Slashdot Mirror

← Back to Stories (view on slashdot.org)

The Great Cyberheist

Posted by kdawson on from the meelions-and-meelions dept.

theodp writes "In this week's cover story, the NY Times Magazine delves into the mind of Albert Gonzalez, the hacker who is currently doing time (the longest sentence ever handed down for computer crime in the US) for masterminding attacks on the nation's leading retailers, reportedly costing TJ Maxx, Heartland, and other victimized companies more than $400 million. And that may just be the tip of the iceberg. 'The majority of the stuff I hacked was never brought into public light,' said one of Gonzalez's partners-in-crime. Another claims there 'were major chains and big hacks that would dwarf TJX. I'm just waiting for them to indict us for the rest of them.' Online fraud is still rampant in the US, but statistics show a major drop in 2009 from previous years when Gonzalez was active. While reportedly not a gifted programmer, even the Feds that Gonzalez two-timed admired his ingenuity, likening him to top CEOs. When asked how Gonzalez rated among criminal hackers, a prosecutor replied: 'As a leader? Unparalleled. Unparalleled in his ability to coordinate contacts and continents and expertise. Unparalleled in that he didn't just get a hack done — he got a hack done, he got the exfiltration of the data done, he got the laundering of the funds done. He was a five-tool player.' Accounting for time served and good behavior, Gonzalez is expected to get out of prison in 2025." Last June Rolling Stone ran a long profile of Albert Gonzalez written by Sabrina Rubin Erdely; they have dusted it off now that producer Eric Eisner has embarked on the development of a feature film based on Erdely's piece.

57 comments

  1. from the skool of bad journalism :) by viralMeme · · Score: 4, Insightful

    Yet another 'journalist who thinks he's the new Tom Wolfe :)

    Biggest Cybercrime of All Time

    "Albert Gonzalez remained focused on business — checking his laptop constantly, keeping tabs on the rogue operators he employed in Turkey and Latvia and China, pushing, haranguing, issuing orders into his cellphone in a steady voice. "Let's see if this Russian asshole has what I need," he'd say calmly. Then he would help himself to glass plates of powder, each thoughtfully cut into letters for easy identification: "E" for Ecstasy, "C" for coke" link

    "Dude," he wailed, "I can't fucking read!"

    Dude, you can't write :)

    1. Re:from the skool of bad journalism :) by devbox · · Score: 5, Funny
      I loved this part

      Before long, he discovered Internet Relay Chat, a web forum popular with hackers who discussed the how-tos of breaching Internet security at its highest levels.

    2. Re:from the skool of bad journalism :) by Nailer235 · · Score: 0, Offtopic

      Even the summary is written in Engrish. "While reportedly not a gifted programmer, even the Feds that Gonzalez two-timed admired his ingenuity, likening him to top CEOs. " What?

    3. Re:from the skool of bad journalism :) by Anonymous Coward · · Score: 0

      Maybe you need to learn how to parse more complex English sentences - makes complete sense to me.

      1. He was not considered a gifted programmer, but that was not a hindrance for him in his "enterprise" due to the next point.

      2. The Feds that he two-timed could admire his ingenuity in spite of being "two-timed", and they compared ("likened") him to top CEO's (apparently due to his ability to manage this complex operation).

      Does that help?

    4. Re:from the skool of bad journalism :) by bobdotorg · · Score: 1

      Hey: Eye are see is where those hackers refine their "sequel attacks", because apparently the first attack didn't fully tell the story.

      --
      __ Someday, but not this morning, I'll finally learn to use the preview button.
    5. Re:from the skool of bad journalism :) by Anonymous Coward · · Score: 0

      Not at all. In what way was there "two-timing" going on ? This usually means that your girlfriend/boyfriend is sucking a second dick. What does it mean when you're the FBI ?

    6. Re:from the skool of bad journalism :) by Anonymous Coward · · Score: 0

      Good, because those prequel attacks are awful. Lucas should have stopped after episode VI.

