Man Convicted For Helping Thousands Steal Internet Access

angry tapir writes "An Oregon man has been convicted of seven courts of wire fraud for helping thousands of people steal Internet service. Ryan Harris, 26, of Redmond, Oregon, was convicted by a jury in U.S. District Court for the District of Massachusetts. He faces a prison term of up to 20 years and a fine of up to $250,000 on each of the seven counts."

he got rich from fraud

[ozduo]

don't to the crime if you cant do the time

Re:he got rich from fraud

[MacGyver2210]

I would agree with you on that if corporate CEOs and pretty much everyone who makes over a million dollars a year hadn't set the precedent that defrauding thousands of people at a time comes only with a slap on the wrist and a meager fine despite a huge profit margin.

Shit, that's the definition of how corporate America works. Why aren't they jailing the CEOs of the cable companies instead for charging >5000 times the amount they pay for bandwidth for the average user? Why aren't they jailing the AT&T and Verizon execs for bait-and-switch with the 'Unlimited' plans which are actually limited to single-digit bandwidth amounts?

It's all ass-backward, and this guy just had the balls to do something about it. Do your time, but do it proudly.

Re:he got rich from fraud

[0100010001010011]

Why aren't they jailing the CEOs of the cable companies instead for charging >5000 times the amount they pay for bandwidth for the average user?

I bet it'd be a different story if this guy had significant campaign contributions. It'd be a "Misunderstanding" of some sort.

Re:he got rich from fraud

[Corbets]

I would agree with you on that if corporate CEOs and pretty much everyone who makes over a million dollars a year hadn't set the precedent that defrauding thousands of people at a time comes only with a slap on the wrist and a meager fine despite a huge profit margin.

Shit, that's the definition of how corporate America works. Why aren't they jailing the CEOs of the cable companies instead for charging >5000 times the amount they pay for bandwidth for the average user? Why aren't they jailing the AT&T and Verizon execs for bait-and-switch with the 'Unlimited' plans which are actually limited to single-digit bandwidth amounts?

It's all ass-backward, and this guy just had the balls to do something about it. Do your time, but do it proudly.

Why aren't they also jailing each of the individual loan officers who sold mortgages to customers who couldn't pay them back? They were, perhaps, more directly responsible than the CEOs, and yet also directly benefited (commissions or bonuses, depending how such things work at each institution).

That question is also your answer. There is a very large chain of people involved in the financial crisis, and it's unlikely that any single one of them can be apportioned enough blame to go to jail.

Re:he got rich from fraud

[TheVelvetFlamebait]

It depresses me that people think that some people it takes material profit in order to make fraud and theft of service immoral. Apparently you can't commit a crime against a rich person, unless you become one in the process.

Re:he got rich from fraud

[Richard_at_work]

Why aren't they jailing the CEOs of the cable companies instead for charging >5000 times the amount they pay for bandwidth for the average user?

Because thats neither fraud nor any other crime - its not illegal to not base your prices on your costs. The cable companies can charge what they like for their product.

Why aren't they jailing the AT&T and Verizon execs for bait-and-switch with the 'Unlimited' plans which are actually limited to single-digit bandwidth amounts?

Now that's a better example, and one I can't give an answer to.

It's all ass-backward, and this guy just had the balls to do something about it. Do your time, but do it proudly.

Sorry, but that's just a pathetic excuse for this guys actions, he didn't do anything justifiable or the be proud of.

Re:he got rich from fraud

[andsens]

don't to the crime if you cant do the time

I know, but 20 years?!?! Are they serious? That is an insane amount of time for a non-violent crime!

Re:he got rich from fraud

[Taty'sEyes]

No he is not a "life long Republican." He is a libertarian Republican and ran for president as a Libertarian in the past. He does kowtow the party line of the Republicans... of the early 1900's.

seven courts

Courts are an odd unit to measure instances of wire fraud.

Re:seven courts

[Mitchell314]

Close, 1 Court ~ 0.1248859302 Libraries of Congress. The SI system never lines up nicely with the US's.

Re:seven courts

[MobileTatsu-NJG]

That typo was in the article, too. I'm not sure whether I should snobbily deride the editors for not correcting the mistake or fashionably praise Slashdot for finally reporting on a article accurately.

