×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

A Hacker's Audacious Plan To Rule the Underground

ScuttleMonkey posted more than 5 years ago | from the ambition-can-carry-you-just-so-far dept.

Security 313

An anonymous reader writes "Wired has the inside story of Max Butler, a former white hat hacker who joined the underground following a jail stint for hacking the Pentagon. His most ambitious hack was a hostile takeover of the major underground carding boards where stolen credit card and identity data are bought and sold. The attack made his own site, CardersMarket, the largest crime forum in the world, with 6,000 users. But it also made the feds determined to catch him, since one of the sites he hacked, DarkMarket.ws, was secretly a sting operation run by the FBI."

cancel ×
This is a preview of your comment

No Comment Title Entered

Anonymous Coward 1 minute ago

No Comment Entered

313 comments

My Ambition (4, Funny)

Anthony_Cargile (1336739) | more than 5 years ago | (#26335723)

Yeah, many years ago (in my teens) I had the ambition to be "the next bill gates", and now as I write small to medium websites and private applications from my couch, covered in empty red bull cans and small food bags, I think I managed pretty well!

</humor>

Re:My Ambition (-1, Offtopic)

Anonymous Coward | more than 5 years ago | (#26335805)

My ambition was to see FLAMING RED on /.

Like this: http://img209.imageshack.us/img209/79/slasdhotredxv8.jpg [imageshack.us]

Seriously, was there a change in front page I was not aware of? Or it was work of some some audacious hacker?

Re:My Ambition (0)

Anonymous Coward | more than 5 years ago | (#26336005)

It's just CowboyNeal messing wiCARRIER LOST.

Re:My Ambition (2, Informative)

multisync (218450) | more than 5 years ago | (#26336223)

I've noticed a few of these "What's up with teh red stories on teh front page" comments lately. Are the posters truly unaware of the significance of the red border, or are these posts a variation on the Obama turd trolls or something? I've seen similar comments posted in other threads. Some - like this one - even go so far as to post a link to a screen shot, to "prove" that they really saw a story in red!!!

Mind you, I had the same "am I losing my mind?" reaction when the user page was changed without warning or explanation a month or so ago. My troll radar just goes a little crazy when someone questions something only a logged-in subscriber would see but posts a question about it anonymously.

Assuming you're not trolling, subscribers get to preview summaries before they are posted to the front page. The previews are bordered in red, so you know they have not yet gone live.

Re:My Ambition (0, Offtopic)

rk (6314) | more than 5 years ago | (#26336349)

Assuming you're not trolling, subscribers get to preview summaries before they are posted to the front page. The previews are bordered in red, so you know they have not yet gone live.

This is true, but I'm no longer a subscriber, and I've noticed the red border myself a few times. It's enough to make me check if anyone bought me a gift subscription and they haven't. My semi-educated guess is there's some non-atomic publish update occurring, where the article is published, but the "Mysterious Future!" theming is not yet updated.

Re:My Ambition (0, Offtopic)

multisync (218450) | more than 5 years ago | (#26336661)

... I'm no longer a subscriber, and I've noticed the red border myself a few times

Interesting. Being a subscriber, nothing looked out of place to me, and there seems to be a lot of comments like the one I replied to lately. After posting, I noticed this [slashdot.org] one in an earlier story.

My semi-educated guess is there's some non-atomic publish update occurring, where the article is published, but the "Mysterious Future!" theming is not yet updated.

Good point. Never attribute to malice anything that can be explained by buggy slashcode ;-)

Re:My Ambition (0)

Anonymous Coward | more than 5 years ago | (#26336579)

I am not a subscriber, yet have seen many stories in red.

Re:My Ambition (0)

Anonymous Coward | more than 5 years ago | (#26336783)

rk posted above that he experiences the same thing, despite not being a subscriber. Just out of curiosity, do you see it regardless of whether or not you are logged in?

Re:My Ambition (0)

Anonymous Coward | more than 5 years ago | (#26336855)

just fyi i've seen them (rarely) but have never subscribed (paid) to slashdot in my life. (i do have an account, sometimes log in, sometimes dont). so you might want to revisit your theory.