    7. Re:from the skool of bad journalism :) by Anonymous Coward · · Score: 0

      nice Critical research failure

    8. Re:from the skool of bad journalism :) by sirrunsalot · · Score: 1

      two-time
      verb [trans.] informal
      deceive or be unfaithful to (a lover or spouse)

      The parentheses indicate common usage, but the meaning seems perfectly clear to me in this context. It is more fun to feign ignorance though.

      And speaking of feigning ignorance, I thought maybe we were going to delve in to the mind of Alberto Gonzalez when I first glanced at the summary. Now that would be a story. But then I remembered personally reading about and discussing this Albert Gonzalez on a previous occasion. What did we talk about? I didn't directly converse about Gonzalez. I believe it was a spokesperson that discussed him. When? I don't recall. I told you. I remember talking about the other Albert Gonzalez. We went back and clarified the difference between the two. I don't know the specific content of the conversation, but I remember that it was about Albert Gonzalez. I stand by what I said to the committee. I don't know exactly... Well, I don't have a record of everything that was said here. I'll have to find out and get back to you.

    9. Re:from the skool of bad journalism :) by angiasaa · · Score: 1

      Is it not obvious? :) He was sucking the KGB behind the FBI's back.

      Okai, that was in lousy taste, I know.. :| But you're right, I can't imagine what two-timing could have happened. And if there really was some kind of two-timing going on, the writer obviously did not have the sense to mention it in TFA for us. What joy in incompetence, yeah!?

      --
      Geekism is your _only_ God!
    10. Re:from the skool of bad journalism :) by osvenskan · · Score: 1

      To be fair you should note that your quote is from the Rolling Stone article. The NY Times magazine article (first link in TFS) is quite good.

    11. Re:from the skool of bad journalism :) by JWSmythe · · Score: 1

      Everyone knows that the KGB had hot russian chicks as their spies. Haven't you ever watched a James Bond movie? :)

          Well, it's shown in reality too. Some are: Anna Chapman, Anna Fermanova, Patricia Mills, Krystyna Skarbek, Josephine Baker, and Violette Szabo. They don't exactly resemble the Bond girls though. I'm still trying to figure out how to convince a hot russian spy chick that I have secrets worth seducing. It's not that I'd give them up, but the seduction is always fun. :)

         

      --
      Serious? Seriousness is well above my pay grade.
    12. Re:from the skool of bad journalism :) by Whiteox · · Score: 1

      POO (Point of Order): Violette Szabo is Hungarian, not Russian.

      --
      Don't be apathetic. Procrastinate!
    13. Re:from the skool of bad journalism :) by angiasaa · · Score: 1

      We're assuming things here.. I'm sure there are some non-homophobic members on both sides. :-D

      But I rhyme with your thoughts. :) I'm sure I have secrets worth seducing out of me too. I just have to find some Russian chicks to work on me before I expose myself.

      --
      Geekism is your _only_ God!
    14. Re:from the skool of bad journalism :) by Doggabone · · Score: 1

      And if there really was some kind of two-timing going on, the writer obviously did not have the sense to mention it in TFA for us. What joy in incompetence, yeah!?

      Excerpts from the article ...

      "After a couple of interviews, Gonzalez agreed to help the government so he could avoid prosecution ... After aiding another investigation, he became a paid informant in the Secret Service field office in Miami in early 2006. Agent Michael was transferred to Miami, and he worked with Gonzalez on a series of investigations on which Gonzalez did such a good job that the agency asked him to speak at seminars and conferences ... As far as the agency knew, that’s all he was doing. “It seemed he was trying to do the right thing,” Agent Michael said... He wasn’t. Over the course of several years, during much of which he worked for the government, Gonzalez and his crew of hackers and other affiliates gained access to roughly 180 million payment-card accounts from the customer databases of some of the most well known corporations in America ..."

      The two-timing is spelled out in just over the first page.

    15. Re:from the skool of bad journalism :) by Doggabone · · Score: 1

      Ah, I'm quoting the Times and missed the point ... the Rolling Stone piece is certainly crap.

  2. what great cyberheist ? by Anonymous Coward · · Score: 3, Informative

    The hack consisted of accessing wireless POS terminals from the car park and then going on to access the internal CC database for over eighteen months, without anyone noticing. They only took action when the banks phones them up and asked about all the fraudelent activity out TJX stores.

