Slashdot Mirror

← Back to Stories (view on slashdot.org)

A Hacker's Audacious Plan To Rule the Underground

Posted by ScuttleMonkey on from the ambition-can-carry-you-just-so-far dept.

An anonymous reader writes "Wired has the inside story of Max Butler, a former white hat hacker who joined the underground following a jail stint for hacking the Pentagon. His most ambitious hack was a hostile takeover of the major underground carding boards where stolen credit card and identity data are bought and sold. The attack made his own site, CardersMarket, the largest crime forum in the world, with 6,000 users. But it also made the feds determined to catch him, since one of the sites he hacked, DarkMarket.ws, was secretly a sting operation run by the FBI."

15 of 313 comments (clear)

  1. "Former white hat"? by EmbeddedJanitor · · Score: 5, Interesting

    Sounds like he was always a black hat but just didn't cause enough problems while he still had his training wheels on.

    --
    Engineering is the art of compromise.
  2. The article leaves out a key piece by Anonymous Coward · · Score: 5, Funny

    Posting anonymously for obvious reasons.

    I went to school with Max Butler. He's driven by constant challenges. I knew Max as a friend and as such witnessed the same vitriol and hatred he put up with from others who did not understand him. Teachers often openly mocked him, especially in computer science courses.

    His escape from it all came from hacking. He noticed he had a particular knack for it. He'd get really engrossed, and it became sort of a downward spiral from there. If you know anyone like him, please do not ostracize him in his forming years. Imagine if he had been a solid, contributing member of society like timecop, or the millions of other good natured people that run trolling organizations that specialize in making fools out of idiots like yourself.

    1. Re:The article leaves out a key piece by Burning1 · · Score: 5, Insightful

      There's a huge difference between criticism and ridicule. To be frank, most of us went through that kind of stuff growing up. Very few of us turned out anti-social.

    2. Re:The article leaves out a key piece by digitalhermit · · Score: 5, Funny

      I went to school with Anonymous Coward. He's driven by shame. I knew AC as a friend and witnessed the same vitriol and hatred he put up with from others who did not understand him. Users often openly mocked him, especially after he posted comments about Apple Computer.

      His escape came from posting. He noticed he had a particular knack for it. He'd sometimes post a thousand times a day to Slashdot (just check the logs and you can verify this for yourself). If you know others like him (such as Anonymous Howard, Eponymous Dotard, Androgynous Blowhard), please do not euthanize him in his cromulent fears.

  3. Article? by Anonymous Coward · · Score: 5, Insightful

    "Once inside, he sucked out their content, including the logins, passwords, and email addresses of everyone who bought and sold through the sites. And then he decimated them, wiping out the databases with the ease of an arsonist flicking a match."

    This seems to be written more like a work of fiction than an account of the hack. The description echo'ed the language used in Jeffery Deaver's "The Blue Nowhere".

    1. Re:Article? by momerath2003 · · Score: 5, Funny

      Wouldn't decimating them mean having to leave 90% of the logins?

      --
      I had but a simple dream, to destroy all humans.
    2. Re:Article? by TheoMurpse · · Score: 5, Informative

      Yes, just as "homophobe" only means "afraid of that which is the same as them," "you" is only the polite form of indicating the addressee ("ye" being the casual form), "villa" only means "farm," "awful" only means "deserving of awe," and "girl" only means "young child of either sex,".

      Here's a tip: words change meaning.

  4. Ah. It all becomes clear by girlintraining · · Score: 5, Insightful

    It wasn't that this guy was whacking other underground sites, it's that he also nailed the FBI's "sting" website. The FBI and him engaged in a turf war, because if there's one thing the government hates, it's stealing. It hates competition.

    --
    #fuckbeta #iamslashdot #dicemustdie
  5. Rather interesting line at end of article... by GPLDAN · · Score: 5, Interesting

    Months later, Aragon's lawyer gave him some bad news. The Secret Service had cracked Butler's crypto and knew more about the hacker than Aragon didâ"which meant Aragon would probably never be offered a deal, even if he wanted one.

    The USS cracked the Whole Disk Encryption of Max Butler.