Re:My Ambition (0)

Anonymous Coward | more than 5 years ago | (#26336217)

So you wanted to be the reason millions of computers crash on a daily basis? Why didn't you just write a virus or something?

"Former white hat"? (5, Interesting)

EmbeddedJanitor (597831) | more than 5 years ago | (#26335753)

Sounds like he was always a black hat but just didn't cause enough problems while he still had his training wheels on.

The article leaves out a key piece (5, Funny)

Anonymous Coward | more than 5 years ago | (#26335779)

Posting anonymously for obvious reasons.

I went to school with Max Butler. He's driven by constant challenges. I knew Max as a friend and as such witnessed the same vitriol and hatred he put up with from others who did not understand him. Teachers often openly mocked him, especially in computer science courses.

His escape from it all came from hacking. He noticed he had a particular knack for it. He'd get really engrossed, and it became sort of a downward spiral from there. If you know anyone like him, please do not ostracize him in his forming years. Imagine if he had been a solid, contributing member of society like timecop, or the millions of other good natured people that run trolling organizations that specialize in making fools out of idiots like yourself.

mod parent troll (0)

AIM_is_t3h_sux (891192) | more than 5 years ago | (#26336397)

why is this funny?
it's blatantly insulting slashdot.
do the moderators even know who timecop is?
you all must be new here.

Re:mod parent troll (0)

Anonymous Coward | more than 5 years ago | (#26336975)

Its funny because people like Timecop probably really do believe they're doing something. Meanwhile, mimes continue to contribute more to society.

Re:The article leaves out a key piece (1)

macraig (621737) | more than 5 years ago | (#26336485)

You could be Max Butler himself. for all we know, trying to employ a little PR here.

I'm just sayin'. Your key piece isn't very useful until we actually know that it's true.

Recurring theme (0, Insightful)

Anonymous Coward | more than 5 years ago | (#26336839)

Muhammad (yeah, that one) once had an epiphany, guided to him, at least in theory by the archangel Gabriel and he took this idea to the Hebrews; "I understand you! Better yet, I can improve on what you're doing!" was generally the idea.

They laughed at him, and the world has seen Semites (both Arabs and Israelis) fight to the death since then.

Hitler had ambition to become a painter of great works. He felt he had something to say in the art world, and at some point tucked his paintings under his arm and went to Vienna to show them off. "I understand you- better yet, share in my furthering works!" was the general idea.

More than 150 MILLION people died in the eventual Darwin-inspired war that followed. But to his credit, anyplace Darwin's suggestions are instituted, slavery and genocide are permitted.

It's not surprising that a hacker who doesn't fit in, ridiculed by authority figures can do great harm. Ya see, PRIDE is mankind's downfall.

Pride can be constructive; it makes us work hard and commits us to great works. But pride in it's extreme makes us do horrific things too- murders, shooting sprees and war. The Columbine killers wanted to leave a big story- make a big splash...for their pride.

Satan's favorite tool is pride. With it, a person won't accept there can even BE a God! "Surely I'm too smart for that boring crap" and the man never lifts a finger to answer the eternal question.

Be careful with your pride, aye?

Article? (5, Insightful)

Anonymous Coward | more than 5 years ago | (#26335813)

"Once inside, he sucked out their content, including the logins, passwords, and email addresses of everyone who bought and sold through the sites. And then he decimated them, wiping out the databases with the ease of an arsonist flicking a match."

This seems to be written more like a work of fiction than an account of the hack. The description echo'ed the language used in Jeffery Deaver's "The Blue Nowhere".

Re:Article? (5, Funny)

momerath2003 (606823) | more than 5 years ago | (#26336157)

Wouldn't decimating them mean having to leave 90% of the logins?

CHECK MATE (2, Informative)

synthesizerpatel (1210598) | more than 5 years ago | (#26336199)

If you're going by the Roman definition, modern definition such as 'decimation in time' can mean any size reduction of a set, although I don't think down to zero.

Although, Lindsay Nagel would disagree, since zero is a percent.

Re:CHECK MATE (4, Funny)

rk (6314) | more than 5 years ago | (#26336723)

since zero is a percent.