    "TJX admit that 45.7 million credit and debit cards was stolen from the company in a computer data security breach over an 18-month period" link

    1. Re:what great cyberheist ? by hedwards · · Score: 2, Insightful

      I'm wondering at what point a retailer ought to be responsible for the breach. It seems to me that whatever the consequences of that sort of irresponsibility is, that it's not enough. There's absolutely no reason why they need to have an internal CC database. They could just as easily hash the CC information and compare that with a stored hash.

    2. Re:what great cyberheist ? by Florian+Weimer · · Score: 1

      There is not enough entropy in credit card numbers to make hashing a serious obstacle.

    3. Re:what great cyberheist ? by TheKidWho · · Score: 1

      Typical /. goon, "Pshh I could do that with one hand and blindfolded!"

    4. Re:what great cyberheist ? by Anonymous Coward · · Score: 0

      Still better than not hashing them, especially given how little additional work is required to do so.

    5. Re:what great cyberheist ? by Corbets · · Score: 1

      Still better than not hashing them, especially given how little additional work is required to do so.

      No, because "so little work" involves changing credit card processing terminals around the world. For that kind of cost/effort, it better be a good solution.

    6. Re:what great cyberheist ? by bjourne · · Score: 1

      Is it even legal to store credit card info when you don't have any use for it? In other countries there are laws against retailers storing CC info because of the huge risks involved. They don't need the info after the purchase is made and a single rogue employee can cause havoc without any hacking involved.

      --
      Football Odds
    7. Re:what great cyberheist ? by Anonymous Coward · · Score: 0

      This could all be easily solved if the US got off of its lazy fat ass and entered into the banking 20th century, like the rest of the civilized world was in say, 20 or 30 years ago.

      What is the obsession with using credit cards all the time? I have a credit card but I don't use it more than a handful of times a year, if that. Suer, it's a nice thing to have, especially if say, the end of month is nearing and you are a bit tight on funds and really need to make this purchase or whatnot, but for everything else in day to day life I use a debit card, and couldn't care less if anyone got a hold of it's number, because they can do jack shit with it.

      Even for online shopping there are massively better alternatives -- my bank allows me to create virtual credit cards on the fly, with the expiration date set to the present month and a limit of my chosing (which I usually set at the exact amount of whatever I'm buying). Hell, you can easily have paypal without a credit card, and pretty much anywhere that matters online accepts paypal.

      Seriously, America's love affair with credit cards flummoxes me. I can see mostly downsides with very few, if any, upsides.

    8. Re:what great cyberheist ? by Anonymous Coward · · Score: 0

      It is legal, at least in the US. However, if there is any breach the merchant is responsible for the cost of the breach including the forensic investigation. For a merchant to limit their liability, it is ideal to not store CC's at all. Generally the business case for storing them must outweigh the cost of increasing security. See: PCI DSS

    9. Re:what great cyberheist ? by TheLink · · Score: 1

      He's an amateur.

      This is what I call a great cyberheist:
      http://www.bloomberg.com/apps/news?pid=newsarchive&sid=armOzfkwtCA4
      http://www.bloomberg.com/apps/news?pid=newsarchive&sid=aGvwttDayiiM

      Or if fancy computer tricks are required:
      http://www.nytimes.com/2009/07/24/business/24trading.html
      http://www.nytimes.com/imagepages/2009/07/24/business/0724-webBIZ-trading.ready.html

      --
    10. Re:what great cyberheist ? by yuhong · · Score: 1

      The hack consisted of accessing wireless POS terminals from the car park

      By cracking WEP, BTW. Any other real-world incident that involved WEP cracking you have encountered? BTW, I found this paper on "IVs to Skip for Immunizing WEP against FMS Attack" from 2008, which seems to be a better attempt at skipping weak IVs than before. Of course it is still better to use WPA if you can.

    11. Re:what great cyberheist ? by evilviper · · Score: 1

      A) You may just be over-generalizing, but yes, full CC#s do need to be stored for a decent bit of time to handle any number of order processing issues that may occur.

