Slashdot Mirror
'Iceman' Gets 13 Years For 2nd Hacking Offense
Hugh Pickens writes "Computerworld reports that Max Ray Butler, who used the hacker pseudonym Iceman, has been sentenced to 13 years in federal prison for hacking into financial institutions and stealing credit card account numbers, the longest known sentence ever handed down for hacking charges. This isn't Butler's first time facing a federal hacking sentence. After a promising start as a security consultant who did volunteer work for the FBI, Butler was arrested for writing malicious software that installed a back-door program on computers — including some on federal government networks — that were susceptible to a security hole. Butler served an 18-month prison term for the crime and fell on hard times after his 2002 release. In desperation, he turned again to cybercrime and by the time of his arrest in September 2007, he had built the largest marketplace for stolen credit and debit card information in the world."
And lesson we've all learned today, class? Don't crap in your own backyard.
#fuckbeta #iamslashdot #dicemustdie
Looks like Iceman is being put on ice for 13 years. It's well-deserved, IMO.
12 Years, 11 months of the sentence for using the pseudonym Iceman.
I hope that he has to serve the full sentence, and doesn't get out on parole. Credit card fraud is not fun. I can only hope that more people convicted of credit card fraud receive sentences like this.
I don't like Linux. This doesn't make me a troll.
Information wants to be free. They are trashing our rights! Trashing!!
I am dangerous.
"It is a shame that someone with so much ability chose to use it in a manner that hurt many people," Dembosky said in an e-mail message."
That in light of
"Butler served an 18-month prison term for the crime and fell on hard times after his 2002 release, he said in a sentencing memorandum filed Thursday. "I was homeless, staying on a friends couch. I couldn't get work," he wrote. In desperation, he turned again to cybercrime."
I'm not saying he's right, but it does highlight something interesting about finding work as an ex-con.
"Butler was arrested for writing malicious software that installed a back-door program on computers "
I hope that's for releasing/using the software rather than the simple act of writing it.
This isn't about a 13 year sentence for "Hacking."
This is a 13 year sentence for credit fraud, credit card theft, and oh yeah, he also stored the credit card numbers on a computer where other people could get to them.
There's no cleverness here that needs awarding. Back doors are easy to install when the FBI has already allowed you to contract there.
Well yeah, that makes sense, seeing as it worked so well the first time. . .
I'm not saying he's right, but it does highlight something interesting about finding work as an ex-con.
His first conviction was for criminally violating the trust of his employer and working in direct contravention to his employer's interests and mission. His skills are such that to be employed effectively he must be trusted.
Oops!
He did it to himself. No employment for him. (He'd have been lucky to find burgers to flip.)
So then he starts a business. High corporate positions may have been barred to him by his first conviction, but a lot of smaller stuff still was open. Yet what does he chose? Cybercrime.
Oops!
When he finally gets out from THIS one he'll be watched so closely that even organized crime is unlikely to work with him.
Bantam Dominique roosters crow a four-note song. Once you've heard it as "Happy BIRTHday" you can't NOT hear it that way
It's right there in the summary "...installed a back-door program on computers — including some on federal government networks...". 'Installed' not 'was capable of installing'. Basic literacy ftw?
Bad analogies are like waxing a monkey with a rainbow.
Some things deserve a permanent stigma: in this case how can you seriously expect he would continue to act in a role that requires significant trust when he's proven he can't be trusted?
Bad analogies are like waxing a monkey with a rainbow.
He's not homeless anymore.
Ok, kidding aside - if you know you're screwed, that means that you have less to risk on a second attempt. He's already an ex-con. When he gets out after this sentence he's going to be...an ex-con. Nothing will have changed, his prospects will be exactly the same. It's a good gamble, if you look at it from a game theory-ish kind of viewpoint.
But that being said I find it unlikely that he couldn't find any work at all. I mean hells bells, he's got the balls to install backdoor programs on an FBI server but he can't lie on a resume?
Weaselmancer
rediculous.
This is the kind of investigation and prosecution they should be doing a lot more of. While we generally refer to it as spam, a good bit of it is attempted robbery. It's pretty brazen behavior; someone trying to rob me every day, every few minutes. As our national criminal investigative body, the FBI is the appropriate department to pursue these crimes. They've been a little slow to adapt, but I'm glad to see the FBI can catch someone at this.
