Slashdot Mirror
Microsoft Tricks Hacker Into Jail
CompotatoJ writes "Wired News reported that William 'IllWill' Genovese was sentenced to prison after being tricked by a Microsoft Investigator offering to pay $20 for a copy of the secret source code. From the article: 'The investigator then returned and arranged a second $20 transaction for an FBI agent, which led to Genovese's indictment under the U.S. Economic Espionage Act, which makes it a felony to sell a company's stolen trade secrets ... [Microsoft] has also expressed fears that making its source code public could allow hackers to find security holes in Microsoft products -- though, so far, intruders are doing fine without the source.'"
You paid $200 for the Windows source? Dude, you got ripped off!
Oh no... it's the future.
The summary is wrong. It says the investigator paid $200. From TFA:
"According to court records, an investigator hired by Microsoft took Genovese up on his offer and dropped two Hamiltons on the secret source code". Hamilton is on the $10 bill, not the $100 (That would be Franklin). Two Hamiltons is $20, hence the next sentence saying "...another $20 transaction..."
Um, no...this isn't even remotely entrapment.
I haven't exactly gone looking for it or anything, but isn't the Windows source code available on P2P?
If so, that is pretty damn stupid to be selling something that is readily available like that. I am betting these undercover folks would be his only customers.
Freedom would be not to choose between black and white but to abjure such prescribed choices. -Theodor Adorno
...will serve three years of supervised release following his prison term, during which he'll be subject to electronic monitoring through special software installed on his computer
Looks like they have finally found a legal use for the Sony Rootkit.
He who knows best knows how little he knows. - Thomas Jefferson
Probably just someone stupid enough to think he can make a quick buck by downloading something from a p2p network.
The company has long maintained that the source code to Windows and other products are its crown jewels, and that making the code public could cause serious harm by stripping it of trade-secret status, and allowing competitors to duplicate the functionality of Microsoft software.
Come on - anybody can code up a BSOD if they really want to.
Should Mark from sysinternals be worried?
liqbase
paid $200 and the go to jail..
Music, Games, Media Art and Programming
Entrapped means the person was talked into doing something they otherwise wouldnt have done, tricked has similiar connotations. In this case I would say Microsoft caught him fair and square, and the transaction provided all the evidence required to jail him. Good riddance I say.
No, I don't think anyone says "entrapped" because this case has as much to do with entrapment as it has to do with tea in China. Entrapment requires an agent of the government to coerce someone into comitting a crime they would not otherwise commit. In this case, the guilty party offered the source for sale on his website. This is like someone putting up a sign saying "Crack For Sale" in their yard. He was offering regardless of police interference. That's as far from coercion as you can get.
The laws of probability forbid it!
You can read about this arrest from a first person perspective at William Genovese's website here. An interesting read, and he lists some of the e-mail and snail mail addresses used in the sting against him.
For it to be entrapment, someone would have had to approach him with an offer to buy the stolen source code. He posted an offer to sell the source code on a website, so he initiated the exchange.
I do not fail; I succeed at finding out what does not work.
"Microsoft Tricks Hacker Into Jail"
/.ers who write code self-described hackers? This guy was trading in pirated software. So, he is a "Pirate," not a "Hacker." I'd complain about the editing, but this is /..
That's not a very good headline. I mean, aren't many
Ben
What those who want activist courts fear is rule by the people.
FTFA Genovese would have had a viable defense had he gone to trial, because the documents were widely available on peer-to-peer networks at the time of the sale, said Mark Rasch, a former Justice Department cybercrime prosecutor.
"This guy didn't participate in the misappropriation, and probably didn't conspire with anybody to misappropriate it," said Rasch, a vice president at security company Solutionary. "Once it's posted online, it's just not secret anymore. At some point it becomes public information."
Microsoft must be getting really serious 'bout this issue; not any security issue, mind you, but a PR one, thats for sure.
They went after some guy who tried to sell what he found, and then was dum enuf to sell for $40 online, but who had no connection whatsoever to leaking anything, and, by his own description, is less than the sharpest tack in the bulletin board:
"Basically, everything I do, I do ass-backwards," Genovese said in an instant-messaging interview ahead of Friday's sentencing. "I like drawing, so I spray paint. I like music, so I took some radios of kids I hated in high school. I like computers, so I hack."
Selling other people's stuff that you find laying around may not be legal or especially smart, but making a big deal out of the 800 billion lb. gorilla "catching" a petty criminal in the act ain't much news, either, unless MS wants to spend their PR highlighting their own incompetence....Oh, now I get it.
"Lost time is not found again."
Google doesn't trick people into jail.
really 867993
Karma schkarma
Parent is absolutely right. The "summary" couldn't be any more wrong then it is.
First, this guy was not a 'hacker'. He downloaded the source from a P2P program. My mother could do that.
Second, if anyone had bothered to read the actual article, they would see there was absolutely no entrapment here. He downloaded the software and offered it up for sale on his website. The only 'entrapment' was that an agent bought what he was already offering. This guy was an idiot. He wasn't pushed by the authorities into doing anything illegal. Hell, he was the only one to be indited even though everyone and their dog has thsi source code because he was the only one stupid enough to try and sell what was freely avaliable. Not only that, but he already had a rap sheet.
This guy was just a moron, pure and simple.
So apparently this is wrong, or at least has been amended a bit by the act referenced in the summary. Would this guy have been in the clear if he'd just been offering a trade secret for download? (With source code, it's complicated by the fact that the code is subject to copyright, too, though. What if we were dealing with, say, the formual for Coca Cola, to take the canonical example?)
PHEM - party like it's 1997-2003!
