Slashdot Mirror
'Iceman' Gets 13 Years For 2nd Hacking Offense
Hugh Pickens writes "Computerworld reports that Max Ray Butler, who used the hacker pseudonym Iceman, has been sentenced to 13 years in federal prison for hacking into financial institutions and stealing credit card account numbers, the longest known sentence ever handed down for hacking charges. This isn't Butler's first time facing a federal hacking sentence. After a promising start as a security consultant who did volunteer work for the FBI, Butler was arrested for writing malicious software that installed a back-door program on computers — including some on federal government networks — that were susceptible to a security hole. Butler served an 18-month prison term for the crime and fell on hard times after his 2002 release. In desperation, he turned again to cybercrime and by the time of his arrest in September 2007, he had built the largest marketplace for stolen credit and debit card information in the world."
And lesson we've all learned today, class? Don't crap in your own backyard.
#fuckbeta #iamslashdot #dicemustdie
Looks like Iceman is being put on ice for 13 years. It's well-deserved, IMO.
12 Years, 11 months of the sentence for using the pseudonym Iceman.
I hope that he has to serve the full sentence, and doesn't get out on parole. Credit card fraud is not fun. I can only hope that more people convicted of credit card fraud receive sentences like this.
I don't like Linux. This doesn't make me a troll.
I am dangerous.
"It is a shame that someone with so much ability chose to use it in a manner that hurt many people," Dembosky said in an e-mail message."
That in light of
"Butler served an 18-month prison term for the crime and fell on hard times after his 2002 release, he said in a sentencing memorandum filed Thursday. "I was homeless, staying on a friends couch. I couldn't get work," he wrote. In desperation, he turned again to cybercrime."
I'm not saying he's right, but it does highlight something interesting about finding work as an ex-con.
"Butler was arrested for writing malicious software that installed a back-door program on computers "
I hope that's for releasing/using the software rather than the simple act of writing it.
I see we're still dressing in the dark, Eugene.
Living With a Nerd
This isn't about a 13 year sentence for "Hacking."
This is a 13 year sentence for credit fraud, credit card theft, and oh yeah, he also stored the credit card numbers on a computer where other people could get to them.
There's no cleverness here that needs awarding. Back doors are easy to install when the FBI has already allowed you to contract there.
Well yeah, that makes sense, seeing as it worked so well the first time. . .
I'm not saying he's right, but it does highlight something interesting about finding work as an ex-con.
His first conviction was for criminally violating the trust of his employer and working in direct contravention to his employer's interests and mission. His skills are such that to be employed effectively he must be trusted.
Oops!
He did it to himself. No employment for him. (He'd have been lucky to find burgers to flip.)
So then he starts a business. High corporate positions may have been barred to him by his first conviction, but a lot of smaller stuff still was open. Yet what does he chose? Cybercrime.
Oops!
When he finally gets out from THIS one he'll be watched so closely that even organized crime is unlikely to work with him.
Bantam Dominique roosters crow a four-note song. Once you've heard it as "Happy BIRTHday" you can't NOT hear it that way
It's right there in the summary "...installed a back-door program on computers — including some on federal government networks...". 'Installed' not 'was capable of installing'. Basic literacy ftw?
Bad analogies are like waxing a monkey with a rainbow.
Some things deserve a permanent stigma: in this case how can you seriously expect he would continue to act in a role that requires significant trust when he's proven he can't be trusted?
Bad analogies are like waxing a monkey with a rainbow.
He's not homeless anymore.
Ok, kidding aside - if you know you're screwed, that means that you have less to risk on a second attempt. He's already an ex-con. When he gets out after this sentence he's going to be...an ex-con. Nothing will have changed, his prospects will be exactly the same. It's a good gamble, if you look at it from a game theory-ish kind of viewpoint.
But that being said I find it unlikely that he couldn't find any work at all. I mean hells bells, he's got the balls to install backdoor programs on an FBI server but he can't lie on a resume?
Weaselmancer
rediculous.
This is the kind of investigation and prosecution they should be doing a lot more of. While we generally refer to it as spam, a good bit of it is attempted robbery. It's pretty brazen behavior; someone trying to rob me every day, every few minutes. As our national criminal investigative body, the FBI is the appropriate department to pursue these crimes. They've been a little slow to adapt, but I'm glad to see the FBI can catch someone at this.
"The ability to delude yourself may be an important survival tool" - Jane Wagner -
No sympathy from me. Why should I feel any more sorry for him than someone that snatches purses, or robs liquor stores?