"The ability to delude yourself may be an important survival tool" - Jane Wagner -
what you sympathize with this turd? so i suppose you luv all the pharmaceutical and phallus expansion spam you get in your mailbox every day too? I have had some hard times but, have never gotten so desperate that I thought that I was entitled to do whatever I felt was the easiest way to steal money from someone else. if i had resorted to such action i sure wouldn't want anyone's sympathy and my view of anyone that did sympathize wouldn't be that they were compassionate, it would be what a sucker and it is too bad i didn't steal from that chump. pathetic!
No sympathy from me. Why should I feel any more sorry for him than someone that snatches purses, or robs liquor stores?
The current so-called "justice" system is so pro-criminal it's sickening. About 70% of criminals released from prison end up going back to crime within 3 years (and that's only including the ones that get caught, of course). The prison system is a failure; its goal (curing psychopathy) is impossible.
All crimes which currently earn a prison sentence should earn the death penalty. And I don't mean the moronic way the death penalty is currently done, where there's so much red tape and bullshit appeals that most of them die of natural causes first. There should be a guillotine right there in the courtroom. A piece of scum like this guy shouldn't be costing society any more than he already has...
He won't have to worry about where his next meal will be coming from or whether he can pay the rent....
Knowledge is how to play a game, intelligence is how to win, wisdom is knowing what game to play.
If your penetrating backdoors then dont be surprised when your are sent to pound me in the ass prison to have the same done to you.
He broke the law, got out, and had a chance to redeem himself. The article said he fell on hard times in 2002. He's a talented programmer, which means everything from programming and below he could do. I know plenty of folks who get out of prison, and bust their butts struggling, just to stay out, and they don't have near this guy's marketable skills. He's a felon, you say? As if that means he can't get work programming. Guess what: I'm a programmer. I got out of prison last January after serving a 6 year sentence. (10+ year Slashdotter, just posting AC for obvious reasons.) I do consulting. 2009: about $65,000, and that's because I'm just getting my feet on the ground. His eighteen months was supposed to make him harder. Obviously it didn't; he punked out and took the easy way. Since it's obvious he didn't learn the lesson he was supposed to have, he deserves having to go back to try to learn it again.
Yeah, blame the criminals for exploiting a system designed to dispense cash based solely on a 4 digit number
It is easy to run down granny as she crosses the street too. Just because it is easy does not mean it is right to do or that we should forgive people just because it is easy.
The proper response to a banking industry that refuses to use a more robust security regimen is to take your money out of the bank, then start getting others to do so as well, Not rob the bank.
I am not sure I would want to bank at a bank that requires an RFID chip in my hand, a 30 letter password, Iris biometrics and a blood sample just to get $20 from the bank. Security and Usability lie on the same axis at opposite ends.
Lots of IT people have fallen on hard times since the dotcom bust, but we didn't turn to crime.
However, I wouldn't make any blanket statements about always blaming the criminal. What about people who live in countries with inadequate social services who steal bread to feed their kids? There are always circumstances in which it makes sense to blame the system rather than the criminal, but this is not one of them.
That's right the guy who got caught with the performance enhancing drugs during the Tour de France had a warrant issued for him today for hacking. I don't know what it is over but maybe his attempts to tamper with the committee who tested him maybe. I don't know all the info but I just saw it on the news channel.
Nevermind here it is
France Issues Arrest Warrant for Cyclist Floyd Landis
http://www.nytimes.com/2010/02/16/sports/cycling/16landis.html
PARIS — The United States cyclist Floyd Landis was stripped of his 2006 Tour de France title after testing positive for performance-enhancing drugs, but the fallout from his doping case has lingered.
Thomas Cassuto, a French judge, issued an arrest warrant for Landis last month, in connection with a computer hacking case, said Astrid Granoux, a spokeswoman for the prosecutor’s office in Nanterre, a suburb of Paris, which is handling the matter.
“That means he would be arrested if he came to France,” Granoux said Monday, adding that the warrant had not been distributed outside of French territory.
Landis, who raced for the Ouch Pro Cycling Team last year, parted ways with the team last fall. He could not be reached for comment Monday.
Cassuto is seeking to question Landis about the data hacking that occurred in the fall of 2006 at the Châtenay-Malabry antidoping lab, which is the facility that conducted the tests on Landis’s urine samples from the 2006 Tour.
A very public dispute between Landis and the lab’s officials was the crux of Landis’s defense in his doping case, which ended in his being barred from the sport for two years. Landis and his defense team had alleged that the lab’s testing procedures were sloppy, so its test results could not be trusted.
