Slashdot Mirror

← Back to Stories (view on slashdot.org)

A Hacker's Audacious Plan To Rule the Underground

Posted by ScuttleMonkey on from the ambition-can-carry-you-just-so-far dept.

An anonymous reader writes "Wired has the inside story of Max Butler, a former white hat hacker who joined the underground following a jail stint for hacking the Pentagon. His most ambitious hack was a hostile takeover of the major underground carding boards where stolen credit card and identity data are bought and sold. The attack made his own site, CardersMarket, the largest crime forum in the world, with 6,000 users. But it also made the feds determined to catch him, since one of the sites he hacked, DarkMarket.ws, was secretly a sting operation run by the FBI."

14 of 313 comments (clear)

  1. Article? by Anonymous Coward · · Score: 5, Insightful

    "Once inside, he sucked out their content, including the logins, passwords, and email addresses of everyone who bought and sold through the sites. And then he decimated them, wiping out the databases with the ease of an arsonist flicking a match."

    This seems to be written more like a work of fiction than an account of the hack. The description echo'ed the language used in Jeffery Deaver's "The Blue Nowhere".

  2. Honest money by Anonymous Coward · · Score: 4, Insightful

    The way I figure it all the effort that goes into making big money doing crime would be better used in the 'real' world.

    I live in the ghetto and the skills required to sell drugs/weapons can be easily transferred to the business world rather easily and the income is higher.

    Honest money allows me to sleep at night and at the end of this train ride, the books will be balanced and that man in the sky will do the accounting and even it all out.

    1. Re:Honest money by Weaselmancer · · Score: 3, Insightful

      The onus is on the believers, fool

      True enough, but you've missed something. Both sides in this argument believe something. Something unprovable.

      I would reserve the 'fool' for someone who missed that point. Perhaps you could benefit from a logic refresher yourself, AC.

      --
      Weaselmancer
      rediculous.
    2. Re:Honest money by Locklin · · Score: 3, Insightful

      To require proof (or evidence) of a thing in order to believe it exists is not a belief, but simply rational scepticism.

      If I tell you that sea water is made of supernatural jello, you are perfectly capable of asking me for some proof without forming a new "belief" that seawater is *not* made out of supernatural jello. Perhaps, you could argue that valuing scepticism is a belief, but then the onus is not on the GP to disprove God but simply to prove scepticism in general has value (easy).

      --
      "Knowledge is the only instrument of production that is not subject to diminishing returns" -Journal of Political Econom
  3. Ah. It all becomes clear by girlintraining · · Score: 5, Insightful

    It wasn't that this guy was whacking other underground sites, it's that he also nailed the FBI's "sting" website. The FBI and him engaged in a turf war, because if there's one thing the government hates, it's stealing. It hates competition.

    --
    #fuckbeta #iamslashdot #dicemustdie
  4. Re:Catching Max Butler by Emb3rz · · Score: 3, Insightful

    I must be new here, because it's difficult for me to believe that you didn't RTFA!

    He's in a prison in Pennsylvania playing D&D while awaiting his trial.

  5. Re:Rather interesting line at end of article... by Raenex · · Score: 4, Insightful

    If the encryption isn't government-farm proof then it's kind of worthless as encryption.

  6. Obsession by BountyX · · Score: 4, Insightful

    Hacking is an obsession and an addiction. It can easily take over your life, especially if you are good at it. Finding your next target is like getting in your next fix. It offers the ultimate escape, diversion and self-esteem. In a sense, it is a power trip. The kind of rush you expirience when your skills pay off is incredible. For some, it is a rush better than sex and drugs combined. It adds a new dimension to an otherwise mundane and seemingly predictable reality. Some perspective ;)

    --
    Trying to install linux on my microwave, but keep getting a kernel panic...
    1. Re:Obsession by mkiwi · · Score: 3, Insightful

      So you mean it's like World of Warcraft? :-)