      B) Even if you as a company may not want to keep CC#s lying around forever, your lawyers may well tell you it is required. Though I dont deal with the lawyers myself and cant give specifics, I can tell you that my employer treats CC info the same as all other business info that might possibly be needed by the IRS up to 7 years down the line...

      C) PCI-DSS is the (publically available) standard that the CC companies set on businesses who need to process credit cards. They can pretty well dictate any terms they want. However, they most certainly arent strict by any stretch. They do not set a length of time after which you must erase full CC#s from your records. They do, however, dictate that any such info being stored must be protected, essentially requiring encryption, and dictating annual key changes as well.

      D) If retailers aren't abiding by PCI-DSS standards, and passing their audits, they're liable to get their right to process CCs revoked, and, may be open to lawsuits by the CC companies. If the standards aren't tough enought, they can easily add more restrictions that retailers must follow. However, if CC companies wish to choose to allow retailers to be in violation, and choose not to improve their security standards, then they've decided it's better to take these kind of losses, and that's hard to argue with... There's a question of a moral hazard, as letting criminals make billions is a bad thing in itself, and how much money police and courts are wasting on prosecuting criminals that need not have been able to get anything in the first place, but if they've decided lack of security is more profitable, they deserve to pay out every fraudulent dollar, and we shouldn't give it a second thought, until they start asking to be bailed out...

      --
      Slashdot gets worse every day... Pipedot: News for nerds, without the corporate slant
    12. Re:what great cyberheist ? by Anonymous Coward · · Score: 0

      do you mind if I ask what bank allows you to create virtual credit cards?

      thanks.

  3. the long tradition of bigging up criminals by petes_PoV · · Score: 5, Interesting
    All media reports of (caught) cyber-criminals (or just plain "criminals" as they actually are) stresses how talented, or brilliant or "mastermind" they were. None of them were simply petty crooks that just happened to use a comuter rather than a jemmy as their tool of trade.

    You could be forgiven for thinking that the world of the cyber-criminal is wholly populated by geniuses who have "gone bad", or the sorts of people that James Bond regularly vanquishes. Where are all the averagely intelligent, nondescript, stupid-but-lucky criminals who stalk the world of online, as they do the ordinary underworld?

    The answer, I suspect, is that they're the very same people who are described above, but who's skills are exaggerated by police forces all over the world in an attempt at self-aggrandisement. To make their own lucky breaks appear to be much more significant than they actually were. Just as anglers everywhere have stories about the "massive" catches they made when no-one else was around I reckon the police are pursuing the same policy to try and convince the public that they, too are masterminds. Hmmm.

    --
    politicians are like babies' nappies: they should both be changed regularly and for the same reasons
    1. Re:the long tradition of bigging up criminals by Anonymous Coward · · Score: 0

      I believe that happens everywhere. I laughed when a coworker talked up his shitty platform until I heard our boss do the same.

      I have to self-aggrandize to be judged fairly.

    2. Re:the long tradition of bigging up criminals by Anonymous Coward · · Score: 0

      Most criminals are retarded, and I mean that in the technical rather than the pejorative sense: IQs well below 80. In a lot of cases its because their mothers drank or did drugs or did other bad things while pregnant. My mother is a teacher in a prison, so I know whereof I speak. They then exacerbate the problem by doing brain-killing things like sniffing paint. These types of people constitute the vast majority of criminals these days. (It may have been true 30 years ago too, but I don't know.)

      As the saying goes, you don't end up in prison because you're smart. Smart people either live more-or-less honestly or they are good enough at crime not to get caught. We've all probably thought about it before: "How could I rob this bank and never get caught?" The answer is that you probably could, and it would probably be pretty easy. Get a gun well in advance of the crime, don't use the gun, rob a bank that's nowhere near you, and get the hell out of there as soon as possible, even if it means leaving money behind. Then don't spend all your "profits" all at once, but instead spread it out over several months. It would basically take a run of terrible luck to get caught if you did it that way. But see, we can plan that out because we're not stupid. Most criminals are mentally incapable of constructing (or even following) a plan like that. They are driven almost entirely by the need for instant gratification. "I need money, so I'm going to rob a bank." They often go to banks where they've been before or will be again, they spend all their cash at once, they brag to their buddies about what they've done, etc etc etc. They just have no impulse control or planning abilities.

