute that covers "theft" of a trade secret that benefits a foreign nation, and includes provisions where anyone that tries to benefit economically from theft of a trade secret can also go to jail. It is something that is not widely prosecuted and the point is if MS didn't contact the Federal government, this guy wouldn't be prosecuted, whether that is a good thing or a bad thing I don't know.

Re:Trade secret law?

[E++99]

No, there's no difference. What he did was not illegal given the state of the intellectual property in question. On the advice of the public defender, he plead out for 2 years instead of the 10 he could gotten if convincted. However, with adequate counsel, there's no way in the world he would've been convicted.

Re:Trade secret law?

[pclminion]

They can go after the people who leaked or stole it, provided they actually did something illegal in the process of discovering it, but people that they give the secret to (so long as they weren't co-conspirators in the illegal acts) didn't do anything wrong under the law.

Uh... The dude was illegally distributing COPYRIGHTED material. Its trade secret status doesn't come into it.

Re:Trade secret law?

Then why was he charegd with taking a trade secret if trade secrets had nothing to do with it?

Re:Trade secret law?

Trade secrets are by defnition neither copywrited or patented.

Re:Ah, so THAT'S how they can get away w' entrapme

do you not understand how things work?

An undercover agent get's a retarted drug dealer to sell him a bunch of Crystal meth, dealer get's busted. Duh, this is how police have worked for thousands of years.

Just because you have no idea how law enforcement works does not make things any different.

Microsoft Entraps Downloader into Jail

[db32]

Seems like a more appropriate headline. But how can you blame Microsoft? I mean really, the Microsoft vs DoJ thing already proved the DoJ and legal system really isn't doing their jobs well, so its only logical for Microsoft to step in and help them right? We should all thank MS for using their money exposing the inherent weaknesses in our judicial system, and then using more of their money to help patch it up themselves! Gates, Redmond Ranger.

Re:Microsoft Entraps Downloader into Jail

[Americano]

Wow. You need to actually RTFA, and understand that words have specific meanings.

Entrapment:

In jurisprudence, entrapment is a procedural defense by which a defendant may argue that they should not be held criminally liable for actions which broke the law, because they were induced (or entrapped) by the police to commit said acts. For the defense to be successful, the defendant must demonstrate that the police induced an otherwise unwilling person to commit a crime. However, when a person is predisposed to commit a crime, offering opportunities to commit the crime is not entrapment, such as in the widely held misconception that policemen must answer questions truthfully if they are asked the same question three times, or that they must say "yes" if asked if they are a police officer.

This guy offered the code for sale. He was not unwillingly "induced", or "coerced" to sell it. This is NOT entrapment.

That said, he is also not a simple downloader. Before your heart starts bleeding for him too badly, look at his criminal history, discussed in the article. Mostly small-time stuff, but, FTFA:

Government court filings show the Connecticut man has an extensive record of mostly petty crimes, beginning with a 1996 conviction for criminal trespass for spray painting a bridge, followed by a rash of thefts from motor vehicles and a burglary conviction. In 1999 he was convicted of "breaching the peace" by assaulting the mother of his child, according to court records. At the time of the source-code sale, Genovese was on probation for computer trespass and eavesdropping after breaking into some private computers and installing keystroke-logging software.

So let's see. He downloaded a copy of proprietary source code. He then tried to make money by selling it on his "hacking-related" web site which he operates. He also is on probation for breaking into some private computers & installing key logging software. In the very BEST light possible, he's a small-time cracker & pirate, with a history of stupid criminal behavior.

Just because Microsoft chooses not to release its source code does NOT give someone else the right to take it, and then attempt to profit by reselling that source code. Like it or not, whether or not they open-source their operating system is their CHOICE (isn't that one of the fundamental principals of the F/OSS movement?), not yours. You may not like their choice, but that doesn't give anyone the right to "correct" Microsoft's choice because it's not the same choice RMS would make.

Re:Microsoft Entraps Downloader into Jail

[db32]

I said nothing about whether or not he deserved it, nor was I saying anything about if MS chooses to release their code or not. I also wasn't being terribly serious as you seem to be quite up in arms about these imagined points. I was just sort of making a jab at MS taking over the policing duties after they beat the law themselves. You know..the irony of MS stealing code...and then having their code stolen...Please calm down...

Re:Microsoft Entraps Downloader into Jail

Do share with us the code you believe they stole. As far as I can tell, they use some BSD licensed code, but no GPL'd code, or otherwise copyleft.

Sure, they use some rather shady tactics, but everything they do is completely legal.

Re:Microsoft Entraps Downloader into Jail

[db32]

Uhm...mostly referring to the whole Apple vs MS fiasco... I don't know about cut and paste code theft, but MS has had a tendancy to say "Hey sure we will work with you" and once they get a good look at their new partners stuff "Oh we are sorry, we are gunna go it alone". And uhm completely legal? I don't quite follow how you can consider what they do completely legal when they have been found, in court, to be doing illegal things. But hey whatever.

More stupid than criminal

[bender647]

When I first read these types of articles, I usually think, that's outrageous, he didn't do anything, the code was already leaked, now the poor sap has a conviction for something trivial.

Then I realize, hey, I'd NEVER post stolen code or offer stolen code for sale on my website. Its friggin stupid. Its obviously stolen and obviously illegal and completely traceable to me. I'd expect to have the FBI knocking on my door if I did something so stupid. Like many criminals, this guy didn't cause any real harm but completely lacks judgement. Now he'll suffer a bit for it.

Re:More stupid than criminal

[fitchmicah]

Why not? There are warez FTPs and Hotlines and stuff that offer to sell you downloads... people post tons of crap on the internet... why isn't the FBI tracking down on people who buy domains and use them for kiddie porn? Look, this guy didn't do /anything/ ! This is completely ridiculous!

Re:More stupid than criminal

The same is true of all criminals -- the low-level stupid ones get caught and punished first. Who is more likely to get busted for theft -- the organized crime ring, or the crackhead who breaks into cars right in front of the cops?

Re:More stupid than criminal

[E++99]

Yes, but the fact that he's stupid doesn't make it any less outrageous.

Re:More stupid than criminal

[walt-sjc]

What's outrageous? The fact that MS and the feds are celebrating as if they have caught a criminal mastermind or the fact that this idiot, who has a history of criminal activity, is spending jail time for breaking the law again?

Re:More stupid than criminal

[E++99]

The fact that the idiot is going to spend two years in jail for having a bad lawyer.

Yeah, they are right.

[BoneFlower]

Sharing the source code would make it easier to find bugs. I don't think anyone seriously disputes this.

Thats often the entire point. The hardest part of fixing a bug is often *finding* it. Unless you would prefer to leave it alone and hope for the best, you want your bugs, especially critical security flaws, to be found as quickly as possible so they can be fixed.

Re:Yeah, they are right.

[fitchmicah]

I don't think you understand... no, they are wrong. You don't put a random dude in jail for two years just because you can.

Re:Yeah, they are right.

[Shivetya]

Actually I find it harder to get people to fix the bug after its been identificed. While some of our maintenance programmers may get around to it most of the programmers are more interested in writing new code or major changes to an existing program. Fixing bugs isn't as glamorous as doing something new.

The other side is that you can fix the bug but dependancies may introduce something new that is as bad or worse. That leads the fixing programmers into a bind, that of it being an obvious fix but having to make sure what they doesn't lead to more. You then have people clamoring for their heads because they are taking to long or going for their heads after the fix because something was missed.

Source code availability to the public isn't going to do THAT much more to help find the bugs. Given our present day environment it would lead to exploitation of more bugs. There are far more people out there who would want to damage products than help. Besides, if bugs were easier to identify if the source was available many of the OSS programs should be bug free, eh? :)

Re:Yeah, they are right.