    Now reading about this guy, does Max Butler seem like the kind of guy who is going to keep his WDE password on his PDA?

    No, I didn't think so either.

    So, what kind would he be likely to use? dm-crypt under Linux? Commercial PGP? Scramdisk? TrueCrypt?

    I think more WDE is backdoored than any of us suspect, and my takeaway from that line is that the commercial products aren't to be trusted.

    1. Re:Rather interesting line at end of article... by Schemat1c · · Score: 5, Funny

      The USS cracked

      Sounds like the worst name ever for a ship.

      --

      "Nobody knows the age of the human race, but everybody agrees that it is old enough to know better." - Unknown
    2. Re:Rather interesting line at end of article... by Anonymous Coward · · Score: 5, Interesting

      The thing is: people keep saying that good crypto, while breakable, isn't realistically breakable, by which they mean using the entire computational resources of the planet running continuously for thousands of years. No matter how big any government's encryption-cracking farm, it should be a problem orders of magnitude too large. Twofish, for instance, is estimated to take 32 Petabytes of text before any significant progress could be made on decrypting it, while Blowfish has "no known way to break".
      So the question becomes: does the government have quantum computers, and hasn't let on (and if so, why use them on something like this and let the secret out) or are there vulnerabilities in what we're all calling 'good crypto'.

      Or, much more likely, did he actually use good cryptography programs, or did he do something stupid? (Or did the government install keyloggers on his equipment or any of a multitude of other ways of attacking the problem that doesn't involve brute-forcing TrueCrypt, for instance.)

    3. Re:Rather interesting line at end of article... by theLOUDroom · · Score: 5, Insightful

      What a load of hogwash!

      analysis of keyboard wear [...] might have assisted the effort greatly

      No. It would not. It's pretty simple. How many times do you type your password vs. how many times do you type some other word? Try doing some computer simulations if you don't believe me. The data will be lost in noise.

      The point of encryption is not to provide absolute protection for all time against all efforts but rather to provide protection for a limited amount of time as a function of the resources of your adversary.

      No. The point is to take advantage of math problems that are asymmetrically hard to solve.
      The goal is to create the largest force multiplier you can. This is how crypto differs from regular security.
      The perfect cipher would be simple enough for a human to compute readily on a single piece of paper while resisting the brute forcing efforts of a computer built using every atom on earth, clocked at one terahertz and running since the beginning of the universe. It's a issue of scale. The "force multiplier" effect avaible from crypto is greater than anything in the physical security world. Imagine instead that instead of working with of E = MC^2, you were working with E = C*2^M. See how it's different? The work required to brute force a key baloons very quickly.

      Even the best encryption will eventually fall to a determined enough adversary with enough resources to throw at the problem.

      No, actually that's not a certainty.
      In order for what you said to be true there would have to be fundamental weaknesses in ever cryptographical scheme ever conceived, now or in the future.
      If we find even one decent algorithm, free of shortcuts, then by using a large enough key it is possible to ensure that your data is not decoded before the death of the sun.

      which sounds reasonable if government super computers were being enlisted in a distributed brute force search of the keyspace.

      BASED ON WHAT? Why is months any more reasonable of a timeline to crack an unknown encryption scheme with unknown resources? Why not milliseconds? Why not millenia?

      You have NO IDEA, what a reasonable time scale would be and you're just talking out your ass here.

      I suppose some my consider me rude for point that out, but there are those of us who find people randomly making things up to support their argument to be rude.

      --
      Life is too short to proofread.
  6. Re:mod parent troll by be+new+here · · Score: 5, Funny

    you all must be new here.

    Please stop bringing me into this!

    --
    I got some bad grammar
  7. Re:White hat? by TheoMurpse · · Score: 5, Funny

    Don't forget "green hat." Those are hackers who shut down computers across the globe in order to reduce the world's carbon footprint.

  8. Re:Very unfair image by Frosty+Piss · · Score: 5, Insightful

    Max is/was/will always be a guy who stole identities and money other people, in many cases making their lives living Hell. You can toot all you want about the evil FBI, but fact of the matter is that Max is a thief who took things that didn't belong to him.

    --
    If you want news from today, you have to come back tomorrow.