Slashdot Mirror

← Back to Stories (view on slashdot.org)

'Iceman' Gets 13 Years For 2nd Hacking Offense

Posted by ScuttleMonkey on from the too-ambitious dept.

Hugh Pickens writes "Computerworld reports that Max Ray Butler, who used the hacker pseudonym Iceman, has been sentenced to 13 years in federal prison for hacking into financial institutions and stealing credit card account numbers, the longest known sentence ever handed down for hacking charges. This isn't Butler's first time facing a federal hacking sentence. After a promising start as a security consultant who did volunteer work for the FBI, Butler was arrested for writing malicious software that installed a back-door program on computers — including some on federal government networks — that were susceptible to a security hole. Butler served an 18-month prison term for the crime and fell on hard times after his 2002 release. In desperation, he turned again to cybercrime and by the time of his arrest in September 2007, he had built the largest marketplace for stolen credit and debit card information in the world."

14 of 289 comments (clear)

  1. long term sentence by girlintraining · · Score: 4, Insightful

    And lesson we've all learned today, class? Don't crap in your own backyard.

    --
    #fuckbeta #iamslashdot #dicemustdie
  2. Good. by AnotherUsername · · Score: 4, Insightful

    I hope that he has to serve the full sentence, and doesn't get out on parole. Credit card fraud is not fun. I can only hope that more people convicted of credit card fraud receive sentences like this.

    --
    I don't like Linux. This doesn't make me a troll.
    1. Re:Good. by osu-neko · · Score: 5, Insightful

      Yeah, blame the criminals for exploiting a system...

      Um, yes. That does make sense.

      --
      "Convictions are more dangerous enemies of truth than lies."
    2. Re:Good. by GIL_Dude · · Score: 5, Insightful

      Yes, I absolutely blame the criminal. After all, many of us here on slashdot have the technical ability (or could get it easily: some of these folks are really smart) to do this same type of criminal activity. They don't do it because they aren't criminals. Who the heck else would we blame but the person responsible for committing the crime? Now, if you want to talk about "the system" (justice system, not the banking system) and how unfortunate it is that it is nearly impossible to get a job after being in prison once - yes, that is tough and the summary alludes to the "hard times" iceman fell on probably due to the stigma of his earlier crime and resulting prison sentence. This can, and often is, extremely difficult to overcome and can mean years of living on handouts from relatives, living in campgrounds, etc. (can you tell I have a brother in law who has been through this?). However, the fact remains that the crime is the responsibility of the criminal and not the banking system. If the credit card system was more secure, this criminal would have went after the next most lucrative thing.

    3. Re:Good. by dreamchaser · · Score: 4, Insightful

      I often find myself agreeing with your posts but not this one. While I do agree that the PCI (Payment Card Industry) needs some major overhaul, people are still responsible for their crimes. Yes, I do blame criminals for being criminals.

    4. Re:Good. by Hatta · · Score: 5, Insightful

      If you really want to reduce fraud, make the banks financially responsible for it. As it is, there's little incentive for the industry to increase their security.

      I'm not saying this guy shouldn't be in jail. We should absolutely punish those who take unfair advantage of the system. But if we really want results, we should fix the system.

      --
      Give me Classic Slashdot or give me death!
    5. Re:Good. by shentino · · Score: 4, Insightful

      Or rather, we should nix the fallacy that ONE bad act can earn blame on just ONE person.

      Think about this. If a criminal broke into a storage unit because the guard was asleep, the guard doesn't get off scot-free, right? Even though the criminal gets the blame?

      They both contributed to the theft. The thief by actually doing it, and the guard for letting it happen.

      The crooks actually doing the fraud should get nailed. But I think the banks have plenty of blame themselves for trying to weasel out of security.

    6. Re:Good. by sjames · · Score: 4, Insightful

      In this analogy, Bob (the consumer) is a victim from all sides. He was wearing a vest but it turned out to have tissue paper inside rather than kevlar and had a target painted on it. For some reason, the courts side with the manufacturer of the vest, accepting their claim that it was up to Bob to verify the vest's construction.

      The criminals are naturally at fault, but the banks are also to blame for flimsy security and trying to stick the consumer with the cost of the inevitable fraud. The law is at fault for actually letting the banks stick it to the consumer.