[megame]

I'm developer and I can tell you that you don't find bugs using source code. Not that you can't - sometimes when developers are really bad you can find bugs just by looking at the source, but bugs are found through process of testing. Code review is something that is done in most companies, but it can only detect a very small amount of bugs.

So, yes - event open source projects have bugs. Some more than others.

Re:Yeah, they are right.

[Shadow99_1]

"You don't put a random dude in jail for two years just because you can."

Now that is funny... Do you really believe that doesn't happen every day? Because if you do I have news for you...

I'm guessing you've never heard of corrupt cops, attornies hired as if they were hitmen, or any of the various other applications of 'justice' that go on all the time...

I grew up in a small town with a corrupt police force ruled by a meglomaniac police chief. I've witnessed peopel being arrested and charged with 'crimes' because someone could do it. I've witnessed a 'police officer' blackmail someone who decided there only way out of the situation was to kill the cop (he feared for his life because he wasn't meeting the demands the cop was making). They both died in the end in a gun battle at night in downtown. The blackmailed guy shot the cop twice with a derringer and the cop shot the guy 6 times with his service issue revolver. The funny part is that the police chief covered up the blackmail from the county investigators and made the cop into a 'hero protecting our fair city'.

Fortunately the chief of police had to retire (mandatory retirement age for the state) and without him the police got cut down to two officers who have almost no power and we rely on the state police instead now where I grew up... That MS can make this happen doesn't surprise me one bit.

Re:Yeah, they are right.

[fitchmicah]

I know they can, but that doesn't make it OK...

Is somebody missing a sig?

[vm146j2]

FTA I like music, so I took some radios of kids I hated in high school. I like computers, so I hack.

The hacker's code...

In related news...

[should_be_linear]

... Remainings of MS lawer that tricked Don Vito Genovese's grandson into jail found in shoebox.

Hacker outsmarted by Microsoft?

[dcavanaugh]

Now that's news.

Re:Hacker outsmarted by Microsoft?

Yeah, unfortunatly, in order to do it, they had to stretch the definitions of both hacker and outsmarted to an extreme. Even then, though, it wasn't Microsoft that did the "outsmarting" it was a private investigater hired by Microsoft.

Re:Ah, so THAT'S how they can get away w' entrapme

[ScentCone]

I see now. Since the government isn't supposed to engage in entrapment, private companies will. And since private companies are now becoming increasingly indistinguishable from governments... I guess we're all fucked.

Are you so anxious to hate private businesses, and to think it's cool if people try to make $20 off of their stolen source code, that you're willing to pretend this jerk didn't advertise for the sale of the source code on his own web site? He wasn't "entrapped," he was advertising stolen stuff. Plus, he's obviously a complete moron.

As for private companies looking after their own welfare... why do you supposed that retailers are forced to have security guards? Retails stores, especially the ones selling expensive, eBay-friendly stuff, are hit constantly by shoplifters and scam artists. But most local taxpayers would scream bloody murder if they had to pay for enough police officers to have one on hand in every department store in every mall, 7 days a week. So, private security is a big and (unfortunately) completely necessary line of work.

You also seem to be forgetting about corporate/international espionage. Companies working on competitive products - especially those performing very expensive research - have to be continually vigilant against both inside and outside theft of their trade secrets, materials, financial plans, marketing campaigns, etc. If they don't use private security to help them deal with that, their only choice is to just put up with the consequences of seeing, say, a factory in China starting up production on something that the ripped-off research company just spent millions of dollars figuring out how to make, or they could... ask the government to provide trade security for every company? What would you say then, that the taxpayers are being forced to serve the coporations, blah blah blah? Exactly. So, when a company with a lot at stake has their own security people urgently tracking down people that are ripping them off (even some complete idiot advertising astoundingly sensitive stolen O/S source code for sale on his web site, and willing to take $20 for it), you can hardly bitch. Unless your position is that it's cool to steal sensitive information and sell it, in which case, let's start with yours: I can probably make $20 with your SSN and some other personal details. And that's too small to bother the police with, so I'm home free since you clearly don't think it's ethical for you to personally track down someone who rips you off.

Oh, and try one of those fancy new high-tech online dictionaries. You can immediately, and without fear of prosecution, learn what entrapment actually means.

So what?

[AlvySinger]

No problem here, surely. Bloke caught for doing something wrong. Large organisation protects its IP.

Asserting that code in the public domain might cause security problems is just spin consistent with protecting IP. It's PR and would anyone here expect anything different. Might not be convincing but MS wants its code to itself, sees it as IP and wants to keep control over it. How is this different to any other organisation? Deride MS for being closed but if it acts consistently, where's the problem?

Wasn't there a war recently where the justification didn't really appear to reflect reality? Unless this guy is some kind of freedom fighter then where's the issue?

Re:So what?

[E++99]

The issue is that the only clear crime was that of leaking the code to the public. And that was committed by someone other than the person going to jail.

Re:Semantics...

[RandoX]

He downloaded the source from a P2P program. My mother could do that.

Really? Would she be interested in selling it? Please, speak a little louder... :)

Re:Semantics...

[Basehart]

"Hell, he was the only one to be indited even though everyone and their dog has thsi source code"

After reading this I became curious and checked my dog's bedding, and sure enough I found a copy of the Microsoft source code.

I wonder

If he was convicted, then the evidence (ie. the source code) should be part of the court proceedings, and available to all. Unless the court decided to seal them. I wonder...

Re:Ah, so THAT'S how they can get away w' entrapme

Actually -- it is EXACTLY like entrapment.

Entrapment is not illegal -- its just not allowed by gov't agents. If someone burglerizes your house and you hear that a local scum merchant has gotten his hands on it -- you can give the pawnshop owner $200 to 'find' this shit telling him there was something that you didn't want the owners to know about in it and if just out of the goodness of his heart, he seems to find it -- you can call the police and have his ass arrested. He has proven he didn't care that he was selling it back to the rightful owners and was willing to sell stolen goods to the highest buyer.

This is a form of entrapment. And its legal. And its not even immoral.

In this case, the guy has a website where he is BRAGGING that he has something that he didn't even have, someone offers him money for it and he goes out and finds it -- because, well, he was hard up for the cash and like, errr, everyone is doing it anyways -- this guy is both an idiot and a criminal and deserves more jail time for the idiot part than the crime.

Its as if he were bragging that he found a backpack full of drugs to all his friends and one of his friends dads tried to buy it off of him....hmmm...I could actually make some money on this...and goes out and finds some drugs and sells it to him. There is no difference in the eyes of the law in that, no, he wasn't a drugdealer until someone enticed him to do so, but he had already set the wheels in motion that pushed himself to it.

In the nonhypothetical, he could have told the guy no -- I don't have the Microsoft stuff and never have -- but he kept the deception up and even the second go around when he DID claim he no longer had it -- he still said he could find it again and get it to him.

Again, this is entrapment...and entrapment was barred from law enforcement solely because guys that weren't involved with ANYTHING and never claimed to be were being asked to do something that a reasonable person might undertake given the circumstances (Hey guy, I have $5k if you can point me in the direction of a drug dealer -- I *HATE* drugs and for that kind of money, I might point the idiot in the way of a drug dealer as well). An average citizen or even a corporate citizen is under no such obligations -- and yes, it can still be argued in court that it was entrapment and a jury would listen and judge based on that...I know the times I've been in a jury I've voted with both the law AND what a reasonable person should have done -- and I know others that have done the same thing (i.e., Jury Nullification...it should be taught to EVERY citizen...I don't think that if you nullify one case it should set precident for others, but I think in specific cases, it is very useful and every case should be judges on both law and what a reasonable person would do).