He won't have to worry about where his next meal will be coming from or whether he can pay the rent....
Knowledge is how to play a game, intelligence is how to win, wisdom is knowing what game to play.
If your penetrating backdoors then dont be surprised when your are sent to pound me in the ass prison to have the same done to you.
He broke the law, got out, and had a chance to redeem himself. The article said he fell on hard times in 2002. He's a talented programmer, which means everything from programming and below he could do. I know plenty of folks who get out of prison, and bust their butts struggling, just to stay out, and they don't have near this guy's marketable skills. He's a felon, you say? As if that means he can't get work programming. Guess what: I'm a programmer. I got out of prison last January after serving a 6 year sentence. (10+ year Slashdotter, just posting AC for obvious reasons.) I do consulting. 2009: about $65,000, and that's because I'm just getting my feet on the ground. His eighteen months was supposed to make him harder. Obviously it didn't; he punked out and took the easy way. Since it's obvious he didn't learn the lesson he was supposed to have, he deserves having to go back to try to learn it again.
Lots of IT people have fallen on hard times since the dotcom bust, but we didn't turn to crime.
However, I wouldn't make any blanket statements about always blaming the criminal. What about people who live in countries with inadequate social services who steal bread to feed their kids? There are always circumstances in which it makes sense to blame the system rather than the criminal, but this is not one of them.
That's right the guy who got caught with the performance enhancing drugs during the Tour de France had a warrant issued for him today for hacking. I don't know what it is over but maybe his attempts to tamper with the committee who tested him maybe. I don't know all the info but I just saw it on the news channel.
Nevermind here it is
France Issues Arrest Warrant for Cyclist Floyd Landis
http://www.nytimes.com/2010/02/16/sports/cycling/16landis.html
PARIS — The United States cyclist Floyd Landis was stripped of his 2006 Tour de France title after testing positive for performance-enhancing drugs, but the fallout from his doping case has lingered.
Thomas Cassuto, a French judge, issued an arrest warrant for Landis last month, in connection with a computer hacking case, said Astrid Granoux, a spokeswoman for the prosecutor’s office in Nanterre, a suburb of Paris, which is handling the matter.
“That means he would be arrested if he came to France,” Granoux said Monday, adding that the warrant had not been distributed outside of French territory.
Landis, who raced for the Ouch Pro Cycling Team last year, parted ways with the team last fall. He could not be reached for comment Monday.
Cassuto is seeking to question Landis about the data hacking that occurred in the fall of 2006 at the Châtenay-Malabry antidoping lab, which is the facility that conducted the tests on Landis’s urine samples from the 2006 Tour.
A very public dispute between Landis and the lab’s officials was the crux of Landis’s defense in his doping case, which ended in his being barred from the sport for two years. Landis and his defense team had alleged that the lab’s testing procedures were sloppy, so its test results could not be trusted.
Pierre Bordry, the lab’s director, said a security breach of the facility’s computers occurred because hackers wanted to obtain data to discredit its scientists. He said that some of the stolen data had been altered to make it seem as if the lab had made errors.
In November 2006, lab officials filed a formal complaint saying that its computer data had been stolen and used in Landis’s defense. That confidential data was also sent to other labs and news media, officials said. A subsequent search of the lab’s computers turned up a Trojan horse, which is a program that allowed an outsider to remotely download files.
Investigators concluded that the program could have originated from an e-mail message sent to the lab from a computer using the same Internet protocol address as Arnie Baker, Landis’s coach.
Landis and Baker, who continue to insist that Landis did not use performance-enhancing drugs to win the Tour, deny being involved in the computer hacking.
Disregarding the many other ways in which this is impractical, draconian, etc...
Since those most skilled in the areas necessary to test our security infrastructure are liable to be executed in this manner for simply working to *acquire* said skills, let's just leave it up to some hostile foreign entity to find the security holes. We'll clearly be much better off in the long run.
by jumping into a Chinese or Russian embassy.
New Economic Perspectives
Too bad he used his superpowers for evil instead of good.
Sorry, but gray text on gray background is making my eyes bleed.