Bad design

[xenobyte]

If this guy could build a business, complete with websites, forums and so on, it must have gone on for quite a while (6 years it turns out), so it is obvious that:

1) The ISP didn't know enough about their business to realize the giant holes this guy was exploiting.
2) The ISP was incompetent enough to let this guy and his customers steal service (which the ISP's other customers paid for) for a long time.

Any sentencing here should include a heavy fine to the ISP for technical incompetence.

Re:Bad design

[SuricouRaven]

Worse, actually. He was impersonating modems using sniffed MAC addresses, which is only possible if the network is running without encryption - a feature that should be easily supported by DOCSIS (BPI has been in there since version 1.0), if the ISP were willing to fork out for the equipment. Coax is a shared medium, which means that every customer's data was being sent to every other customer on that segment, in cleartext - the only thing to stop someone from sniffing all the facebook accounts, emails, MMORPG logins and other non-SSL data they could desire would be the firewall in their modems, which is easily broken with a hacked firmware. That's a massive security worry right there - the ISP were lucky he only exploited it for theft of service, rather than sniffing all traffic and selling details to scammers who might use it for ID theft, spam and the looting of World of Warcraft accounts.

Re:Bad design

[Asic+Eng]

Well, from the description it appears the guy was selling modified cable modems to sniff data on the coax line and enabling the user to change MAC addresses etc. This would seem to indicate that the device would operate with several configuration sets - maybe switching those on the fly depending whether they were already in use. This way the users' modems would be able to replicate the access data of other users.

That could be prevented by using encryption for exchanging login data, but it's pretty hard to detect: You can't easily tell the difference between unauthorized access of user B with user A's login data, and user A who just happens to use the internet a lot. Also you wouldn't notice a few users doing that in one particular segment, the guys customers could be distributed all over the US:

Re:Bad design

[ArsenneLupin]

He was impersonating modems using sniffed MAC addresses, which is only possible if the network is running without encryption

Are you sure about this? Many encryption schemes only encrypt the payload, not link-level headers, such as the MAC address. Or how else would the modem be able to figure out which packets are for itself, and which aren't? Attempting to decrypt every packet (including those not intended for it) would be a huge performance drain.

Re:hrm

[xenobyte]

There a huge difference. You can indeed steal Internet service - you are not making a copy - you are actually taking something someone else paid for, i.e. theft.

When it comes to 'stealing' intellectual property - you are not taking anything away, nor are you taking something someone else paid for. You are making a copy that detracts nothing from the original. Any loss would come from the loss of a potential sale, but as must file sharing either is done by people who would never pay for the stuff they download (no lost sale) or by people that buys the downloaded material later when it becomes available, there's usually no loss involved and thus no theft.

Understand it now?

Writing tools to configure cable modems

[dutchwhizzman]

Writing tools to configure cable modems is what he got convicted for. He just wrote some tools so you could BOOTP your cable modem with a "valid" MAC and uncapped access speed. The cable companies knew they were putting the security in the dynamically configured end user device. They didn't fix the security flaw after it was publicly known. All the guy did was write an exploit for a publicly known bug, others (end users) were the ones that abused it.

Oh well, at least now there is jurisprudence to put gun manufacturers into jail. After all, they make the tools that others use to commit crimes, which is what this guy is going to do hard time for.

Re:Writing tools to configure cable modems

[amiga3D]

It is slightly different in that he did provide customer support in cracking the network. Even so I wonder how this will do on appeal.

Re:Writing tools to configure cable modems

[snowgirl]

"shooting targets" might be a nice hobby, but it's not very practical.

The purpose of the item being sold does not have to be practical. Recurve bows and arrows have no "practical" use, and are only particularly useful for target practice. In fact, recurve bows are even less useful than hand guns for hunting.

As well, handguns have another perfectly legal reason for purchase and ownership: protection, and defense.

There is no way that gun manufacturers aren't aware of those statistics, yet they keep on allowing their products being sold in shops.

Being aware the statistics about misuse of your item does not mean that you are criminally liable. The manufacturers of oxycodone are certainly aware of the high rate of abuse of their drug, shall we hold them responsible criminally for the abuse of their drug?

With this jurisprudence, gun manufacturers are just as guilty. Either that, or someone got wrongly convicted here.