Anyhooo...posting this anonymously because of my employer.

FUD - And A Weak Security Tactic

[ausoleil]

Microsoft, ever the marketing company and ever the master of Fear, Uncertainty and Doubt uses this sting operation to tout once again that open source software MUST be less secure because the source code is out there.

"...expressed fears that making its source code public could allow hackers to find security holes in Microsoft products..."

But theirs is not, because the source code is super-uber-duper Top SECRET.

And that is FUD as usual.

Oddly, the most notable open source OS, Linux, is more secure, partially because of its design (not letting every tom, dick and harry process have access to and control of the kernel) and also in large part due to the fact that people CAN inspect the source code and create fixes for security holes that inevitably emerge.

Security through obscurity has never worked, and one would think Microsoft would be smart enough to realize that by now. They undoubtedly do realize that, but don't want you or I to, otherwise we will not be willing to pony up license fees for their OS when free alternatives are there for the
(legal) downloading.

But never let something good like MS catching pirates pass without turning it into an opportunity to FUD some more.

Re:FUD - And A Weak Security Tactic

[Bacon+Bits]

You're missing the obvious: If source code is stolen, then primarily only the black hats will get it. Legitimate users, which 99% of people who look at FOSS code are, basically don't exist in the black market. The code is closed. It's not like Mr. Russinovich is going to submit a bug fix because he read stolen code.

Re:Ah, so THAT'S how they can get away w' entrapme

[Jamesonius]

For everyone who's ready to jump on this and scream "Entrapment!" let's do two things first:

1. Read TFA. From TFA: "Like many others, Genovese downloaded a copy. Unlike others, he posted a note to his website offering it for sale."

2. Learn TFD of Entrapment. From Wikipedia: Entrapment is when someone is "induced (or entrapped) by the police to commit [a crime]. For the defense to be successful, the defendant must demonstrate that the police induced an otherwise unwilling person to commit a crime."

Come on everybody, think. You hear Microsoft and US Government and you assume they set the guy up, cuz they are *always* wrong.... He knowingly broke the law, he did that a lot. No news here.

more likely patent infringement

More likely, Microsoft is afraid patent infringements will be found.

paid way too much

[suezz]

you couldn't pay me to take or look or do anything with microsoft's source code. microsoft seems to think that it is valuable or something.

well here is message to bill - if your source code went to cyberspace heaven today the world would still function fine without it.

so please take and keep your source code to yourself and go play with it by yourself.

Re:paid way too much

[Jetekus]

A little naive, surely. If ever computer in the world that runs Windows suddenly broke, I think the world would have a pretty tough job coping, at least in the short term.

Re:paid way too much

[suezz]

I beg to differ - even though this wasn't my point I meant if they went broke and quit selling their software - computers will still be running - the world would still survive.

But to argue your point anyway if people in IT knew what to buy and what they were doing their shop should be able to survive without microsoft and their business should be able to function.

I know my shop would - but we don't allow microsft on the extranet or on any revenue generating servers (or any servers for that matter).

we also keep some linux live cds on hand for emergencies so people would still be able to get email and internet.

anybody that builds their infrastructure on windows is just plain nuts. all our email, dns, dhcp are linux/unix based boxes and have ran for years.

Re:paid way too much

[Dunbal]

If ever computer in the world that runs Windows suddenly broke

      Every Windows computer in the world has broken/BSODed/been pWn3d, only not all at the same time...haven't you noticed?

DOS

This reminds me of DOS. How Microsoft resold something that they came across and called it theirs. This guy was trying to make a quick buck. Microsoft should be putting him in their hall of fame or at least give him a job.

Apple

[Frankie70]

Google doesn't trick people into jail.


After drinking Steve Jobs' koolaid, people would
voluntarity go & get themselves arrested, if Jobs
asked them to. And would even pay daily board &
food charges at the jail.

Re:Apple

Steve jobs would never trick us into surrendering for the "man". We might be convinced to work picking apple's so your kid gets his Cider though! Fruit rules!

Re:Apple

The iCell?

~AC~

This is wrong on so many levels.

[houghi]

The first thing that bothers me is that a private company takes reasearch into their own hands. If they see such a thing, then you should go directly to the police (or FBI or whatever).

Second is they they use an anti-spy law. As if trying to say: Hey, we cought somebody. What is the law that fits this and will put him away for the longest period of time?

Yes, he was an idiot who did something wrong, but three years?

Re:This is wrong on so many levels.

[gedeco]

A few things are bothering me

The FBI agent attempted to buy software publicaly available through P2P!
This sound like wasted tax money.

What if he told the FBI agent: Just sent me a CD, i'll burn the stuff and Federal Express will charge you for the delivery costs!

Re:This is wrong on so many levels.

[nilknarf]

Then he would be only slightly less stupid.

Re:This is wrong on so many levels.

[suwain_2]

a private company takes reasearch into their own hands.

This doesn't bother me at all. They're not going out and arresting people, they're simply proactively protecting their trade secrets. And if they had run to the police the second they found something with a name suggesting it was theirs, we'd have millions of frivilous lawsuits going on. (The RIAA is known for this, but does anyone else remember someone getting a scary letter from either SPA/Microsoft because they hosted OpenOffice, which was mistaken--based on filename--for Microsoft Office?)

Second is they they use an anti-spy law.

That is strange. However, the guy either violated that law, or Microsoft is really dumb: if they lose, they can't try again under a different law. It does make a little sense, maybe: he's selling their trade secrets, which is a form of corporate espionage, although it sounds like he's pretty far removed from the actual espionage.

What is the law that fits this and will put him away for the longest period of time?

Nothing out of the ordinary here.

A public service announcement

[Merle+Darling]

Ok, first of all I think it's weird that MS can claim the source code is a trade secret in the first place. It's my understand that in order for something to be classified as a trade secret it would have to be kept secret, and people who take it and distribute it would have to be pursued and dealt with. otherwise the company loses its right to claim it as a trade secret. Witness how little (if anything) they've done about the code being swapped around for years now. Then again, IANAL, ISUCK, etc.

Regardless, the guy was convicted of selling stolen trade secrets. He was a dumbass for selling it in the first place, but I digress.. It turns out that the penalty for POSSESSION of a stolen trade secret is up to 10 years in jail and a $250k fine. It's worth considering for those of you who might have copies stashed away in backups somewhere just for the hell of it.

Not that I'd ever stoop so low as to possess stolen trade secrets, of course..

(runs off to scour his hard drive)

I wonder how hard it would be for MS to decide to scan your system for files with names matching those discovered on p2p networks. They could stick it in that monthly "Malicious Software Removal" tool in Windows Update, even. Ouch. I doubt it would work as evidence in a court but it would give them reason to suspect you or to attempt to gather evidence that WOULD stand up if they really wanted to bother charging everyone.

Re:A public service announcement

[isorox]

I wonder how hard it would be for MS to decide to scan your system for files with names matching those discovered on p2p networks.

Several options. I'm not a paranoid freakahholic so
1) Crack ssh key and log in via ssh from my work's subnet
2) Write some form of trojan that will break exim, apache or similar, and then manage to move from my server to my laptop
3) Crack apt-get upgrade

All of which is illegal in my country (although with #3 it wouldn't be a crime against me, but a crime against the owner of the repository (or somewhere furter upstream)

Re:Ah, so THAT'S how they can get away w' entrapme

Since you have no idea what entrapment is (hint it involves more than lying to someone) here is what it means.