Pierre Bordry, the lab’s director, said a security breach of the facility’s computers occurred because hackers wanted to obtain data to discredit its scientists. He said that some of the stolen data had been altered to make it seem as if the lab had made errors.
In November 2006, lab officials filed a formal complaint saying that its computer data had been stolen and used in Landis’s defense. That confidential data was also sent to other labs and news media, officials said. A subsequent search of the lab’s computers turned up a Trojan horse, which is a program that allowed an outsider to remotely download files.
Investigators concluded that the program could have originated from an e-mail message sent to the lab from a computer using the same Internet protocol address as Arnie Baker, Landis’s coach.
Landis and Baker, who continue to insist that Landis did not use performance-enhancing drugs to win the Tour, deny being involved in the computer hacking.
by jumping into a Chinese or Russian embassy.
New Economic Perspectives
Too bad he used his superpowers for evil instead of good.
Sorry, but gray text on gray background is making my eyes bleed.
In an ideal world, identification (username) and authentication (password) would be separate. But that's not the case in the financial world. Every time you use a credit card or cheque, you're leaving behind a trail that contains either your credit card number and security code (if online), or your bank's routing number and your account number. Your one-time authorization for withdrawal has given away the keys to the kingdom! It's like social security numbers in that respect. Only a few services (Discover bank?) allow you to setup single-use identifiers that work around this problem without rebuilding the whole system from scratch. More should. If you need to setup recurring payments, you should be able to tell your bank who's going to be doing it, how often, for (about) how much, and get a number that a hacker could not reuse for some other purpose. (And while you're at it, you make it transportable, so you can redirect that number to your new bank account when you get tired of your old bank screwing up, without having to remember to notify everyone that your bank account number's changed.)
and someone takes it
fact: the security guard is responsible
fact: the asshole who took it is responsible
the security guard is responsible for neglecting his duty, NOT FOR THE MONEY
the asshole who took it is guilty of taking something that isn't his, they are on the line for the money
two different responsibilities
but even beyond that, the fact that we NEED security guards is because so many people, such as yourself, don't understand simple fucking morality in this world
there are moral people, who would not take something that is not theres. and there are roaming monkeys with no moral compass who take whatever they can get. such people are the problem with this world. there's no defense for such being such an asshole. if it's not yours, don't fucking take it. it's really that fucking simple. learn it
just because security is lax doesn't entitle you to a damn thing or entitle anyone for any excuse for committing a crime. if you take something that isn't yours, you are guilty, no matter if it is fort knox or a bag of money behind an open door: same level of guilt
try to understand basic morality at some point in your life
intellectual property law is philosophically incoherent. it is your moral duty to ignore it or sabotage it
13 Years for stealing? Hmm... whats the point of our penal system again?
He starts by doing legitimate penetration testing; he leaves backdoors for himself, but doesn't do anything nasty with them. Then he starts hacking into government computers, and does the same thing; leaves a door open but doesn't do anything else nasty. The FBI catches him for it... but rather than bust him, they attempt to enslave him. He helps them bust another computer criminal ring. But after a while he refuses to serve them and they do bust him. They lie and claim he was of no help, and throw him in jail for a year and a half. When he gets out, his skills are now useful for nothing but crime; no legitimate company will touch him. So, naturally, he does turn to crime. This time actually doing some damage. Well, what did you expect?
I never said the criminal was innocent, btw.
because that would seem to be the most important fucking point, no?
intellectual property law is philosophically incoherent. it is your moral duty to ignore it or sabotage it
that this headline made me think that anthropologists had found that Ötzi http://en.wikipedia.org/wiki/%C3%96tzi_the_Iceman had axed someone?
I think this one failed the Turing test.
Try not to take me more seriously than I take myself.
Wired ran a long article about Max Butler last year.
Honestly you have to outright lie to employers today. Hide your experience and education if you might be overqualified.
Exactly. Go ahead and lie on your resume. It's not illegal. The only thing bad that can happen is they find out, and you don't get the job. You wouldn't have gotten the job anyways so it's zero risk. I think a lie is fine if you're hungry. Maslow has it right - worry about your soul after you've had dinner.
Some jobs require lying as a prerequisite.
For instance, every manager you've ever met is a liar. Read the want ads/careerbuilder/whatever. Every single managerial position says the same thing: "Previous management experience a must." There are no zero experience jobs to start off with. Therefore the only way to break into the field is with an initial lie. QED.
Weaselmancer
rediculous.
Where I grew-up, the difference between a U.S. Soldier and a murderer is how much you are payed by who hired you.
