Slashdot Mirror

← Back to Stories (view on slashdot.org)

Photobucket Hackers Nabbed, Face Serious Charges From US Authorities

Posted by ryuzaki0 on from the until-somebody-loses-an-eye dept.

The U.S. Department of Justice said in a statement released Friday that two men, Brandon Bourret, and Athanasios Andrianakis, of Colorado Springs, Colorado and Sunnyvale, California, respectively, were arrested for their sale of software designed to breach the security of photo-sharing site Photobucket.com; their "Photofucket" app, says the linked Register report, was used "to plunder Photobucket's users' private and password-protected information, images and videos, it has been alleged ... The charge sheet against Bourret and Andrianakis details one count of conspiracy and one count of computer fraud, aid and abet – both of which carry a maximum prison sentence of five years and a fine of up to $250,000. In addition, the men stand accused of two counts of access device fraud, which carries a higher prison sentence of up to 10 years and a fine of up to a quarter of a million dollars, per count." The indictment, filed in Federal District Court in Colorado, is far easier to read than many.

26 of 142 comments (clear)

  1. When is the NSA going to be held accountable? by Anonymous Coward · · Score: 5, Insightful

    "...their "Photofucket" app, says the linked Register report, was used "to plunder Photobucket's users' private and password-protected information, images and videos, it has been alleged .."

    Sounds exactly like any one of the many NSA programs that have been pointed out over the past year after Snowden relased info.

  2. "Hacking" goes a little far here.. by Anonymous Coward · · Score: 4, Informative

    The assets in question were not "protected" by passwords, they were stored on publicly accessible and easily guessable URLs. I mean, if by protected by password they mean anyone without the password could take common camera file names and type in an easily guessable URL without the password then well ya.
     

    1. Re:"Hacking" goes a little far here.. by Sqr(twg) · · Score: 4, Interesting

      So, the question is: Is it illegal to issue HTTP GET requests (that conform to all specifications and obey the robots.txt of the site in question) if the owner of the site didn't intent for the content at that URL to be available to you?

      In other words: Is requesting a (non password-protected) webpage equivalent to representing yourself as someone who is authorized to access than page?

    2. Re:"Hacking" goes a little far here.. by mrbester · · Score: 5, Insightful

      Enough with this shit about "trespass". Property laws ate irrelevant. If a page is publicly available then it is public. If it isn't meant to be public then the onus is on the provider to make it private as in contrast to your house, the web is default public by design.

      --
      "Wait. Something's happening. It's opening up! My God, it's full of apricots!"
    3. Re:"Hacking" goes a little far here.. by Sqr(twg) · · Score: 3, Informative

      What if the sign doesn't say "no entry", but instead "feel free to request any URL that you want" ?

    4. Re:"Hacking" goes a little far here.. by CanEHdian · · Score: 2

      Balancing the budget? :-p

      Close, but no cigar.

      --
      When the copyright term is "forever minus a day", live every day like it's the last.
  3. Bigger Fish by ChadSmith4920 · · Score: 2

    So Chinese college students are reading Obama's unclassified emails and these guys are busted for hacking ebay photos. :-D

    1. Re:Bigger Fish by St.Creed · · Score: 3, Insightful

      The Chinese students were probably smart enough to do it from outside the USA's jurisdiction...

      --
      Therefore, by the (faulty) logic you're using, you're just a cow with a keyboard - osu-neko (2604)
    2. Re:Bigger Fish by Fnord666 · · Score: 2

      So Chinese college students are reading Obama's unclassified emails and these guys are busted for hacking ebay photos. :-D

      No, they were busted for selling software that let others hack eBay photos. I'm not sure how this is any different than the guy who created the website that helps you break into Master padlocks. Both have legitimate uses as well as nefarious ones.

      --
      'The tyrant will always find pretext for his tyranny.' - Aesop's Fables
    3. Re:Bigger Fish by Fnord666 · · Score: 2

      I guess I should have read the indictment beforehand. Apparently they also hacked into Photobucket themselves and sold the access or photos to others. That's very different.

      --
      'The tyrant will always find pretext for his tyranny.' - Aesop's Fables
  4. Re:Seems a bit harsh by rtb61 · · Score: 3, Interesting

    If you read the indictment, they did not just create the code, they actually used it themselves and showed others how to use it by demonstrating it. Now of course comes much greater consequences, their customer base is also in the firing line and they will all be turned over for a reduced sentence. This could lead to a whole bunch of crimes being exposed.

    --
    Chaos - everything, everywhere, everywhen
  5. Photobucket's punishment? by hawguy · · Score: 4, Insightful

    How much jail time did Photobucket executives get for allowing such lax security in their app in the first place? Must be at least twice the 5 years that these two are getting. Maybe more. Right?

    1. Re:Photobucket's punishment? by hcs_$reboot · · Score: 2

      How much jail time did Photobucket executives get for allowing such lax security in their app in the first place? Must be at least twice the 5 years that these two are getting. Maybe more. Right?

      In the eyes of justice, the intention is worth more than the act.

      --
      Slashdot, fix the reply notifications... You won't get away with it...
    2. Re:Photobucket's punishment? by hcs_$reboot · · Score: 2

      But if you leave your window opened, can I record from outside the music you are currently listening to?

      --
      Slashdot, fix the reply notifications... You won't get away with it...
  6. Man talk about straight out if Sci FI by future+assassin · · Score: 3, Interesting

    you get more time for hacking a corporation then you do for manslaughter.