In jurisprudence, entrapment is a procedural defense by which a defendant may argue that they should not be held criminally liable for actions which broke the law, because they were induced (or entrapped) by the police to commit said acts. For the defense to be successful, the defendant must demonstrate that the police induced an otherwise unwilling person to commit a crime. However, when a person is predisposed to commit a crime, offering opportunities to commit the crime is not entrapment, such as in the widely held misconception that policemen must answer questions truthfully if they are asked the same question three times, or that they must say "yes" if asked if they are a police officer.

By definition, if its not entrapment unless its a government agent doing it. Also, your (wrong) defination seems to think the only requirement for entrapment is there must be some (any) enticement! By that definition basically everything anyone does would be considered entrapment! So if someone robs a bank because they want money. Then the money enticed them, so they were entraped? Or if I eat a humburger because it sounds good and entices me, have I just been entraped?

I know illwill, he's not that bad...

[Afecks]

I've known illwill for a very long time. We've both been in the same 'scene' for quite a while. The Windows backdoor programming scene. Most of the people in our little niche are sociopaths pure and simple. We know it's wrong but we don't really care. Saying illwill was tricked is pretty stupid. He knew it was wrong, he didn't care and he assumed no one else would. It's the same for many others, we just simply don't care. Now I'm sure illwill cares about going to jail for 2 years but that's fear of punishment, not fear of wrong doing. I'm sure even some of the more sane serial killers value their freedom.

This being said, Microsoft has won nothing. He was responsible for distributing the source code to exactly 1 person, a Microsoft snitch. If it wasn't for the snitch taking him up on his offer there would have been nobody that cared. Taking away 2 years of a persons life over such trivial shit is appalling and only serves to make us more numb and hateful to the laws of our society.

That being said, good luck illwill, we're going to miss your exploits and granny pr0n that you've posted in #trinity over the years!

Re:I know illwill, he's not that bad...

This being said, Microsoft has won nothing. He was responsible for distributing the source code to exactly 1 person, a Microsoft snitch. If it wasn't for the snitch taking him up on his offer there would have been nobody that cared.

How do you know? Besides, if "illwill" thought that nobody would care, why did he bother trying to sell it anyway? And doesn't the fact that he actually sold it twice say that he actually believed people wanted to buy it? Intent is everything in criminal matters.

Even if nobody would have cared, this is still important in setting a precedent that selling someone else's source code isn't ok.

Taking away 2 years of a persons life over such trivial shit is appalling and only serves to make us more numb and hateful to the laws of our society.

For someone who has already admitted to not caring one bit about doing things that are wrong, it's quite amusing to hear you denounce someone else doing such things as "appalling". Not so fun when the tables are turned, eh?

I'm glad this idiot is going to jail, and I would probably be if you did to. I have little sympathy for sociopaths who don't care about hurting others, as do the rest of the world.

Re:I know illwill, he's not that bad...

[Afecks]

How do you know? Besides, if "illwill" thought that nobody would care, why did he bother trying to sell it anyway? And doesn't the fact that he actually sold it twice say that he actually believed people wanted to buy it? Intent is everything in criminal matters.

I know because he told me. He sold it twice to the SAME person. The Microsoft snitch. Nobody else cared. Why on earth would anyone with half a brain buy something that was available on every P2P network? How does stopping illwill from selling Microsoft their own source code help Microsoft? Why not find someone who actually distributed to more than just a Microsoft snitch? Maybe because they just wanted someone to take the fall?

Even if nobody would have cared, this is still important in setting a precedent that selling someone else's source code isn't ok.

That precedent's already been set plenty of times. There is no question of it. The only issue I have is that 2 years is quite a long time for such a trivial matter.

For someone who has already admitted to not caring one bit about doing things that are wrong, it's quite amusing to hear you denounce someone else doing such things as "appalling". Not so fun when the tables are turned, eh?

The tables have not turned. This doesn't affect me. I'm neutral in this and my opinion comes just as an average person, nothing more. Besides that, I never said I didn't care. I said the 'scene' as a general rule doesn't care. I'm a rare breed. Which is probably why I'm still free. I care about everyone. I'm one of those crazy people that feel the punishment should fit the crime and criminals should be reformed, not punished. Giving someone 2 years in jail for a victimless crime isn't right.

I'm glad this idiot is going to jail, and I would probably be if you did to. I have little sympathy for sociopaths who don't care about hurting others, as do the rest of the world.

Wait, you want me to go to jail too? Wow, you're pretty forthcoming with taking away people's freedom and your attitude matches that of the judge. Seems like an ignorant and hateful viewpoint. People like this need help not punishment.

There is no question that what illwill did was wrong. The only question is what his punishment should be. It seems like taking 2 years away from his life and locking him up with people that will only teach him how to be more of a criminal is just... STUPID!

Guess what else, the source code is still available on any P2P network. I counted 1500+ sources for "windows_2000_source_code.zip" and that's just one network. So please tell me what the point was of illwill getting sentenced to 2 years? Other than making the DA and Microsoft look good that is...

Tricks? Hacker?

[vandenh]

This guy is just a thief.. selling illegal stuff on the internet. No excuse!

Please note he also has a string of previous offenses. Please don't let your hate for MS turn this guy somehow into a hero.

Re:Semantics...

[hunterx11]

Private citizens or entities cannot commit entrapment unless they are acting on behalf of the government. Microsoft could have blatantly pushed Genovese into doing something he otherwise wouldn't have done, and he would still be guilty (although in such a case, Microsoft might be guilty as well).

Re:Ah, so THAT'S how they can get away w' entrapme

No dumbfuck,

I was talking in laymans terms and nothing more.

Any non-dumbfuck would have understood this is EXACTLY what I was saying.

Entrapment can be non-governmental -- but there is not a law on file for it BECAUSE IT IS NOT BREAKING THE LAW. Of fucking course they will specifically only talk about police and gov't officials in a law SPECIFICALLY BARRING POLICE AND GOV'T OFFICALS FROM ENGAGING IN THIS ACTIVITY.

You sir are a dumbfuck. I'm sorry that it had to get this low, but idiots need to be treated with the level of intelligence that they understand. I have no need to potificate the finer points with an idiot that thinks he is a genius because he can use google.

Re:Ah, so THAT'S how they can get away w' entrapme

[InsaneGeek]

Not only do you have no clue what entrapment is, you can't even read the linked story:

"Like many others, Genovese downloaded a copy. Unlike others, he posted a note to his website offering it for sale.

According to court records, an investigator hired by Microsoft took Genovese up on his offer and dropped two Hamiltons on the secret source code. The investigator then returned and arranged a second $20 transaction for an FBI agent, which led to Genovese's indictment under the U.S. Economic Espionage"

Follow me here, from the article: he downloaded it, offered it up for sale on his website and *after* that Microsoft came back and purchased the code which he posted he had and was for sale. After they did that, they dropped a note to the feds that a guy was selling the shit and to gather even more evidence they can do it to. Note the timeline as to what happened here? You can follow the timeline of events can't you (let me repeat it because it might take a couple of times to get through your thick head)

1) he offered to sell it on his website before anybody talked to him
2) Microsoft guy finds that he has made a offer of selling it on his website
3) Microsoft guy gives him $20 for his made offer
4) Microsoft tells feds
5) Feds do it to
6) Feds nab him
7) You like a complete moron think that's entrapment and continue arguing that it is

You aren't that stupid are you?

Whored Jewels!

[twitter]

Come on - anybody can code up a BSOD if they really want to.