It's the same with computer service use; governments make artificial excuses to leave the illusion of security in the progress of technology as it lay so it can spread jurisdiction to the populous when a disputed usage angers an owner; governments get free labor out of whomever is punnished at the opinion of the majority. It's a hidden fascism in that regard.
Same applies to how Japan captures fish and whales all around the ocean disproportionate with neighboring countries, because Japan was unwilling to "patch-up" it's failures in agriculture because it would rather pursue other technologies to outcompete it's neighbors.
Then you have the reason why there are toxic levels of mercury in fish: some west-Africkan countries are smelting gold from metals, and dumping the resulting mercury-encrusted arsenic discharges into the ocean to rid their companies of the technical liability to properly render it useful and safely store their problems for the heirs to resolve in a better day later.
And there you have it. Folie a'deux Syndrome is at large, pretending it's your fault, and punishing you for lack of action to determine the remedy just because those causing it are exausting your senses and diminish your lifestyle while they live a little cleaner upstream where they dispose of their problems from.
Damn financial institutions and their DRM, don't they know information wants to be free. Nice of the government to prop up big business and trample all of our rights to access any information we want!
Absolutely, dood, only Goldman Sachs, JP Morgan Chase and Morgan Stanley, together with Hank Paulson, Larry Summers, Robert Rubin, Timothy Geithner, and Alan Greenspan are guiltless. You've really got everything figured out, dood! (Damn guards, the cause of ALL problems.)
I predict this guy will vote for the Pallin/Boehner ticket in 2012.
the Federal reserve prints-up trillions and trillions of US dollars wildly inflating the money supply
Though the Fed doesn't publish it anymore, there's a group who tracks M3, one of the measures of the money supply. While M0, M1, and M2 all dropped precipitously, M3 held steady.
The money supply is not being wildly inflated. To the contrary, their "printing" has kept the money supply from deflating. As dollars are destroyed by the financial crisis, the Fed's printed dollars replace them, and the system on-the-whole stays roughly the same.
The cause for concern is that when the banks start lending again, the fractional-reserve-lending-multiplier thing will mean that the banks can inflate the money supply by using too much of their reserves for loans. That's why the Fed is paying the banks interest on their reserves - the interest means the banks are less interested in loaning their reserves out.
:(){
he got off easy , computer banking is the heart of the economy, I would have liked to see a hard longer term to send a message to others, (same for those that create computer viruses
for him that www.freebutler.com was taken ;)
Your cell mate might be a linux user.
For some reason, everyone loves to ignore the reputation factor when talking about economics and capitalism. Most screwups in business are far more expensive due to reputation damage than they are in direct costs. If a bank has a major incident in which they lose the credit card numbers of thousands of consumers, that can really hurt their reputation, and people are less likely to sign with that bank. That's where banks really feel the pain, and why they do have an incentive to keep security strong.
Beware of bugs in the above code; I have only proved it correct, not tried it.
I hope that he has to serve the full sentence, and doesn't get out on parole. Credit card fraud is not fun. I can only hope that more people convicted of credit card fraud receive sentences like this.
Of course, let's also not look beyond root cause of this type of crime in the first place, and that's the fact that my dog can get a credit card these days.
Point here is if we didn't have such an addiction in this country to have credit cards resulting in mountains of debt, or insane amounts of questionable predatory practices by lenders, perhaps this wouldn't be such a lucrative nut to "crack".
The authorities should embed this dodo in lucite and give him to the Museum of Those With No Lives. Exhibit him in the sociopath section. His sense of entitlement is wretched.
The vendors/merchants will always lose their payment due to chargeback, and the bank get an addditional $25-35 penalty per chargeback from the merchant. Therefore it is the advantage of the bank when more fraud occurs.
New Economic Perspectives
Highest ?? Reiser got life for his first hacking! Oh wait...
You could argue with that statement that people who smoke pot have turned to crime.
I think the key determination in saying one has turned to crime is that crime is at least intended to be a source of income. He had broken the law before, yes. This phrase about turning to crime means something else specific in my mind... like his credit card ring in the second instance.
SIG: HUP
That's right the guy who got caught with the performance enhancing drugs during the Tour de France had a warrant issued for him today for hacking. I don't know what it is over but maybe his attempts to tamper with the committee who tested him maybe. I don't know all the info but I just saw it on the news channel.
He wasn't caught with performance enhancing drugs. A few of the many samples he sent to a corrupt French lab were reported as positive, while the same samples sent to other labs came back negative.