    --
    by TheSpoom (715771) Uncaring Linux user here. I have nothing to add to this but please continue. *munches popcorn*
    1. Re:Man talk about straight out if Sci FI by Anonymous Coward · · Score: 3, Insightful

      As should be the case. the hacking is a malicious, intentional act, with forethought and planning. Manslaughter by definition is neither intentional nor malicious and was done without forethought. One is a crime you intentionally set out to do the other is circumstance/random/accidental.

    2. Re:Man talk about straight out if Sci FI by l0ungeb0y · · Score: 5, Interesting

      By that definition, shoplifters should get 20-30 years. You are one fucked up individual if you think these twerps deserve what amounts to a life sentence over grabbing some nudies. Three to Five years? Sure -- but people like you who support these totalitarian policies are the reason why our country is turning into a Fascist Police State. So fuck you very much for helping to burn our freedoms to the ground you fuck.

    3. Re: Man talk about straight out if Sci FI by Opportunist · · Score: 2

      The relative length. Punishment should be on par with the crime. Else, things escalate. Allow me to give you an example.

      Time and again I hear people call for people who rape, especially if the victim is underage, to be charged like murderers. I can only say that this is a very dangerous proposition. If the charge for rape is the same as for murder, every rape victim WILL be murdered if the culprit is smart. The chance for detection goes down (one less witness) while the punishment stays the same. There would be exactly zero deterrence for a rapist from killing his victim.

      There is a reason why theft (stealing without violence) carries a lower sentence than robbery (stealing with violence or with threat thereof). While criminals usually don't really think about possible punishment in the moment of action, they do so when planning. And when my plan tells me that more violence does not lead to more punishment but less chance to be detected, more violence it is.

      --
      We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
  7. No sympathy is deserved for these idiots. by Anonymous Coward · · Score: 2, Interesting

    These assholes did things they had no moral right to do. They deserve to be punished because they actually committed intrusions, which is
    behavior that is fundamentally different from merely exposing a security flaw.

    To those of you who are spouting off the bullshit "moral relativism" arguments about how the NSA or Obama or some other government entity does things which are wrong "therefore anyone else who does similar stuff should not be punished" : Your thought processes are deeply in need of repair and your personal moral code is as well. A decent human being doesn't look for excuses which will justify or excuse bad behavior ; a decent human being does what is right because it is the right thing to do and avoids doing what is wrong simply because it is wrong, even if no one is watching.

    1. Re:No sympathy is deserved for these idiots. by Anonymous Coward · · Score: 2, Interesting

      It hardly seems more serious than a search engine that fails to look at robots.txt and indexes content anyway.
      They went about it in kind of a nasty way, but “Unauthorized access into a secure computer system” should require at least a remedial level of security. Otherwise, I could just put up a public web site, post a bunch of "private" photos on it without publishing the links, and then watch the logs for all these unauthorized criminals to commit a federal crime by accessing them... Profit?

    2. Re:No sympathy is deserved for these idiots. by CanEHdian · · Score: 3, Insightful

      Welcome to the Star Trek: We're Back fan movie website!

      Episode downloads:

      1. www.strekwb.test/episode1.mp4
      2. www.strekwb.test/episode2.mp4
      3. www.strekwb.test/episode3.mp4

      Episode 4 is ready and we sent the download link to a few people who we think are better than you and get to see it first!

      You're a foul, devious, stinking criminal if you think of trying www.strekwb.test/episode4.mp4 just for the heck of it.

      --
      When the copyright term is "forever minus a day", live every day like it's the last.
  8. This is a crime worse than murder by l0ungeb0y · · Score: 3, Funny

    So it only goes that they receive a fate worse than death. Place them under house arrest and block all network access except to 4chan -- which they shall be forced to moderate. To ensure they actively moderate, they will wear a shock collar around their neck which will administer increasingly painful jolts to prod them into action

  9. Re:Seems a bit harsh by Hognoxious · · Score: 2

    What do you want from us Greeks?

    Olives. Have you got anything else?

    --
    Confucius say, "Find worm in apple - bad. Find half a worm - worse."
  10. Same amount you get for your lax home security by Sycraft-fu · · Score: 2, Insightful

    I mean when someone breaks in to your house, you should go to jail right? After all, your home security sucks. I don't care if you think it is good, it sucks. Virtually nobody bothers with good home security.

    So you should go to jail if someone breaks in... ...or maybe you should reexamine this "blame the victim" attitude so many geeks have with regards to hacking.

    1. Re:Same amount you get for your lax home security by mrbester · · Score: 3, Insightful

      Your home is by default private. The web is by default public. The assumption that a public page is private just because it has your name on it is risible.

      --
      "Wait. Something's happening. It's opening up! My God, it's full of apricots!"
  11. Not sure where you live by Sycraft-fu · · Score: 2

    Here manslaughter is a Class 2 Felony. That means 4 years minimum sentence (or 3 years minimum if there are mitigating circumstances), 10 year maximum (12.5 if there are aggravating circumstances). This is presuming first time offence, and only one count. A repeat offence can bring it up to as much as 35 years.

    So no, doesn't look higher to me. Remember there's a difference between maximum and minimum. When a sentence is "up to" that means "the absolute maximum a court may sentence for a given offence." Usually, there's a fair bit of range in a sentence since the idea is a judge will consider the factors of the individual case.