Sure, but your friends at the former KGB, and Communist China have an inside perspective. But hey, if you can sell crap like that to places that safeguard your countries most important secrets, why not share it with your enemies? You know they in turn are sharing it with their friends in North Korea, Pakistan and elsewhere. Terrorists indeed. No need to worry about that stuff proliferating because it's already gone. Given such an irresponsible sales record, it's hard to imagine them calling the source code a trade secret.

What could be more important than making a buck? Certainly not the freedom of some poor dope who thought he had something of value in his hands. Why, if he could do it anyone could and M$ would dissapear and the terrorists would win, right?

I can't believe they would try to trot out the terrorist bogey man.

Re:Semantics...

You should really house train that animal...

Re:Ah, so THAT'S how they can get away w' entrapme

I'm commenting on his side of the story.

On his website he CLAIMS that he never offered it for sale -- only bragged that he had it. He claims the microsoft shill sent him an anonymous email asking to buy the software and he thought it might be a good idea to make a little extra cash. He claims that he never once thought of selling it, nor offered it for sale, before the shill had contacted him.

My point is that even if his side is entirely correct and that he hadn't initially done anything wrong except lie about having stolen ip, he was entrapped. Legally. And he deserved it.

To be honest, the gov't could be entirely correct and he did offer it for sale before they even contacted him. I'm taking the 'hackers' point of view for this exercise. Its the closest we have to the truth and still implicates him fully. The Gov'ts side is more clear cut...but taking the lesser of the two, we still come to the same conclusion that he broke the law.

If the gov't is right, then there was never entrapment.

If he is right, there was entrapment -- but it was from a NGO and thus legal.

Do you see my point?

Again, as a coward as I work for a governemental agency...they don't like shades of grey here -- even when I am essentially backing them up.

Re:Semantics...

"Hell, he was the only one to be indited even though everyone and their dog has thsi source code"

After reading this I became curious and checked my dog's bedding, and sure enough I found a copy of the Microsoft source code.
 
... the grandparent post has ensured that everyone has acquired the source using their dog as a distribution system! Of course this can only lead to one conclusion: all dogs and their beds should be made illegal... because... you know... if we don't, the terrorists win.

you call this a hacker?

[amnesiaWind]

ROFL! if this is what the world thinks a hacker is, then real hackers everywhere can breath a sigh of relief - the authorities don't have a clue or a chance.

Microsoft: Tell us the REAL reason!

[Sierpinski]

The real reason they don't want "just anyone" to see the source, or open it up to the public in general, is because they know that probably several thousand people (if not more) will completely re-engineer it and actually make it a relatively secure and/or stable operating system, and they don't want to be upstaged by some 15 year-old kid from Topeka.

Now what they SHOULD do is hold a contest, redesign/engineer Windows, and if you do a good-enough job, you get something... free Xbox360, a job, cash prize, whatever. Or they can mix-and-match components that various people design. They could take the best of all the submissions, have a great, stable OS, then it'd be just like Lin...... err... wait, nevermind, they'll never go for that.

Re:Microsoft: Tell us the REAL reason!

People like you wouldn't even get a first interview on a company like MS, so perhaps you should at least try to think a little before accusing professionals of incompetence.

Please grow up.

Re:Microsoft: Tell us the REAL reason!

[Sierpinski]

Funny thing, I did have an interview at Microsoft... I had a second interview at Microsoft. I withdrew from the position I was considering since I was offered a better deal locally.

Apparently you can't recognize an apparently failed attempt at a funny post. No skin off my back, because even if it wasn't, I still couldn't give less of a shit what you (as AC nonetheless) thought about me. In fact, I don't even really know why I replied to this, but I'm not cancelling the post now since it would be a waste of my keystrokes.

On a side note, can you really say that Microsoft has no incompetence? Have you seen the list of security flaws, bugs, etc. in their software? That's not to say any other company is perfect either.

Re:Ah, so THAT'S how they can get away w' entrapme

[InsaneGeek]

Again, even under his explanation that still *doesn't* fall under entrapment

http://www.lectlaw.com/def/e024.htm

"However, there is no entrapment where a person is ready and willing to break the law and the Government agents merely provide what appears to be a favorable opportunity for the person to commit the crime. For example, it is not entrapment for a Government agent to pretend to be someone else and to offer, either directly or through an informer or other decoy, to engage in an unlawful transaction with the person. So, a person would not be a victim of entrapment if the person was ready, willing and able to commit the crime charged in the indictment whenever opportunity was afforded, and that Government officers or their agents did no more than offer an opportunity."

Re:Those guys at Microsoft are smarter

[hey]

Wow, they caught a guy advertizing the code for sale. Genious!

Ob. Simpsons

[bignobody]

"$20 can buy many peanuts" "Explain how!" "Money may be exchanged for goods and services"

Oh no!

[Angelox]

"[Microsoft] has also expressed fears that making its source code public could allow hackers to find security holes in Microsoft products"

We wouldn't want THAT to happen ...

Re:Ah, so THAT'S how they can get away w' entrapme

As I've said in another post (below mine to another AC),

Entrapment is a legal term derived from a laymens term.

Entrapment is only nonactionable if it is from a governmental agency. From a NGO -- it doesn't elicit a law because there is no law broken. The US defines laws as to what is unacceptable not towards the acceptable.

The 'hacker' claimed to have something but claimed not to be selling it. He was enticed to do something illegal. That is the dictionary terminology for entrapment -- enticing someone to do something illegal to catch them in the act for something they did no plan to do in the first place.

The legal definition and the laymans definition do not line up -- as we find with most legal definitions, occasionally the law does not even find itself in agreeance with the laws of physics or time space. The law is simply that -- the law. The actual act of something, however, can be something entirely different.

The 'hacker' was entrapped. It was legal.

Re:Ah, so THAT'S how they can get away w' entrapme

[Geoffreyerffoeg]

Since the government isn't supposed to engage in entrapment, private companies will.

You give way too little credit to the government. They could just have avoided coming up with the idea of entrapment in the first place. All of these defenses and legal terms were either coined by the government (through civil law), or used by a clever lawyer and accepted by the judge (through common law). If they wanted to, they could've built a Star Chamber. They haven't*. Here's a surprise: the justice system is actually meant to carry out justice.

Why should private companies be distinguishable from governments? In a capitalist society, private companies are the best group of the people - and where have you heard those last three words before?

*Yes, I know there are some Star Chambers in the US, but they're only used for a few cases like terrorism where you can't get a fair trial in the US anyway. Not that I'm defending them, just that this particular case will be tried in a fair courtroom.

Re:Ah, so THAT'S how they can get away w' entrapme

[Uber+Banker+in+China]

The English language is a wonderful thing. Part of it being wonderful is having a variety of words to accurately describe a variety of situations, another part is the 'fuzzy' comprehension of words writers or readers may not be familiar with.

Your parent presented the difference of enticement and entrapment. The article details enticement and a 'sting' rather than entrapment.

You state (in the parent) Entrapment is not illegal -- its just not allowed by gov't agents. This is true. It is even legal for government agents to entrap (it is against their rules of conduct, rather than laws of legality), but they may not bring a case to prosecution on the basis of entrapment, and a case may easily be thrown out if it becomes clear they have used entrapment.

Entrapment can be non-governmental -- but there is not a law on file for it BECAUSE IT IS NOT BREAKING THE LAW. Of fucking course they will specifically only talk about police and gov't officials in a law SPECIFICALLY BARRING POLICE AND GOV'T OFFICALS FROM ENGAGING IN THIS ACTIVITY.

Now this is where you logic of "I was talking in laymans terms and nothing more. Any non-dumbfuck would have understood this is EXACTLY what I was saying" breaks down. You firstly talked about the legal definition, even citing your perceptions of the law relating to government bodies, then contradicted yourself by saying (after the event) this is not what you meant.