In an ideal world, identification (username) and authentication (password) would be separate. But that's not the case in the financial world. Every time you use a credit card or cheque, you're leaving behind a trail that contains either your credit card number and security code (if online), or your bank's routing number and your account number. Your one-time authorization for withdrawal has given away the keys to the kingdom! It's like social security numbers in that respect. Only a few services (Discover bank?) allow you to setup single-use identifiers that work around this problem without rebuilding the whole system from scratch. More should. If you need to setup recurring payments, you should be able to tell your bank who's going to be doing it, how often, for (about) how much, and get a number that a hacker could not reuse for some other purpose. (And while you're at it, you make it transportable, so you can redirect that number to your new bank account when you get tired of your old bank screwing up, without having to remember to notify everyone that your bank account number's changed.)
and someone takes it
fact: the security guard is responsible
fact: the asshole who took it is responsible
the security guard is responsible for neglecting his duty, NOT FOR THE MONEY
the asshole who took it is guilty of taking something that isn't his, they are on the line for the money
two different responsibilities
but even beyond that, the fact that we NEED security guards is because so many people, such as yourself, don't understand simple fucking morality in this world
there are moral people, who would not take something that is not theres. and there are roaming monkeys with no moral compass who take whatever they can get. such people are the problem with this world. there's no defense for such being such an asshole. if it's not yours, don't fucking take it. it's really that fucking simple. learn it
just because security is lax doesn't entitle you to a damn thing or entitle anyone for any excuse for committing a crime. if you take something that isn't yours, you are guilty, no matter if it is fort knox or a bag of money behind an open door: same level of guilt
try to understand basic morality at some point in your life
intellectual property law is philosophically incoherent. it is your moral duty to ignore it or sabotage it
13 Years for stealing? Hmm... whats the point of our penal system again?
He starts by doing legitimate penetration testing; he leaves backdoors for himself, but doesn't do anything nasty with them. Then he starts hacking into government computers, and does the same thing; leaves a door open but doesn't do anything else nasty. The FBI catches him for it... but rather than bust him, they attempt to enslave him. He helps them bust another computer criminal ring. But after a while he refuses to serve them and they do bust him. They lie and claim he was of no help, and throw him in jail for a year and a half. When he gets out, his skills are now useful for nothing but crime; no legitimate company will touch him. So, naturally, he does turn to crime. This time actually doing some damage. Well, what did you expect?
I never said the criminal was innocent, btw.
because that would seem to be the most important fucking point, no?
intellectual property law is philosophically incoherent. it is your moral duty to ignore it or sabotage it
You were doing so good......then you wrote that second paragraph.
I'm guessing you went with death penalty because you also could not come up with a better system of punishment for law offenders.
Extending probation to more crimes would probably be a good start, along with lots and lots of mandatory life skill classes.
Prison does nobody any good. If someone positively has to be removed from society then we should not be locking them up with others just like them and hoping that they will be better when they get out. If someone is so fucked up that they have to be removed from society we should try to help them be better people, and if we fail at that THEN we kill them.
You needed to add a few steps.
Don't know something? Look it up. Still don't know? Then ask.
I think this one failed the Turing test.
Try not to take me more seriously than I take myself.
Wired ran a long article about Max Butler last year.
Honestly you have to outright lie to employers today. Hide your experience and education if you might be overqualified.
Exactly. Go ahead and lie on your resume. It's not illegal. The only thing bad that can happen is they find out, and you don't get the job. You wouldn't have gotten the job anyways so it's zero risk. I think a lie is fine if you're hungry. Maslow has it right - worry about your soul after you've had dinner.
Some jobs require lying as a prerequisite.
For instance, every manager you've ever met is a liar. Read the want ads/careerbuilder/whatever. Every single managerial position says the same thing: "Previous management experience a must." There are no zero experience jobs to start off with. Therefore the only way to break into the field is with an initial lie. QED.
Weaselmancer
rediculous.
Actually, 3-year recidivism is something like 50% in the UK and US.
And the prison system is not a failure. It has been a wild success. At least 1% of our population is in prison, many for non-violent and victimless crimes. The prison lobby has been so successful that you never hear anyone talk about Big Prison the way you hear Big Oil or Big Pharma or Big Farma.
The reason you think the prison system is a failure is because you are under the mistaken impression that it's primary purpose is to rehabilitate criminals. The system is designed to generate a profit; imprisoning and/or rehabilitating criminals is an accidental side effect.
If you don't believe me, then imagine if we had under-used prisons. In order to protect their business model, the prison lobby would pay for a whole new set of laws, preferably ones that many people already violate, so we can keep imprisoning Americans...much like the War on Drugs has made sure to keep prisons in business despite the continuous drop in violent crime over the past two decades.
