Slashdot Mirror


'Iceman' Gets 13 Years For 2nd Hacking Offense

Hugh Pickens writes "Computerworld reports that Max Ray Butler, who used the hacker pseudonym Iceman, has been sentenced to 13 years in federal prison for hacking into financial institutions and stealing credit card account numbers, the longest known sentence ever handed down for hacking charges. This isn't Butler's first time facing a federal hacking sentence. After a promising start as a security consultant who did volunteer work for the FBI, Butler was arrested for writing malicious software that installed a back-door program on computers — including some on federal government networks — that were susceptible to a security hole. Butler served an 18-month prison term for the crime and fell on hard times after his 2002 release. In desperation, he turned again to cybercrime and by the time of his arrest in September 2007, he had built the largest marketplace for stolen credit and debit card information in the world."

2 of 289 comments (clear)

  1. Warrant for Floyd Landis the cyclist for hacking? by sponga · · Score: 5, Interesting

    That's right the guy who got caught with the performance enhancing drugs during the Tour de France had a warrant issued for him today for hacking. I don't know what it is over but maybe his attempts to tamper with the committee who tested him maybe. I don't know all the info but I just saw it on the news channel.
    Nevermind here it is

    France Issues Arrest Warrant for Cyclist Floyd Landis
    http://www.nytimes.com/2010/02/16/sports/cycling/16landis.html

    PARIS — The United States cyclist Floyd Landis was stripped of his 2006 Tour de France title after testing positive for performance-enhancing drugs, but the fallout from his doping case has lingered.

    Thomas Cassuto, a French judge, issued an arrest warrant for Landis last month, in connection with a computer hacking case, said Astrid Granoux, a spokeswoman for the prosecutor’s office in Nanterre, a suburb of Paris, which is handling the matter.

    “That means he would be arrested if he came to France,” Granoux said Monday, adding that the warrant had not been distributed outside of French territory.

    Landis, who raced for the Ouch Pro Cycling Team last year, parted ways with the team last fall. He could not be reached for comment Monday.

    Cassuto is seeking to question Landis about the data hacking that occurred in the fall of 2006 at the Châtenay-Malabry antidoping lab, which is the facility that conducted the tests on Landis’s urine samples from the 2006 Tour.

    A very public dispute between Landis and the lab’s officials was the crux of Landis’s defense in his doping case, which ended in his being barred from the sport for two years. Landis and his defense team had alleged that the lab’s testing procedures were sloppy, so its test results could not be trusted.

    Pierre Bordry, the lab’s director, said a security breach of the facility’s computers occurred because hackers wanted to obtain data to discredit its scientists. He said that some of the stolen data had been altered to make it seem as if the lab had made errors.

    In November 2006, lab officials filed a formal complaint saying that its computer data had been stolen and used in Landis’s defense. That confidential data was also sent to other labs and news media, officials said. A subsequent search of the lab’s computers turned up a Trojan horse, which is a program that allowed an outsider to remotely download files.

    Investigators concluded that the program could have originated from an e-mail message sent to the lab from a computer using the same Internet protocol address as Arnie Baker, Landis’s coach.

    Landis and Baker, who continue to insist that Landis did not use performance-enhancing drugs to win the Tour, deny being involved in the computer hacking.

  2. Re:Good. by Obfuscant · · Score: 3, Interesting
    If you really want to reduce fraud, make the banks financially responsible for it.

    And make the rape victims responsible. And the carjacking victims. Yeah man!

    We should absolutely punish those who take unfair advantage of the system. But if we really want results, we should fix the system.

    What would be the results of "fixing the system"? If you make the banks eat every penny of fraud, you'll wind up with a system that is much more inconvenient for the honest users. You might as well not have a credit card.

    Here's an example. I was travelling. As in I was not at home. I made a charge in Holland. VISA called me at home, where I wasn't, and left a vague message saying "call us". I went on to England and made some more charges. I got home and "got the message". I called VISA. They asked me if I had made the charge in Holland. I said yes. "No problem". Two days later, another "call us message". I did. "Did you make this charge in Holland?" Yes. "Did you make this charge in England?" Yes. "No problem."

    A few days later, yet another "call us" message. I did. Again, "did you make this charge in Holland?" Yes. Yes. I asked why I was repeatedly being called about this, and finally someone forwarded me to the fraud department. "Those people are morons" (paraphrasing). "Your card was compromised in Holland, we are cancelling it and sending you a new one."

    Well, that's very nice, I said, but I'm leaving on a trip tomorrow at 6AM and I need that card to pay for things. Why didn't you do this the first time I called? "Those people are morons." (paraphrased)

    So I get my new card and realize that my webhosting is paid on the old one. I've cut up the old one and destroyed it, and I'm not near my vast files filled with past statements, but I know I need to get the account data changed. "I need to change the account for my billing," I say. "What's the old account number?" "I dunno, I don't have that card anymore." "We can't change accounts without the old number." Sigh.

    So, no, I don't think the system should be fixed because the system becomes unusable when the security becomes tight. I LIKE being able to order stuff over the phone and have it shipped to my work instead of billing address (because of the security issue of UPS just dropping stuff on my front step with no signature). I sometimes NEED to be able to buy stuff with my personal card and have it delivered to odd places around the world so I can get my work done when I'm there.

    Security and convenience is a trade-off. You want to err on the side of security. Most people want to err on the side of convenience.