      So that's the point of comparison. "Cybercriminals" -- the kinds who don't just lift a bunch of credit card numbers and then get caught two weeks later -- may only have 110 IQs, but by comparison to the average criminal, that makes them bloody geniuses.

    3. Re:the long tradition of bigging up criminals by Anonymous Coward · · Score: 0

      That's a little harsh. Nearly everyone especially techo-geeks exaggerate their accomplishments.

    4. Re:the long tradition of bigging up criminals by misexistentialist · · Score: 1

      Stupidity is commoner than you think, judging from your bank robbery plan.

    5. Re:the long tradition of bigging up criminals by Nikker · · Score: 1

      Ha I just hacked the NSA,CIA,FBI and CSIS using RFC2594 with a DBSA(distribution of bird seed attack) and that was while I was posting to Slashdot, Twitter, Facebook and writing an advanced stock market algorithm in BrainFuck.

      --
      A loop, by its nature, continues. If that didn't make sense, start reading this sentence again.
    6. Re:the long tradition of bigging up criminals by petes_PoV · · Score: 1
      True, but in the case of cyber-criminals, finding themselves described as brilliant or genius or whatever is more of an encouragement than a criticism. For example, the question "Which is the bigger insult - being called ugly or being called stupid?" Most geeks would say that stupidity was the bigger insult, whereas most ordinary people would go with ugly.

      By exaggerating the very trait that cyber-criminals value in themselves (i.e. their intelligence, cunning, abilities etc.) all thepolice are doing is rewarding them - the jail term notwithstanding. Personally I think a bigger deterrent for cyber-criminals would be if the police publicly ridiculed their efforts and humiliated them. For example: "This was a particularly inept attack that had FAIL written all over it. My 6 year-old writes better hacks than these people and their idea was just so lame I can't believe anyone with more intelligence than a tomato plant would ever think they could get away with it.". However, that then begs the question: "well why did it take yo so long to catch them?" --- But we all know the answer to that one.

      --
      politicians are like babies' nappies: they should both be changed regularly and for the same reasons
    7. Re:the long tradition of bigging up criminals by JWSmythe · · Score: 1

          I agree.

          I've had frank conversations with folks that work in banks. I've also had to cash some large checks, which is frequently a nightmare to pull off. It's not all in verification, that's easy. They call the issuer, the issuer verifies it. The hard part is for them to come up with the funds. I've been left waiting for up to an hour for the armored truck to arrive and drop off more cash, so I could get mine. Teller drawers rarely have enough to make a bank robbery a valid risk. You may walk off with a few hundred. If you're lucky, a few thousand. Once in a great while the bank wasn't following it's written procedures, and someone will walk out with a bunch of cash, but that's rare. Most likely, a bank robber will walk out with the few hundred, and an exploding dye pack, and get nabbed within a block of the bank. Not all cops do what is shown on TV. They *WANT* you to come outside. You're now without any sort of defensible area, and without any potential hostages.

          He was right in one thing though, most people who do commit those types of crimes are stupid. Then they get greedy. If they get away with a couple, then they'll start getting sloppy, and they may as well put on their own handcuffs and climb into the back of the patrol car.

          Risk evaluation for criminal activity is fun to do. Well, as a hobby. Trying to figure out the "perfect" crime, and then trying to pull it off means you are dumb.

          I'll never commit any sort of crime like that, because I know perfectly well that even if I did formulate the "perfect" plan, the random event will get me caught. It'd be something stupid like, getting in and out undetected, and getting a flat tire a few miles down the road. Despite the fact that cops are never friendly enough to stop and help when you're actually stuck, it would be almost guaranteed that one would stop to help me, and pull the probable cause card for searching me and my vehicle, and voila, I'm in jail. No thanks. :)

      --
      Serious? Seriousness is well above my pay grade.
    8. Re:the long tradition of bigging up criminals by Bazouel · · Score: 1

      Is the article making the police forces look good ? Hardly. They caught the hackers by luck (thanks to the Russian CC reseller) and it is repeated many times that Gonzalez considered them ignorant and outwitted. The lyric description of the hackers lifestyle rather glorifies them and make them look like superstars, which we all know on slashdot is far from the reality.

