Slashdot Mirror
'Iceman' Gets 13 Years For 2nd Hacking Offense
Hugh Pickens writes "Computerworld reports that Max Ray Butler, who used the hacker pseudonym Iceman, has been sentenced to 13 years in federal prison for hacking into financial institutions and stealing credit card account numbers, the longest known sentence ever handed down for hacking charges. This isn't Butler's first time facing a federal hacking sentence. After a promising start as a security consultant who did volunteer work for the FBI, Butler was arrested for writing malicious software that installed a back-door program on computers — including some on federal government networks — that were susceptible to a security hole. Butler served an 18-month prison term for the crime and fell on hard times after his 2002 release. In desperation, he turned again to cybercrime and by the time of his arrest in September 2007, he had built the largest marketplace for stolen credit and debit card information in the world."
And lesson we've all learned today, class? Don't crap in your own backyard.
#fuckbeta #iamslashdot #dicemustdie
Looks like Iceman is being put on ice for 13 years. It's well-deserved, IMO.
12 Years, 11 months of the sentence for using the pseudonym Iceman.
I hope that he has to serve the full sentence, and doesn't get out on parole. Credit card fraud is not fun. I can only hope that more people convicted of credit card fraud receive sentences like this.
I don't like Linux. This doesn't make me a troll.
"It is a shame that someone with so much ability chose to use it in a manner that hurt many people," Dembosky said in an e-mail message."
That in light of
"Butler served an 18-month prison term for the crime and fell on hard times after his 2002 release, he said in a sentencing memorandum filed Thursday. "I was homeless, staying on a friends couch. I couldn't get work," he wrote. In desperation, he turned again to cybercrime."
I'm not saying he's right, but it does highlight something interesting about finding work as an ex-con.
I see we're still dressing in the dark, Eugene.
Living With a Nerd
This isn't about a 13 year sentence for "Hacking."
This is a 13 year sentence for credit fraud, credit card theft, and oh yeah, he also stored the credit card numbers on a computer where other people could get to them.
There's no cleverness here that needs awarding. Back doors are easy to install when the FBI has already allowed you to contract there.
I'm not saying he's right, but it does highlight something interesting about finding work as an ex-con.
His first conviction was for criminally violating the trust of his employer and working in direct contravention to his employer's interests and mission. His skills are such that to be employed effectively he must be trusted.
Oops!
He did it to himself. No employment for him. (He'd have been lucky to find burgers to flip.)
So then he starts a business. High corporate positions may have been barred to him by his first conviction, but a lot of smaller stuff still was open. Yet what does he chose? Cybercrime.
Oops!
When he finally gets out from THIS one he'll be watched so closely that even organized crime is unlikely to work with him.
Bantam Dominique roosters crow a four-note song. Once you've heard it as "Happy BIRTHday" you can't NOT hear it that way
Some things deserve a permanent stigma: in this case how can you seriously expect he would continue to act in a role that requires significant trust when he's proven he can't be trusted?
Bad analogies are like waxing a monkey with a rainbow.
This is the kind of investigation and prosecution they should be doing a lot more of. While we generally refer to it as spam, a good bit of it is attempted robbery. It's pretty brazen behavior; someone trying to rob me every day, every few minutes. As our national criminal investigative body, the FBI is the appropriate department to pursue these crimes. They've been a little slow to adapt, but I'm glad to see the FBI can catch someone at this.
"The ability to delude yourself may be an important survival tool" - Jane Wagner -
Usually when people say they can't find work, they mean work they are willing to do. He might be able to get a job at McDonalds or 7-eleven, but they probably weren't up to his standards.
I have a lot of friends who say they can't find a job because of the job market. When I ask them if they've tried at applying for a job at a fast food place with a help-wanted sign on the door they universally respond with something like "I won't work fast food" or "I'm looking for more money than that". It's hard to earn my sympathy, if that's all the harder you'll try. I've worked fast-food, I've been a janitor, I've worked a cash register. If I were to lose my job today, I wouldn't consider myself above such things. It's all work that needs to get done.