When I first read these types of articles, I usually think, that's outrageous, he didn't do anything, the code was already leaked, now the poor sap has a conviction for something trivial.
Then I realize, hey, I'd NEVER post stolen code or offer stolen code for sale on my website. Its friggin stupid. Its obviously stolen and obviously illegal and completely traceable to me. I'd expect to have the FBI knocking on my door if I did something so stupid. Like many criminals, this guy didn't cause any real harm but completely lacks judgement. Now he'll suffer a bit for it.
Now that's news.
I see now. Since the government isn't supposed to engage in entrapment, private companies will. And since private companies are now becoming increasingly indistinguishable from governments... I guess we're all fucked.
Are you so anxious to hate private businesses, and to think it's cool if people try to make $20 off of their stolen source code, that you're willing to pretend this jerk didn't advertise for the sale of the source code on his own web site? He wasn't "entrapped," he was advertising stolen stuff. Plus, he's obviously a complete moron.
As for private companies looking after their own welfare... why do you supposed that retailers are forced to have security guards? Retails stores, especially the ones selling expensive, eBay-friendly stuff, are hit constantly by shoplifters and scam artists. But most local taxpayers would scream bloody murder if they had to pay for enough police officers to have one on hand in every department store in every mall, 7 days a week. So, private security is a big and (unfortunately) completely necessary line of work.
You also seem to be forgetting about corporate/international espionage. Companies working on competitive products - especially those performing very expensive research - have to be continually vigilant against both inside and outside theft of their trade secrets, materials, financial plans, marketing campaigns, etc. If they don't use private security to help them deal with that, their only choice is to just put up with the consequences of seeing, say, a factory in China starting up production on something that the ripped-off research company just spent millions of dollars figuring out how to make, or they could... ask the government to provide trade security for every company? What would you say then, that the taxpayers are being forced to serve the coporations, blah blah blah? Exactly. So, when a company with a lot at stake has their own security people urgently tracking down people that are ripping them off (even some complete idiot advertising astoundingly sensitive stolen O/S source code for sale on his web site, and willing to take $20 for it), you can hardly bitch. Unless your position is that it's cool to steal sensitive information and sell it, in which case, let's start with yours: I can probably make $20 with your SSN and some other personal details. And that's too small to bother the police with, so I'm home free since you clearly don't think it's ethical for you to personally track down someone who rips you off.
Oh, and try one of those fancy new high-tech online dictionaries. You can immediately, and without fear of prosecution, learn what entrapment actually means.
Don't disappoint your bird dog. Go to the range.
He downloaded the source from a P2P program. My mother could do that.
:)
Really? Would she be interested in selling it? Please, speak a little louder...
"Hell, he was the only one to be indited even though everyone and their dog has thsi source code"
After reading this I became curious and checked my dog's bedding, and sure enough I found a copy of the Microsoft source code.
Google doesn't trick people into jail.
After drinking Steve Jobs' koolaid, people would
voluntarity go & get themselves arrested, if Jobs
asked them to. And would even pay daily board &
food charges at the jail.
Ok, first of all I think it's weird that MS can claim the source code is a trade secret in the first place. It's my understand that in order for something to be classified as a trade secret it would have to be kept secret, and people who take it and distribute it would have to be pursued and dealt with. otherwise the company loses its right to claim it as a trade secret. Witness how little (if anything) they've done about the code being swapped around for years now. Then again, IANAL, ISUCK, etc.
Regardless, the guy was convicted of selling stolen trade secrets. He was a dumbass for selling it in the first place, but I digress.. It turns out that the penalty for POSSESSION of a stolen trade secret is up to 10 years in jail and a $250k fine. It's worth considering for those of you who might have copies stashed away in backups somewhere just for the hell of it.
Not that I'd ever stoop so low as to possess stolen trade secrets, of course..
(runs off to scour his hard drive)
I wonder how hard it would be for MS to decide to scan your system for files with names matching those discovered on p2p networks. They could stick it in that monthly "Malicious Software Removal" tool in Windows Update, even. Ouch. I doubt it would work as evidence in a court but it would give them reason to suspect you or to attempt to gather evidence that WOULD stand up if they really wanted to bother charging everyone.
"Bother," said Pooh, as lightning knocked out hi%#&(F*@NO CARRIER
Entrapment:
This guy offered the code for sale. He was not unwillingly "induced", or "coerced" to sell it. This is NOT entrapment.
That said, he is also not a simple downloader. Before your heart starts bleeding for him too badly, look at his criminal history, discussed in the article. Mostly small-time stuff, but, FTFA:
So let's see. He downloaded a copy of proprietary source code. He then tried to make money by selling it on his "hacking-related" web site which he operates. He also is on probation for breaking into some private computers & installing key logging software. In the very BEST light possible, he's a small-time cracker & pirate, with a history of stupid criminal behavior.
Just because Microsoft chooses not to release its source code does NOT give someone else the right to take it, and then attempt to profit by reselling that source code. Like it or not, whether or not they open-source their operating system is their CHOICE (isn't that one of the fundamental principals of the F/OSS movement?), not yours. You may not like their choice, but that doesn't give anyone the right to "correct" Microsoft's choice because it's not the same choice RMS would make.
Your AC comment would indeed be "insightful," were it not completely wrong. In the end, at least one company was forced to pay Pamela and Tommy Lee substantial damages for making the video available on the internet. The only battle that the porn people won was its claim that the couple signed away their rights in their initial settlement agreement with the porn people who first aired it. After the trial judge's throwing the case for internet distribution out of court was overturned on appeal, the porn people threw in the towel and judgment was rendered against them for the illegal distribution of the video.