  7. Re:Rather interesting line at end of article... by CodeBuster · · Score: 3, Insightful

    Not at all. The final value of this carders hoard of unused dumps was estimated to be in the range of 500 million dollars (at least according to the article) and the USSS was involved along with the FBI in an attempt to shut down the largest consolidated carder site ever assembled by one person. As other posters have pointed out, analysis of keyboard wear (assuming that Mr. Butler didn't have the foresight to regularly change his physical keyboard) might have assisted the effort greatly (yielding a success before all or even most of the possible key space had been exhausted). The point of encryption is not to provide absolute protection for all time against all efforts but rather to provide protection for a limited amount of time as a function of the resources of your adversary. The United States, as one of the reigning superpowers of the world, has a vast amount of money and resources at it's disposal (we spend more then 500 million dollars in Iraq every week). Even the best encryption will eventually fall to a determined enough adversary with enough resources to throw at the problem. The article mentions a time frame of serveral months to years (and the trial probably went on for a couple of years) which sounds reasonable if government super computers were being enlisted in a distributed brute force search of the keyspace. Fortunately, for most of us, our data is not worth 500 million dollars and so no great effort will made to brute force our FDE keys in the event that our laptops are lost or stolen. Even the resources of the largest governments are finite after all and no protection, even the strongest encryption, is infinite, but that doesn't make FDE useless.

  8. Re:The article leaves out a key piece by Burning1 · · Score: 5, Insightful

    There's a huge difference between criticism and ridicule. To be frank, most of us went through that kind of stuff growing up. Very few of us turned out anti-social.

  9. Re:Very unfair image by Frosty+Piss · · Score: 5, Insightful

    Max is/was/will always be a guy who stole identities and money other people, in many cases making their lives living Hell. You can toot all you want about the evil FBI, but fact of the matter is that Max is a thief who took things that didn't belong to him.

    --
    If you want news from today, you have to come back tomorrow.
  10. not really... by darjen · · Score: 4, Insightful

    the largest crime forum in the world

    I think this dubious honor belongs to the US government.

  11. Re:Rather interesting line at end of article... by theLOUDroom · · Score: 5, Insightful

    What a load of hogwash!

    analysis of keyboard wear [...] might have assisted the effort greatly

    No. It would not. It's pretty simple. How many times do you type your password vs. how many times do you type some other word? Try doing some computer simulations if you don't believe me. The data will be lost in noise.

    The point of encryption is not to provide absolute protection for all time against all efforts but rather to provide protection for a limited amount of time as a function of the resources of your adversary.

    No. The point is to take advantage of math problems that are asymmetrically hard to solve.
    The goal is to create the largest force multiplier you can. This is how crypto differs from regular security.
    The perfect cipher would be simple enough for a human to compute readily on a single piece of paper while resisting the brute forcing efforts of a computer built using every atom on earth, clocked at one terahertz and running since the beginning of the universe. It's a issue of scale. The "force multiplier" effect avaible from crypto is greater than anything in the physical security world. Imagine instead that instead of working with of E = MC^2, you were working with E = C*2^M. See how it's different? The work required to brute force a key baloons very quickly.

    Even the best encryption will eventually fall to a determined enough adversary with enough resources to throw at the problem.

    No, actually that's not a certainty.
    In order for what you said to be true there would have to be fundamental weaknesses in ever cryptographical scheme ever conceived, now or in the future.
    If we find even one decent algorithm, free of shortcuts, then by using a large enough key it is possible to ensure that your data is not decoded before the death of the sun.

    which sounds reasonable if government super computers were being enlisted in a distributed brute force search of the keyspace.

    BASED ON WHAT? Why is months any more reasonable of a timeline to crack an unknown encryption scheme with unknown resources? Why not milliseconds? Why not millenia?

    You have NO IDEA, what a reasonable time scale would be and you're just talking out your ass here.

    I suppose some my consider me rude for point that out, but there are those of us who find people randomly making things up to support their argument to be rude.

    --
    Life is too short to proofread.