      --
      Intelligence shared is intelligence squared.
    9. Re:the long tradition of bigging up criminals by Anonymous Coward · · Score: 0

      That is why you don't hold the cash ON YOU when you leave. You stash it asap nearby the second you are around the corner and no one is looking and come back later. Then leave slowly. But robbing a bank is stupid as you said. Too risky.

    10. Re:the long tradition of bigging up criminals by indiechild · · Score: 1

      Agreed. Bankrobbers are a breed of low-intelligence, violent psychopaths. Robbery is a high risk crime (to the perpetrator as well as the victims), so a clever criminal would not engage in such activities. The return usually isn't worth it when judged against the risk.

    11. Re:the long tradition of bigging up criminals by indiechild · · Score: 1

      What an idiotic thing to do. Stash it when you leave, and then come back later when all the cops are swarming all over the place? Or come back later only to find that someone else has already taken your loot?

    12. Re:the long tradition of bigging up criminals by tehcyder · · Score: 1
      So your ingenious bank-robbery plan is to get a gun, run out with some cash and not get caught?

      It's almost unbelievable that no-one's thought of that before.

      --
      To have a right to do a thing is not at all the same as to be right in doing it
  4. idiot press by Anonymous Coward · · Score: 2, Insightful

    If he was so poorly educated and not a particularly well-skilled hacker, and it still took the FBI so long to figure out it was him and bring a conviction, what are they doing against hackers who are actually good? How are they fairing against highly intelligent, well-organized, and well-funded teams of hackers being employed by other nations to the infiltrate US government, commercial, and industrial systems. We know those bad guys exist. Where are all the arrests and front-page stories?

    Uneducated and under-resourced petty criminals like Gonzalez are the EASY fish. What is the FBI doing against the real bad guys? Unfortunately, our press is so lazy and dumb they cannot see the writing on the wall. The story of the decade and the one that will ultimately change the US forever. nope.....they're going to chase the Gonzalez story, because that's what the FBI gave them. Online fraud. A few hundred million? 1 Billion?

    All while 100s of billions of dollars in research and development across every sector of our economy walks out the door. While every facet of our government is attacked daily. Great catch guys.

  5. a promising technique called SQL injection ?? by Anonymous Coward · · Score: 1, Funny

    "BY THE SPRING of 2007, Gonzalez .. was also tired of war driving. He wanted a new challenge. He found one in a promising technique called SQL injection ..

    When you log on to the Web site of a clothing store to buy a sweater, for example, the site sends your commands in SQL back to the databases where the images and descriptions of clothing are stored. The requested information is returned in SQL, and then translated into words, so you can find the sweater you want ..

    SQL is the lingua franca of online commerce. A hacker who learns to manipulate it can penetrate a company with frightening dependability. And he doesn't need to be anywhere near a store or a company's headquarters to do so. Since SQL injections go through a Web site, they can be done from anywhere    " .. link

  6. Fuck him, I hope he dies in prison by Anonymous Coward · · Score: 0

    He is a thief, and thieves are parasites
    who should be exterminated.

    Of course, I'd be willing to settle for all of his fingers being cut off
    and both of his eyes being removed.

    1. Re:Fuck him, I hope he dies in prison by FuckingNickName · · Score: 0, Flamebait

      Property is theft, etc. But since you bring up a method of your most rowdy puppet state (not Israel - way too smart to be puppets)...

      I can't make up my mind whether it is Americans or Saudi Arabians who are more convinced of the impossibility of a flaw in their belief systems and the resultant society created. Although I have always got better discussions from adherents to conservative Islam than from arch-capitalists, probably because only the former understand what fundamental faith-based assumptions they are making.