:(){
Damn financial institutions and their DRM, don't they know information wants to be free. Nice of the government to prop up big business and trample all of our rights to access any information we want!
Absolutely, dood, only Goldman Sachs, JP Morgan Chase and Morgan Stanley, together with Hank Paulson, Larry Summers, Robert Rubin, Timothy Geithner, and Alan Greenspan are guiltless. You've really got everything figured out, dood! (Damn guards, the cause of ALL problems.)
I predict this guy will vote for the Pallin/Boehner ticket in 2012.
the Federal reserve prints-up trillions and trillions of US dollars wildly inflating the money supply
Though the Fed doesn't publish it anymore, there's a group who tracks M3, one of the measures of the money supply. While M0, M1, and M2 all dropped precipitously, M3 held steady.
The money supply is not being wildly inflated. To the contrary, their "printing" has kept the money supply from deflating. As dollars are destroyed by the financial crisis, the Fed's printed dollars replace them, and the system on-the-whole stays roughly the same.
The cause for concern is that when the banks start lending again, the fractional-reserve-lending-multiplier thing will mean that the banks can inflate the money supply by using too much of their reserves for loans. That's why the Fed is paying the banks interest on their reserves - the interest means the banks are less interested in loaning their reserves out.
:(){
for him that www.freebutler.com was taken ;)
For some reason, everyone loves to ignore the reputation factor when talking about economics and capitalism. Most screwups in business are far more expensive due to reputation damage than they are in direct costs. If a bank has a major incident in which they lose the credit card numbers of thousands of consumers, that can really hurt their reputation, and people are less likely to sign with that bank. That's where banks really feel the pain, and why they do have an incentive to keep security strong.
Beware of bugs in the above code; I have only proved it correct, not tried it.
The authorities should embed this dodo in lucite and give him to the Museum of Those With No Lives. Exhibit him in the sociopath section. His sense of entitlement is wretched.
The vendors/merchants will always lose their payment due to chargeback, and the bank get an addditional $25-35 penalty per chargeback from the merchant. Therefore it is the advantage of the bank when more fraud occurs.
New Economic Perspectives
That is a bad idea. If the penalty for murder was the same as for mugging, then muggers would be much more likely to kill their victims because that way tehy can't be so easily identified. the same applies to everything else.
Aww, what's the matter, AC? Are you too afraid to flame someone with your name attached? Don't want to get modded down and lose your precious karma?
It's "Big Pharma ".
Hm...yes, I do remember saying Big Pharma right before I said Big Farma. I would imagine someone with a command of the English language such as yourself would be able to infer that I was discussing three separate lobbies - oil, pharmaceuticals, and agriculture - instead of repeating one twice.
I considered "Big Agriculture" but it had too many syllables and ruined the flow (much as we shorten Pharmaceuticals/Pharmacy to Pharma). Certainly, though, there is an agriculture lobby, and they are there to push for their own profits even at the public's expense. There are a lot of folks who consider High Fructose Corn Syrup a terrible thing made possible only by the agricultural lobbies' push for insane corn subsidies and tariffs on sugar from abroad.
I'll admit that the bit at the end, about the War on Drugs, veers a bit towards hyperbole. There are many reasons for that war, and maintaining the prison business is just one. I'm sure police like having jobs, too. Judges certainly like to collect fines. Politicians like to be elected. Lots of various little selfish reasons.
If you think this is a half-ass conspiracy theory, then there's a story in the NYT I'd like you to read, about a judge who was being paid by a juvenile detention facility to trump up charges and increase the number of kids being sent to the facility because the state paid the facility per head.
http://www.nytimes.com/2009/02/13/us/13judge.html
If some people don't mind unnecessarily imprisoning teenagers for cash, certainly there are many, many more people who wouldn't mind imprisoning adults.
:(){
You could argue with that statement that people who smoke pot have turned to crime.
I think the key determination in saying one has turned to crime is that crime is at least intended to be a source of income. He had broken the law before, yes. This phrase about turning to crime means something else specific in my mind... like his credit card ring in the second instance.
SIG: HUP
That's right the guy who got caught with the performance enhancing drugs during the Tour de France had a warrant issued for him today for hacking. I don't know what it is over but maybe his attempts to tamper with the committee who tested him maybe. I don't know all the info but I just saw it on the news channel.
He wasn't caught with performance enhancing drugs. A few of the many samples he sent to a corrupt French lab were reported as positive, while the same samples sent to other labs came back negative.