This jurisprudence is not precedent setting. Gun manufacturers are already, and have long been subject to the conditions under which this individual was charged.

There was sufficiently established evidence that this individual was selling a product that had no legal purpose. Guns have well recognized legal purposes. And weapons manufacturers are not concerned about this case... like I said, this case hinged on already well established legal precedents, and the gun manufacturer lawyers have long been aware of these details.

But then, as usual, anything legal happens, and slashdot armchair lay lawyers are ready to jump out of the woodwork with specious legal theories, and pretend like shit means more than it actually does.

Comment removed

[account_deleted]

Comment removed based on user account deletion

I'm ok with that so long as...

[Sycraft-fu]

You are ok with a fine on you if your house gets broken in to and it is found you didn't do a good job securing it. After all, if we fining people for not doing security properly, then it needs to apply to physical security too, and to individuals too. So if you are like most people and have a cheap lock that is vulnerable to bumping and picking, single pane windows with no security screen or coating, no security locks on your windows, no alarm system, and so on then if you get broken in to, you get fined too.

After all, it is something you can fix. You can get high security locks from someone like Medeco or Assa that can't be bumped, and key controlled, hard to pick etc. You can have your windows replaced with coated glass and screens that are very difficult to break through. You can buy friction security locks for your windows that you take on and off when you want to open them and so on.

You probably don't choose to. Few people do. It costs more and is inconvenient. However it does make it much easier for someone to break in to your house.

Now if you aren't ok with that, then I have to ask why it is ok to fine the ISP. Could have the had better security? Most certainly. However they chose not to and that doesn't make what was done to them right. Same shit with you. You can choose to have better security. Just because you don't, doesn't make it right for someone to break in.

Re:hrm

[gomiam]

Obvious troll, but I'll bite: the bits that you receive through my connection detract from the bits that I can receive through my connection for bandwidth is a physical world entity.

OTOH, the bits that you copy from me don't disappear from my hard disk by your copying, for information is being a virtual world entity.

What the hell is up with your justice system?

I mean -- 20 years for a simple financial fraud thing. In other countries, murder is less.

No wonder you have a considerable fraction of your population in jail.

Scary.

not necessarily

[Weezul]

We should never outlaw creating tools like lockpicks, knives, cable modem sniffers, or CPUs able to run unsigned code. We should only outlaw specific usages of said tool.

A priori, there is nothing wrong with explaining how such tools work either, but aiding customers with the specifics of their particular cable provider could eventually cross the line into conspiracy to commit wire fraud, just like helping a robber a house's door would become conspiracy to commit robbery.

I therefore hope they convicted him on specific instances of technical support he provided which unambiguously made him a conspirator in specific customer's wire fraud. And I hope he wins back his freedom on appeal if they convicted him on any other grounds.

In fact, we should discuss the physical plans for equipment and software which he sold here because I'm sure we're curious what exactly he sold. Anyone got links to DIY kits? We should add this stuff to thepiratebay.se's physibles section : http://thepiratebay.se/blog/203

And what about the people on the end?

[Sycraft-fu]

Those that walked in to various loans, eyes wide shut? Or those who took loans they couldn't afford because they figured they'd just flip the house and make money?

The idea that individuals were completely blameless in the financial crisis is silly. Sure there were some people who were suckered in. They were told one thing and given another. For them I have some sympathy (though really, there's a standard loan terms sheet that comes with every loan, it isn't hard to read). However there were plenty that got greedy and just ignored all good sense.

An example would be my cousin, call him B. He owned a house that he'd had for quite some time, around 8-10 years on a 30 year fixed mortgage he could afford. then things went crazy and he decided he's take all his equity out in a refinance so that he could buy a bunch of new toys like a truck, take an expensive vacation, shit like that. His loan amount went way up because he was taking out more than the original loan had been for since his house was allegedly worth more. He couldn't afford a fixed loan at that rate so he got a cut rate ARM. Then prices crashed, the rate went up, and he lost his house. Not only should have he known better, my dad (among others) told him this was a stupid idea.

Then there's me, I have a house that I had since before things went crazy, on a 30 year fixed mortgage that I can afford. It supposedly doubled in value during the craziness. I could have taken a ton of money out. I didn't, because I knew that was a bad idea. I still have my house, and I can still afford my loan.