  7. The Great Cyberheist by ray-solomon · · Score: 0

    "The Great Cyberheist", based on a true story. I see a future movie being made soon.

  8. People Don't Want To Understand Cybercrime by Black+Gold+Alchemist · · Score: 4, Insightful

    People think cybercrime is about misbegotten geniuses launch attacks using incomprehensible methods. They think cyberwar is about vast arrays of foreign hackers breaking into our high tech military systems and stealing our secrets. However, that's not what cybercrime and cyberwarfare are about. Cybercrime and cyberwarfare are about people bruteforcing some bigshot's low strength password. It's about some stupid spyware program exploiting some obvious old bug in windows and emailing your credit card to the former USSR. It's about your grandma downloading a set of "kitty" icons and infecting her computer with a botnet virus. It's about some small-time hacker calling up one secretary and getting the CEO's username, and then calling another and getting the CEO's password. These problems can't be solved by advanced security systems. They have to be solved by people. It's kind of like trying to fight cave-dwelling terrorists with a high-tech stealth bomber.

    --
    Responsibility is an addiction
    Virtue is a temptation
    Community is a cartel
  9. Fair is fair -- ? by Anonymous Coward · · Score: 0

    I see the "$400 million" price tag and the righteous furor with which they necessarily prosecuted this guy and I have to wonder: when will someone be prosecuted for the trillions of dollars lost and the countless lives sacrificed for the Iraqi war over pretend WMDs? Why is it right to prosecute this kid and "not so much" to investigate those who pillaged our Treasury in the name of "national security"?

    Off-topic, maybe - but probably just as important, if not more so. The Feds are holding this kid out as an example, but completely ignoring those who did even worse things.

  10. From an Insider by Anonymous Coward · · Score: 0

    Funny how "Eckis" ratted him out, especially considering how many people he stepped on for the USSS.
    I wonder how the #phrack high council feels :)

    Oh BTW back in 2002-2003 the source of all his data was from Phishing. He is the stereotypical Script Kiddie.

  11. Did anyone else.. by Lanteran · · Score: 1

    when I read that last bit about him being expected to get out of prison in 2025, I had the mental image of Simon Phoenix hacking into the public terminal in demolition man....

    --
    "People don't want to learn linux" hasn't been a valid excuse since '03.
  12. FBI has shutoff all non-terror resources basically by HongPong · · Score: 1

    The thing is that the FBI has basically diverted all their white collar crime resources, and probably whatever might be used to track hacking / financial crime stuff, into stupid counter-terror campaigns. This whole mess is really a permutation of white-collar crime.

    They haven't sent a single greater-than-pawn level obvious fraudulent white collar criminal to prison in like a decade. They catch a couple hackers running large creditcard schemes but they haven't done jack about the industrial espionage, which as you note is going 'all the while.'

    I am mainly just sad that all this context is lost, the one primary thing feds are good at is 'making an example' and making sure that it appears to be a broad enough example that they are getting to the core of the matter.

    --
    --hongpong.com
  13. Re:Full article text by Nero+Nimbus · · Score: 1

    Hah, this got modded down? The NY Times article is paywalled off, and nobody else posted it, so I fail to see how the fact that I potentially saved a bunch of people from going to bugmenot to grab a username/password for nytimes.com is redundant.

    Oh, wait. This is Slashdot. Nobody reads the articles, and very few even read the summaries. My bad. In Soviet Russia, etc, etc.

  14. Why hide? by hesaigo999ca · · Score: 1

    >Another claims there 'were major chains and big hacks that would dwarf TJX. I'm just waiting for them to indict us for the rest of them
    This leads me to believe the rumors that we are never really told what is going on behind the scenes of these fraud cases by the banks themselves, so how are we to know what is what, and if the banks are doing an adequate job ? Maybe some regulations for this specifics might be in order?

  15. Why is this guy the only criminal in jail by Anonymous Coward · · Score: 0

    The companies knew of the risk of this but their officers made the decision that leaving it open to facilitate other processes rather than securing their systems. They saved hundreds of thousands of dollars by not securing this hole and utilizing it for their other business processes. This decision should be criminal negligence.