Slashdot Mirror

← Back to Stories (view on slashdot.org)

A Hacker's Audacious Plan To Rule the Underground

Posted by ScuttleMonkey on from the ambition-can-carry-you-just-so-far dept.

An anonymous reader writes "Wired has the inside story of Max Butler, a former white hat hacker who joined the underground following a jail stint for hacking the Pentagon. His most ambitious hack was a hostile takeover of the major underground carding boards where stolen credit card and identity data are bought and sold. The attack made his own site, CardersMarket, the largest crime forum in the world, with 6,000 users. But it also made the feds determined to catch him, since one of the sites he hacked, DarkMarket.ws, was secretly a sting operation run by the FBI."

3 of 313 comments (clear)

  1. "Former white hat"? by EmbeddedJanitor · · Score: 5, Interesting

    Sounds like he was always a black hat but just didn't cause enough problems while he still had his training wheels on.

    --
    Engineering is the art of compromise.
  2. Rather interesting line at end of article... by GPLDAN · · Score: 5, Interesting

    Months later, Aragon's lawyer gave him some bad news. The Secret Service had cracked Butler's crypto and knew more about the hacker than Aragon didâ"which meant Aragon would probably never be offered a deal, even if he wanted one.

    The USS cracked the Whole Disk Encryption of Max Butler.

    Now reading about this guy, does Max Butler seem like the kind of guy who is going to keep his WDE password on his PDA?

    No, I didn't think so either.

    So, what kind would he be likely to use? dm-crypt under Linux? Commercial PGP? Scramdisk? TrueCrypt?

    I think more WDE is backdoored than any of us suspect, and my takeaway from that line is that the commercial products aren't to be trusted.

    1. Re:Rather interesting line at end of article... by Anonymous Coward · · Score: 5, Interesting

      The thing is: people keep saying that good crypto, while breakable, isn't realistically breakable, by which they mean using the entire computational resources of the planet running continuously for thousands of years. No matter how big any government's encryption-cracking farm, it should be a problem orders of magnitude too large. Twofish, for instance, is estimated to take 32 Petabytes of text before any significant progress could be made on decrypting it, while Blowfish has "no known way to break".
      So the question becomes: does the government have quantum computers, and hasn't let on (and if so, why use them on something like this and let the secret out) or are there vulnerabilities in what we're all calling 'good crypto'.

      Or, much more likely, did he actually use good cryptography programs, or did he do something stupid? (Or did the government install keyloggers on his equipment or any of a multitude of other ways of attacking the problem that doesn't involve brute-forcing TrueCrypt, for instance.)