      For some bizarre reason, banks are treated as if they are intrinsically honest, conscientious and correct. Recent events provide ample evidence that the assumption is faulty.

      If they had to actually demonstrate that you made a charge before they could try to collect money from you, you can bet the system would be tightened up overnight.

  3. Interesting..... by LordPhantom · · Score: 5, Insightful

    "It is a shame that someone with so much ability chose to use it in a manner that hurt many people," Dembosky said in an e-mail message."

    That in light of

    "Butler served an 18-month prison term for the crime and fell on hard times after his 2002 release, he said in a sentencing memorandum filed Thursday. "I was homeless, staying on a friends couch. I couldn't get work," he wrote. In desperation, he turned again to cybercrime."

    I'm not saying he's right, but it does highlight something interesting about finding work as an ex-con.

    1. Re:Interesting..... by Attila+Dimedici · · Score: 4, Insightful

      Of course it didn't help that he was convicted of abusing the trust that people gave him when offered his services as a security consultant in the first place (which appears to be his only marketable skills).

      --
      The truth is that all men having power ought to be mistrusted. James Madison
  4. Slashdot misses the point by netik · · Score: 4, Insightful

    This isn't about a 13 year sentence for "Hacking."

    This is a 13 year sentence for credit fraud, credit card theft, and oh yeah, he also stored the credit card numbers on a computer where other people could get to them.

    There's no cleverness here that needs awarding. Back doors are easy to install when the FBI has already allowed you to contract there.

  5. He did it to himself. by Ungrounded+Lightning · · Score: 4, Insightful

    I'm not saying he's right, but it does highlight something interesting about finding work as an ex-con.

    His first conviction was for criminally violating the trust of his employer and working in direct contravention to his employer's interests and mission. His skills are such that to be employed effectively he must be trusted.

    Oops!

    He did it to himself. No employment for him. (He'd have been lucky to find burgers to flip.)

    So then he starts a business. High corporate positions may have been barred to him by his first conviction, but a lot of smaller stuff still was open. Yet what does he chose? Cybercrime.

    Oops!

    When he finally gets out from THIS one he'll be watched so closely that even organized crime is unlikely to work with him.

    --
    Bantam Dominique roosters crow a four-note song. Once you've heard it as "Happy BIRTHday" you can't NOT hear it that way
  6. Not just pin numbers! by Unordained · · Score: 4, Insightful

    In an ideal world, identification (username) and authentication (password) would be separate. But that's not the case in the financial world. Every time you use a credit card or cheque, you're leaving behind a trail that contains either your credit card number and security code (if online), or your bank's routing number and your account number. Your one-time authorization for withdrawal has given away the keys to the kingdom! It's like social security numbers in that respect. Only a few services (Discover bank?) allow you to setup single-use identifiers that work around this problem without rebuilding the whole system from scratch. More should. If you need to setup recurring payments, you should be able to tell your bank who's going to be doing it, how often, for (about) how much, and get a number that a hacker could not reuse for some other purpose. (And while you're at it, you make it transportable, so you can redirect that number to your new bank account when you get tired of your old bank screwing up, without having to remember to notify everyone that your bank account number's changed.)

  7. the security guard put a bag of money at his feet by circletimessquare · · Score: 4, Insightful

    and someone takes it

    fact: the security guard is responsible

    fact: the asshole who took it is responsible

    the security guard is responsible for neglecting his duty, NOT FOR THE MONEY

    the asshole who took it is guilty of taking something that isn't his, they are on the line for the money

    two different responsibilities

    but even beyond that, the fact that we NEED security guards is because so many people, such as yourself, don't understand simple fucking morality in this world

    there are moral people, who would not take something that is not theres. and there are roaming monkeys with no moral compass who take whatever they can get. such people are the problem with this world. there's no defense for such being such an asshole. if it's not yours, don't fucking take it. it's really that fucking simple. learn it

    just because security is lax doesn't entitle you to a damn thing or entitle anyone for any excuse for committing a crime. if you take something that isn't yours, you are guilty, no matter if it is fort knox or a bag of money behind an open door: same level of guilt

    try to understand basic morality at some point in your life

    --
    intellectual property law is philosophically incoherent. it is your moral duty to ignore it or sabotage it