No sympathy from me. Why should I feel any more sorry for him than someone that snatches purses, or robs liquor stores?
He won't have to worry about where his next meal will be coming from or whether he can pay the rent....
Knowledge is how to play a game, intelligence is how to win, wisdom is knowing what game to play.
If your penetrating backdoors then dont be surprised when your are sent to pound me in the ass prison to have the same done to you.
He broke the law, got out, and had a chance to redeem himself. The article said he fell on hard times in 2002. He's a talented programmer, which means everything from programming and below he could do. I know plenty of folks who get out of prison, and bust their butts struggling, just to stay out, and they don't have near this guy's marketable skills. He's a felon, you say? As if that means he can't get work programming. Guess what: I'm a programmer. I got out of prison last January after serving a 6 year sentence. (10+ year Slashdotter, just posting AC for obvious reasons.) I do consulting. 2009: about $65,000, and that's because I'm just getting my feet on the ground. His eighteen months was supposed to make him harder. Obviously it didn't; he punked out and took the easy way. Since it's obvious he didn't learn the lesson he was supposed to have, he deserves having to go back to try to learn it again.
My wife has tried that. She holds a CPA and cant get a job flipping burgers. Why? the "overqualified" bullshit response. They know that the second a real job comes along she will bolt and run. Honestly you have to outright lie to employers today. Hide your experience and education if you might be overqualified.
Do not look at laser with remaining good eye.
That's right the guy who got caught with the performance enhancing drugs during the Tour de France had a warrant issued for him today for hacking. I don't know what it is over but maybe his attempts to tamper with the committee who tested him maybe. I don't know all the info but I just saw it on the news channel.
Nevermind here it is
France Issues Arrest Warrant for Cyclist Floyd Landis
http://www.nytimes.com/2010/02/16/sports/cycling/16landis.html
PARIS — The United States cyclist Floyd Landis was stripped of his 2006 Tour de France title after testing positive for performance-enhancing drugs, but the fallout from his doping case has lingered.
Thomas Cassuto, a French judge, issued an arrest warrant for Landis last month, in connection with a computer hacking case, said Astrid Granoux, a spokeswoman for the prosecutor’s office in Nanterre, a suburb of Paris, which is handling the matter.
“That means he would be arrested if he came to France,” Granoux said Monday, adding that the warrant had not been distributed outside of French territory.
Landis, who raced for the Ouch Pro Cycling Team last year, parted ways with the team last fall. He could not be reached for comment Monday.
Cassuto is seeking to question Landis about the data hacking that occurred in the fall of 2006 at the Châtenay-Malabry antidoping lab, which is the facility that conducted the tests on Landis’s urine samples from the 2006 Tour.
A very public dispute between Landis and the lab’s officials was the crux of Landis’s defense in his doping case, which ended in his being barred from the sport for two years. Landis and his defense team had alleged that the lab’s testing procedures were sloppy, so its test results could not be trusted.
Pierre Bordry, the lab’s director, said a security breach of the facility’s computers occurred because hackers wanted to obtain data to discredit its scientists. He said that some of the stolen data had been altered to make it seem as if the lab had made errors.
In November 2006, lab officials filed a formal complaint saying that its computer data had been stolen and used in Landis’s defense. That confidential data was also sent to other labs and news media, officials said. A subsequent search of the lab’s computers turned up a Trojan horse, which is a program that allowed an outsider to remotely download files.
Investigators concluded that the program could have originated from an e-mail message sent to the lab from a computer using the same Internet protocol address as Arnie Baker, Landis’s coach.
Landis and Baker, who continue to insist that Landis did not use performance-enhancing drugs to win the Tour, deny being involved in the computer hacking.
Disregarding the many other ways in which this is impractical, draconian, etc...