That is why the English language (and practically almost every other human language on the planet) is a wonderful thing. There are words which mean certain things. That is also where human comprehension is a wonderful thing; we cannot expect everyone to speak like a PhD thesis so we piece together potentially inconsistent uses of words with the context they are used in (as is grammar and spelling to other degrees). You, sir, failed to use the word correctly, but more importantly "I was talking in laymans terms and nothing more" failed to help a lay(or any other)man understand what you actually meant, by being internally inconsistent.

Funny

funny thing is that even microsoft paid only $20 for the source. Howz that for valuation?

Re:Funny

[dotgain]

What's really funny is they incorported a few bug fixes he made back into the mainstream source.

On helluva deal...

source code transparancy & security

[Helmholtz]

The comment:
"...[Microsoft] has also expressed fears that making its source code public could allow hackers to find security holes in Microsoft products..."
reminded me of something I've often thought while glacing over the "who has more security holes/patches" diatribe that flops around periodically. Back when the whole Linux thing was still relatively new, I remember seeing many conversations about how having all that source code for the main system publically available means it will be eaiser for people to find and exploit that software. Microsoft tends to bolster this view, stating that one purpose of its closed source code is increased security. But you don't seem to ever seem to see this concept followed through on. Linux and BSD based systems are all over the place (i.e. the internet) these days, and the majority of web servers out there are running Apache. The code for all this software has been publically available for a very long time now, but there don't seem to be (from my perspective, at least) the increased security issues that there "should" be based on the "closed proprietary" security argument.
Nothing earth shattering, just a small observation. Take it for what you will. :)

Re:source code transparancy & security

I've always viewed it as the roofing leak analogy. Roofs will leak, there's not much you can do about it. But the Microsoft strategy appears to be that you put some wall filler on the ceiling. The Open Source strategy is that you open everything up and start fixing the hidden problems first. Then you add the insulation and the shingles and the coats of paint. By seeing what's underneath the shingles you can very easily spot the holes. At the same time, you can patch the problems, not band-aid the symptoms.

KLL

Hacker?

[Lehk228]

what the hell? since when did we start handing out the title of Hacker to any douchebag who can figure out how to run a p2p app?

Re:Ah, so THAT'S how they can get away w' entrapme

[InsaneGeek]

You do realize that entrapment in layman terms means that you entice them to do something that they normally WOULD NOT DO, don't you? Unless we are allowing you to make up a completely new definition that's what it is. We was most certainly willing to do this, it would be a very difficult statment to say that this would be something that he would not normally do. Entrapment in layman terms is that you entice them with something so much that you basically force them to cross a moral boundry they normally would not do. He was already past that moral boundry so again even under layman (not even talking legal) terms it's still not entrapment.

Re:Semantics...

[mindaktiviti]

No kidding, I found a copy inside the CD Cover of Snoop Doggy Dogg's latest album.

missing a few zeros?

everytime i see that figure, i just feel a few zeros have been dropped; seriously, 20 bucks... what a fucking ass... he deserves jail

Re:Semantics...

[TWX]

"After reading this I became curious and checked my dog's bedding, and sure enough I found a copy of the Microsoft source code."

So you're saying that your dog's not house-broken?

Which Is The Bigger Loser?

[LifesABeach]

The one that wishes to sell Microsoft "Secret Code"; Or the one who wishes to buy it. Even Microsoft says that Linux can do the same thing faster as was submitted here on /..

But look at it from Bill Gates' point of view; That secret code could put him out of business, and how could he support his family on what he's made so far?

Re:Semantics...

[norman619]

Entrapment would be if the feds offered to sell HIM the illegal goods. If he offeres it to the officer then he's breaking the law of his own free will no coersion involved. I knew my bad boy days would come in handy!!! :-)

I was a friend of IllWill

[xbmodder]

I was a friend of IllWill. Pretty sad story I think. Why don't companies just make better products? No store alarm to internet comparisons PLEASE. Well if he reads this I'd like to say good luck. their site was illmob.org which seems to be down right now.

Not the first Idiot

[rsperry79]

i used to work for a call center most of you have called. We got calls from people wanting support on burned copies of XP and Office People paid retail on. And if I thought that some people were brazen for doing that... the computer store not a 10 minute drive from Campus was selling PC's with MSDN on it. People say MSFT is hard on idiots.. but everyone in the world has heard thier BSA ad's, the legit campain, and various others. You ussally have to do be doing it on a large scale and ignor thier shot over the bow to comply in order for you to get charged. I really wouldn't be surprised if MSFT had sent this idiot an email using a free email service saying how stupid this was. I'm sure they had no interest in jailing this idiot, only an interest in stoping him after getting warned. If they let some idiot do it for 20 whats to say in court that some one could do it for 2k, and use the legal defense that msft never stoped the first, so therfore it is acceptance from MSFT that if freely availible and wide spread. Then MSFT doesn't care. That kind of defence would get press and actually hurt stock prices. --rich

Re:Semantics...

[JohnFluxx]

Really? If I offer someone a million pounds to steal a library book, then secretly film them doing so, and then get them arrested, is that legal? What about ethical?

Kevin Mitnick

[Spy+der+Mann]

[Microsoft] has also expressed fears that making its source code public could allow hackers to find security holes in Microsoft products

Is it just me, or did the /. editors posted Kevin Mitnick's comment about 'hacking' open source code just because of this? Hmmmmm.... *thinks*

Re:Semantics...

It think it really is awful that he sold Windows source like that.
Twenty Dollars. Damn.
The nerve of someone to overcharge like that.

They could have been more creative with sentencing though.
They should have sentenced him to using that version of Windows for the next ten years.

How they tricked him

lol no this is not the FBI

Re:Semantics...

[PastAustin]

Really? If I offer someone a million pounds to steal a library book, then secretly film them doing so, and then get them arrested, is that legal? What about ethical?

In your neck of the woods I think it would be called a "Honey Trap" and that scenario would only be entrapment if you were a government official, otherwise you would both be partners in crime. Also I would suggest if you were in this situation you just get a library card. Check out Thin Blue Line - "Honey Trap" (I didn't know how to properly cite it... when in doubt, make everything italic and toss in some quotes!) sometime. Great British comedy plus you can understand what an entrapment operation is.

Read the Perp's Account

[E++99]

http://illmob.org/ It's pretty hillarious when he describes the "bust". The feds pound on the door early in the morning. He asks who's there, they say that some cars were broken into and they want to check if his was one of them. So... he gets his shoes on goes out the BACK door to the parking lot. There's guy in a bullet-proof vest guarding his car, who obviously has no idea that he's the guy they're coming to arrest. When he indicates that that's his car, he's like "oh, uh... did you talk to the men inside?" It's freakin hillarious. They should make a TV special on FBI busts gone bad.

Re:Read the Perp's Account

[Psykus]

The site is down, but of course Google still has a cache of it here:

http://216.239.51.104/search?q=cache:7K18878iJ3gJ: www.illmob.org/+&hl=en&gl=us&ct=clnk&cd=1&client=f irefox-a

Stolen in Context?

[ToxicBanjo]

which led to Genovese's indictment under the U.S. Economic Espionage Act, which makes it a felony to sell a company's stolen trade secrets ... [Microsoft]

Funny that, he gets jail for selling stolen code and MS gets off scott free after stealing the code in the first place!

I used to think I knew silly

[Hosiah]

Until I saw this story. This is more than silly. This is silly in paisley pants.