We were both in a similar situation, he chose one option, I chose another. Nobody held a gun to anyone's head and forced the issue.

The crisis was caused by failures and greed at so many levels. The government, the bond rating companies, the investors, the banks, the loan officers, and yes the individuals. You can't just act like a certain group were the evil ones who caused everything. There is a lot of blame to go around.

Now if you just want to start locking everyone up, I guess that's a valid position, but you might want to ask how well that's work in, say, the drug war.

Re:And what about the people on the end?

[ByOhTek]

The loan reps aren't exactly blameless either.

When I bought my places ($100k-$150k range), the first loan place I went to, the guy I talked to tried to convince me to get a more expensive house (you are approved for up to $350k! You should look at something nicer!)

I would *not* be able to pay the mortgage on such a house, let alone cover food and utilities. He didn't care, they were just going to sell the loan to some other company, they would make their money, he'd get his commission.

Glad I went with another company. That was obnoxious.

Re:And what about the people on the end?

[ByOhTek]

Personal responsibility is important (it certainly kept me out of a mess in this regard), but when people from every side are trying to trick you from every side, you eventually slip. These people know your financial situation, - they see your records, and in most cases, are probably better trained to understand it than you. Yet they try to put you in a situation that is above your head, and screws whoever they sell the loan to, for their own profit. Yeah, they should be held responsible as well, not instead of.

It's a bit beyond the magnitude of a super-sized meal, a $20 stack of disks, or a V8 car...

Re:And what about the people on the end?

[Xacid]

Conversely, the fella I worked with was very practical about the topic. Basically I can afford up to X but I'd be eating only ramen and wiping with newspaper. For every increment lower that I could get to would increase my quality of life so either make more money or find something significantly cheaper than X. And hell, I was 23 at the time.

Oh, and the bank - Bank of America oddly enough. Incidentally that guy doesn't work there anymore. He moved back to Sweden. Probably saw the writing on the wall, heh.

Re:And what about the people on the end?

[fearofcarpet]

He didn't care, they were just going to sell the loan to some other company, they would make their money, he'd get his commission.

You nicely summarized the root cause of the collapse of housing markets across the US. The banks thought that, by chopping up mortgages and combining them with other securities, the resulting CDOs had less risk because it was spread around and since the cost of each tranche was proportional to the risk, and therefore the yield, everyone understood the risks involved. Of course that created a profit motive to create as many mortgages as possible--and the riskier the better because the risk magically disappeared once sliced up and repackaged. Opportunists climbed into cheap suits and starting fly-by-night mortgage brokerages, assembling teams of sleazy salespeople to push bad loans. By the time the mortgages went sour, everyone involved in the transaction had taken their profit but, thanks to deregulated banking, those profits were basically paid out of the savings accounts of the very same people getting the bad mortgages. And since all the banks merged into giant mega-banks that snatched up bad debt with your money, they were "too big to fail." But don't worry, they bought "insurance" against it in the form of credit default swaps so that the government wouldn't have to bail them out. Except that the "insurance companies" were also banks and didn't have nearly enough cash to pay out, so the government bailed them out, including the third parties that were buying credit default swaps on CDOs that they didn't even own.

So everyone made money--from the mortgage bundlers all the way up to the CEOs of the giant banks--no matter if they succeeded, failed, or wrecked the global economy in the process. And to get the economy going again, the Fed started loaning out money at %0.01 interest so the banks could turn around and lend it back to Treasury at 3% (and pay back the bailout after dumping their bad assets); it's socialism for banks, and "free markets" and personal responsibility for the rest of us. Now we have a mountain of government debt and a generation of college-educated young people entering a stagnated economy with student loans accrued during the boom-times. I guess that is what happens when you create a system in which you can flip someone's livelihood for a profit without taking on any risk or responsibility.

...but this guy goes to jail for 20 years for scamming cable companies.

Meanwhile...

[Tasha26]

prison term of up to 20 years and a fine of up to US$250,000

...the real criminals in the banking and mortgage industry got away scoff free even after they caused damages in the trillions. Is the law blind?

FFS, it's not stealing, it's fraud.

[subreality]

I'm tired of "stealing" getting applied to every instance of "underhandedly doing something you weren't supposed to".