Since those most skilled in the areas necessary to test our security infrastructure are liable to be executed in this manner for simply working to *acquire* said skills, let's just leave it up to some hostile foreign entity to find the security holes. We'll clearly be much better off in the long run.
In an ideal world, identification (username) and authentication (password) would be separate. But that's not the case in the financial world. Every time you use a credit card or cheque, you're leaving behind a trail that contains either your credit card number and security code (if online), or your bank's routing number and your account number. Your one-time authorization for withdrawal has given away the keys to the kingdom! It's like social security numbers in that respect. Only a few services (Discover bank?) allow you to setup single-use identifiers that work around this problem without rebuilding the whole system from scratch. More should. If you need to setup recurring payments, you should be able to tell your bank who's going to be doing it, how often, for (about) how much, and get a number that a hacker could not reuse for some other purpose. (And while you're at it, you make it transportable, so you can redirect that number to your new bank account when you get tired of your old bank screwing up, without having to remember to notify everyone that your bank account number's changed.)
and someone takes it
fact: the security guard is responsible
fact: the asshole who took it is responsible
the security guard is responsible for neglecting his duty, NOT FOR THE MONEY
the asshole who took it is guilty of taking something that isn't his, they are on the line for the money
two different responsibilities
but even beyond that, the fact that we NEED security guards is because so many people, such as yourself, don't understand simple fucking morality in this world
there are moral people, who would not take something that is not theres. and there are roaming monkeys with no moral compass who take whatever they can get. such people are the problem with this world. there's no defense for such being such an asshole. if it's not yours, don't fucking take it. it's really that fucking simple. learn it
just because security is lax doesn't entitle you to a damn thing or entitle anyone for any excuse for committing a crime. if you take something that isn't yours, you are guilty, no matter if it is fort knox or a bag of money behind an open door: same level of guilt
try to understand basic morality at some point in your life
intellectual property law is philosophically incoherent. it is your moral duty to ignore it or sabotage it
13 Years for stealing? Hmm... whats the point of our penal system again?
He starts by doing legitimate penetration testing; he leaves backdoors for himself, but doesn't do anything nasty with them. Then he starts hacking into government computers, and does the same thing; leaves a door open but doesn't do anything else nasty. The FBI catches him for it... but rather than bust him, they attempt to enslave him. He helps them bust another computer criminal ring. But after a while he refuses to serve them and they do bust him. They lie and claim he was of no help, and throw him in jail for a year and a half. When he gets out, his skills are now useful for nothing but crime; no legitimate company will touch him. So, naturally, he does turn to crime. This time actually doing some damage. Well, what did you expect?
I think this one failed the Turing test.
Try not to take me more seriously than I take myself.
Wired ran a long article about Max Butler last year.
Actually, 3-year recidivism is something like 50% in the UK and US.
And the prison system is not a failure. It has been a wild success. At least 1% of our population is in prison, many for non-violent and victimless crimes. The prison lobby has been so successful that you never hear anyone talk about Big Prison the way you hear Big Oil or Big Pharma or Big Farma.
The reason you think the prison system is a failure is because you are under the mistaken impression that it's primary purpose is to rehabilitate criminals. The system is designed to generate a profit; imprisoning and/or rehabilitating criminals is an accidental side effect.
If you don't believe me, then imagine if we had under-used prisons. In order to protect their business model, the prison lobby would pay for a whole new set of laws, preferably ones that many people already violate, so we can keep imprisoning Americans...much like the War on Drugs has made sure to keep prisons in business despite the continuous drop in violent crime over the past two decades.
:(){
IMO, if there really is no more legal way to feed one's dependants then stealing is more moral than allowing them to starve. It is then better to steal from one who would miss what he has lost less, because that does less harm to others. It all depends if you consider your duty to your family/friends more important than your duty to society at large.
feeding oneself is more morally grey, but I suspect that most people would take care of themselves before worrying about strangers if they truly are that desperate.