For God's sake, we need to call a screeching halt to all intellectual property, period. Yes, it sucks, we won't be able to make a cent off all our hard work, but the alternative is to herd every ex-MS programmer on a secret island so they cannot blab code in their sleep to the uninitiated, cut all the lines of the internet so nobody can talk to anybody, mandatory lobotomization of every user who has ever looked at a Microsoft screen so they can't rat out trade secrets, and stop breathing after somebody patents the FUCKING AIR!!!

Re:I used to think I knew silly

[cnerd2025]

I seriously doubt that we won't be able to make money. We simply must redefine "Intellectual Property". Today intellectual property is the "semantic" property, i.e. visual art, music, and written word (prose, poetry, or program). Semantics are, unfortunately, hard to concretely define. There are limitations, such as physical media, that change semantic value. If, for example, I take a photograph of a Warhol painting and then publish it with JPEG compression, is it still Warhol's work or my work? It wouldn't be a perfect copy of Warhol, but it wouldn't be my "original" idea. Lets say that I modified the art to make my own statement? How would that be protected? Would I be required to pay royalties to Mr. Warhol's estate? After a point the whole argument becomes absurd, and its only purpose is to keep lawyers employed.

Let's redefine IP as the real "intellect" itself. We can hold that a person's mind is the property of that person, whether the mind is a transcendental entity (the soul) or the mind is a construct of matter (the brain). IP is therefore the mind itself, as well as the constructs of the mind. A person therefore is granted the exclusive and irrevocable right to his or her mind (an "unalienable" right) and he or she is also granted rights to the products for a limited time until a publication or public dissemination (e.g. blog post or CD or website, etc.). Then the author retains only attribution rights, which can be deferred or eliminated contingent upon external contracts.

Now how is this different? A few scenarios will clarify the proposition. Let's take /. posts, for example. When you are formulating your ideas (i.e. before publication), you hold exclusive right to the final product. This is like your personal "trade secret". But, when you click submit, the exclusive right to your product is then eliminated, other than your attribution. You then have the right to say "I wish to post anonymously", but only because /. provides that option and you have agreed to their contract. Corporate rights would be somewhat different. Since individuals work for a corporation, each of them still retains their IP as described above. However, when they meet and discuss their project, they may produce plans and other "extensions" of the mind, which would be governed by mutual contract. However, when the product is released, the authors are given the attribution rights, dependent upon agreements between individual authors and between the authors and the corporation. Therefore a "trade secret" would in fact exist, but it would be much less potent than the current bastardization. Corporations are legal people, but a corporation has no individual mind. Consider a final scenario. You write a program which you publish to the web. Someone compiles it and decides he or she likes it. They contact you about writing some more software. You accept, contingent upon them paying you. Hence, the company can use the software for their purposes, and you get paid. All "intellectual property" should be defined in this manner, because ambiguity is decreased significantly.

Re:I used to think I knew silly

[Hosiah]

Groovy. So when do you run for office?

You write a program which you publish to the web. Someone compiles it and decides he or she likes it. They contact you about writing some more software.

I just happen to be doing that kind of thing with my blogs http://wallpaperfree.blogspot.com/ and the one in my sig, but so far haven't gotten good enough to get to step three of your plan. Nevertheless, I'll do it this way rather than snivel and moan after every pixel and semicolon of everything I produce fretting over somebody around the world didn't chip in their $.035 for something I did. I hear other people out there, and they're pathetic. They draw one frickin' picture and spend the rest of their lives mooing about it. In the amount of time they spend protecting it, they could have filled a whole gallery and moved on!

I wonder if one could do a series of PSAs about great creative minds from the past? Eistein freely gave away E=mc2. How much money did da Vinci earn off his famous engineering drawings? Didn't van Gosh paint half his life for free? If the past creative minds acted the way our present creative minds do, we wouldn't even remember them today.

Any crime remotely tech-related makes u H4x0r

I guess nowadays you are automatically a "hacker" whenever you use something even remotely computer-related in a crime. I can see the headlines now... "Hacker burglarizes house, assaults homeowner" when the story really reads that some crack addict that can't even spell "computer" breaks into a house and uses the owner's laptop to smack him over the head with. Let's see if we can artificially further demonize the work "hacker" some more, eh?

Re:Any crime remotely tech-related makes u H4x0r

[bill_mcgonigle]

Let's see if we can artificially further demonize the work "hacker" some more, eh?

I say go for it. The more the word is diluted the more a proper one will be applied.

Supervised Release and electronic monitoring

[kimvette]

William "IllWill" Genovese, 29, will serve three years of supervised release following his prison term, during which he'll be subject to electronic monitoring through special software installed on his computer, under the terms handed down by federal Judge William Pauley in New York.

They're making him upgrade to Windows Vista?

Zing!

"though, so far, intruders are doing fine without the source."

Zing!

Has to be said

[Guppy06]

"[Microsoft] has also expressed fears that making its source code public could allow hackers to find security holes in Microsoft products"

Microsoft has had access to the Windows sourcecode since 1.0 and there are still security holes they can't find themselves.

Heck, I'd wager opening the source would actually lower the rate that these security flaws are found.

On smalltime companies and smalltime criminals ...

[gd23ka]

It's all part of this

campaign: Microsoft Spending $120M To Look Smaller

Posted by CmdrTaco on Monday January 23, @06:40PM

from the someone-alert-alanis dept.



Ant writes "Seattle Post-Intelligencer reports that Microsoft Corp. will spend $120 million a year on an advertising campaign to fight its image as "a huge American company." That sound you heard while reading the article is my head exploding.

Hacker?

[SQLz]

Why is some dude on who probably found the source on IRC, considered a hacker? He had nothing to do with the theft of the code. Is it those mad l337 mIRC skillz?

$200? You're kidding.

[Quixadhal]

What kind of moron would think they could get source code to ANY closed source product that sells more than 20 copies a year, for such a price?

Last I checked, getting the source code to an active data grid widget for VB5 (years ago, mind you) cost $5000 -- and you had to sign a bunch of NDA's to make sure you coudn't resell it or redistribute it in any form.

All for a couple bucks

[AutopsyReport]

I always say, if you're going to rob a bank or a retailer, make sure it's loaded enough to live the rest of your life in luxury. Don't be stupid over a few bucks that can be earned in a couple days work.

Some people are just ridiculously stupid.

Not quite related but funny. . .

[NetRAVEN5000]

This doesn't relate to the article really but it's still kinda funny (though it does get annoying after a little while).

Bill Gates is a Little Teapot

from "illwill"

Well about February 2004 someone hacked into a company (mainsoft)
that licensed/modified code from Microsoft in order to be used with some Linux code.that person in turn ,
released the source code onto the internet, first posting i saw of it was on Full Disclosure mailing list,
persons named dvdman (dvdman@greyhat.org) bysin (bysin@hacker.com) claimed to be the one that did the job but noone knew for sure
, the source code for NT 4.0 and Win2k were uploaded to a site called smokeherb.com, which is where i acquired it from.
On or around this time i posted to my site that the source code was 'jacked' and i had a copy and jokingly said if you cant find it ill give you a copy
if ya send me money, not expecting anyone to do so since it was everywhere , irc,p2p,websites,torrents etc... he wanted a copy of the source,
not really caring that he could get the source code anywhere i figure i would part a fool from his dollar and just take whatever he offered me, fuck it right?
i told him to donate money to illmob using paypal to cover the bandwidth costs etc put my ftp on and let him dl it.. about a week and half later (march 7th)
he contacts me yet again , this time to buy the Paris hilton porn video clip that i was also selling for $15 off illmob, he had trouble downloading it
because the ftp was timing out or some shit, so he had me UPS it to him to a location in new york
yet again ,(March 18th) and paid me an additional $20 to do so.
Why would an investigator for microsoft' be buying porn? one can argue it was to build my trust , or maybe he was some asshat who
got himself in trouble over something on the internet and decided to rat me out to get himself out of shit,, we'll never prolly know.
Around april/may paypal killed my account for violating their policies and kept the rest of my 24 cent available in the account.
So i opened a new paypal account, around the end of june i was saving money to go to the bi-annual HOPE conference that 2600
was holding that year. around june 25th or so i get another email from 'Bob' saying something to the effect of 'hey remember me ,
i bought the vid and source code from you etc ,well i had to reformat and lost my copy , can i get it from you again ?' ..
i didnt have a copy of it anymore because the souce code was pretty much useless shit , it was source to mshearts,notepad etc ,
so i tell him i dont have a copy but he could prolly still find it on p2p etc anywhere , he responds with "im too stupid to find that kinda stuff,
if you can find it again ill give you $40 for your trouble" so fuck it i need some money for my trip so i agree to it , find it on bittorrent and
tell him to send me some money, this time he tells me to send the ftp info to his email 'heymetoo@netscape.net' on (June 27th) more about this below..
ill get back to tracking it down... so basically this time was the time the feds were downloading the source and were in New York at the time,
so by doing this they have me over state lines and now are in their jurisdiction.. Heres the paypal records (1) (2)

months go by and on a cold November morning i wake up
to someone pounding on the door of my condo @ 6 am. , i get up and im like 'who is it' at the same time im looking at my computer that was
in the same room and thinking to my self that no way anything ive done would be subject to a raid , having been through 2 raids before..
the person responds ' Meriden police, some cars have broken into outside and we need you to see if your car was one of them"
so breathing a sigh of relief i tell them hold on i need to get dressed.. now my condo has 2 doors being on the first floor..
one leading into the hallway and one that gives me access to the parking lot , so im dressed and i go out the parking lot door without going into the hallway ..
i see a guy with a bulletproof vest on standing near my car , so im like whats up?
he looks dumbfounded am im like the cop inside s

Steve Balmer's rebuttal

But... but... market share... and... your OS has vulnerabilities too... and stuff!

Just look at all the stories about how Macs might have a virus... maybe... someday soon... see? Linux, too! Uh... um...

DEVELOPERS DEVELOPERS DEVELOPERS DEVELOPERS!!!!

I

love

this

CompanyYEAH!!!!

Re:Ah, so THAT'S how they can get away w' entrapme

[butterwise]

My info page is filling up with rejected posts. How can I purge these?

Register with a new profile.

Re:Semantics...

[hunterx11]

It's illegal for you to do that, but the person you got to steal the book can be tried as well. If the government did it, the thief would be off the hook entirely.

Bwahahahahaha!!!

[eno2001]

[Microsoft] has also expressed fears that making its source code public could allow hackers to find security holes in Microsoft products

What?! Are they worried that the hackers might fix the "holes" in Windows and there goes MS's support revenue flow? Bwawhawhawhaw!!!

Provinf once again...

[wtansill]

that you just _cannot_ trust Microsoft...

Re:Semantics...

[MoneyT]

Nope, it would be illegal for you, not because it's entrapment but because you paid someone to comit a crime on your behalf.

Re:Semantics...

[level_headed_midwest]

No, if they really wanted to punish him, they'd make him run Windows ME for ten years.

On second thought, that would be too cruel and unusual. Give him the chair instead- that would be much more humane!

Re:$200? You're kidding.

[Forbman]

Well, if the EU keeps having its way with Microsoft, I bet a lot of MS Windows source code will be making it onto Usenet soon... So what then? Can you be criminally punished in the US for releasing or downloading source code directly from Microsoft when said source code is also trivially available in Europe?

Re:Semantics...

[Wisgary]

Oh shit your name is evil lawyer, that's awesome and totally in context, I believe every damn word you say.

Re:I know illwill, he's not that bad... ??????????

Apparently noone read the friggin article about this on cnn.com, the guy is a little bastard with numerous prior arrests including several computer crimes, and some form of touching an underage girl.. I'm sure he's your 1337 buddy and all, but from where I'm sitting, the guy is a waste of oxygen and shoulda been locked up long before now.

He's a waste of food and oxygen..

Noone else seems to have mentioned this, so I will. Hope it gets modded up enough to be seen by casual readers. This jerk has 12 .. *12* prior convictions. I was a real bastard when I was younger, did some incredibly stupid things, and I've only been arrested 4 or so times. My last arrest was my second one for marijuana possession (many years ago) and the judge said he could have cut me a break but I had a prior conviction, which almost doubled the fine I had to pay.

Now picture this 'hacker' standing in front of the judge, with **TWELVE** prior convictions, including 3 for computer crimes, and at least 1 for sex abuse. The little bastard is lucky the don't throw away the key. He's also going to have to register as a sex offender when he gets out, which noone seems to have mentioned either. Basically, he's a real jerk who is getting some of what's coming to him. Of course, he won't reform, he'll probably just thrive on all the idiots saying 'big efil microsoft screwed him over!' and be even worse when he gets out. Well, hope he drops the soap, the little toad.

Re:Semantics...

[Duhavid]

More like not windows-broken.

Re:Semantics...

[slashdotwannabe]

I wholeheartedly vote for the "idiot" label... after all, he did it for a grand total of $40 bucks... that's less than my weekly Starbucks bills.

Re:Semantics...

Parent is absolutely right. The "summary" couldn't be any more wrong then it is.

First, this guy was not a 'hacker'. He downloaded the source from a P2P program. My mother could do that.

If you read the guy's blog, he admits he had hacked into computers before.
 
It also appears that he wasn't really offering the source code for sale. Well, he said it was a joke, thinking no one would be stupid enough to buy something that could be downloaded for free. But then some guy sends him money to his paypal account asking him to download the source code for him (he deleted the source code after a while) ... the rest is history.

Re:Ah, so THAT'S how they can get away w' entrapme

Are you so anxious to hate private businesses, and to think it's cool if people try to make $20 off of their stolen source code, that you're willing to pretend this jerk didn't advertise for the sale of the source code on his own web site? He wasn't "entrapped," he was advertising stolen stuff. Plus, he's obviously a complete moron.

From the blog, the guy claims that it was a joke (he thinks no one is stupid enough to pay because the code is available on p2p). And yep, the only guy that pays him is from Microsoft (the guy from Microsoft puts money into his paypal account asking him to send the code, so he thought why not). This thing is not as black and white as it seems.

Re:Ah, so THAT'S how they can get away w' entrapme

[ScentCone]

This thing is not as black and white as it seems

White: Not having a copy of obviously stolen and very sensitive proprietary information belonging to someone else, whether you jokingly offer it up for sale or not.

Black: Having it.

Windows XP Source Code Revealed!

[kokoloko2k3]

Yeah, it's an old joke, but... here it goes...

#include <windows.h>
#include <system_errors.h>
#include <stdlib.h>
 
char make_prog_look_big[1600000];
 
main()
{
    if (detect_cache())
        disable_cache();
 
    if (fast_cpu())
        set_wait_states(lots);
 
    set_mouse(speed, very_slow);
    set_mouse(action, jumpy);
    set_mouse(reaction, sometimes);
 
    printf("Welcome to Windoze 3.999 (we might get it right \
        or just call it Chicargo)\n");
 
    if (system_ok())
        crash(to_dos_prompt);
    else
        system_memory = open("a:\swp0001.swp", O_CREATE);
 
    while(1) {
        sleep(5);
        get_user_input();
        sleep(5);
        act_on_user_input();
        sleep(5);
        if (rand() < 0.9)
            crash(complete_system);
    }
    return(unrecoverable_system);
}