Please, let's leave the value of my 401k out of this.

Re:Article? (1)

77Punker (673758) | more than 5 years ago | (#26336227)

Yeah, but just one man alone was able to take out 10% with just a few keystrokes! Such horrific power! Which of the remaining 90% will be next?

After he had access, that is. Yeah, this would be written better if it simply said:
"...he was able to take control of the computers. With said control, the computers did everything he told them to do including delete stuff."

Re:Article? (5, Informative)

TheoMurpse (729043) | more than 5 years ago | (#26336761)

Yes, just as "homophobe" only means "afraid of that which is the same as them," "you" is only the polite form of indicating the addressee ("ye" being the casual form), "villa" only means "farm," "awful" only means "deserving of awe," and "girl" only means "young child of either sex," [etymonline.com].

Here's a tip: words change meaning.

Re:Article? (0)

Anonymous Coward | more than 5 years ago | (#26336169)

"Once inside, he sucked out their content, including the logins, passwords, and email addresses of everyone who bought and sold through the sites. And then he decimated them, wiping out the databases with the ease of an arsonist flicking a match." This seems to be written more like a work of fiction than an account of the hack. The description echo'ed the language used in Jeffery Deaver's "The Blue Nowhere".

Yeah, Wired is more entertainment than facts. I guess I'm just thankful we're not linking to yet another top ten somethings of 2008 from them. Talk about soft 'journalism' ...

Re:Article? (1, Insightful)

Anonymous Coward | more than 5 years ago | (#26336951)

Yeah, Wired is more entertainment than facts. I guess I'm just thankful we're not linking to yet another top ten somethings of 2008 from them. Talk about soft 'journalism' ...

Said it before and I'll say it again. Wired is a pretentious, bloated business and consumerist lifestyle magazine. It effectively masquerades as a science and technology publication for those who similarly like to pretend (and probably believe) that they are into those things; when in truth they're not much into science at all, are only really interested in the fetishisation of cutting-edge technology and appropriate both as a lifestyle and fashion accessory.

Re:Article? (2, Insightful)

zappepcs (820751) | more than 5 years ago | (#26336195)

Well, no readership otherwise. For all my SO knows, I could be hacking the great Chinese firewall. She would not know otherwise and would not care. Trying to get Adobe flashplayer 10 64bit alphaOMGpre-release to work on Ubuntu looks exactly the same as hacking the Chinese Embassy's coke machine server to her if there is no narrative to let her know what is exactly happening.

Re:Article? (4, Funny)

multisync (218450) | more than 5 years ago | (#26336289)

"Once inside, he sucked out their content, including the logins, passwords, and email addresses of everyone who bought and sold through the sites. And then he decimated them, wiping out the databases with the ease of an arsonist flicking a match."

This seems to be written more like a work of fiction than an account of the hack.

True, but I'll bet there were lots of cool graphics swirling around his head while he was doing it!

Re:Article? (3, Interesting)

dave562 (969951) | more than 5 years ago | (#26336979)

The article is a work of fiction because the actual details weren't available. The author states at the beginning that the details were recreated from court documents. Given that Poulsen himself is a hacker, it is pretty safe to assume that he guessed pretty closely on the details. There are only so many ways to bust into a web server, and SQL injection along with compromised passwords seems likely enough. As for what he did after he had access, what is so fictional about that? He dumped the data and dropped all of the tables. Ooooo, big stretch of imagination there. We're talking about a serious blend of fantasy and sci-fi right there.

Doofus Maximus (0)

Anonymous Coward | more than 5 years ago | (#26335827)

The first rule of hack club is you don't talk about hack club.

Hope he has fun in "Federal pound me in the ass" prison.

Re:Doofus Maximus (2, Funny)

GOMF (1443581) | more than 5 years ago | (#26335933)

they showed him the real definition of a "Back door" entry method !!!!!! -_~

Honest money (4, Insightful)

Anonymous Coward | more than 5 years ago | (#26335889)

The way I figure it all the effort that goes into making big money doing crime would be better used in the 'real' world.

I live in the ghetto and the skills required to sell drugs/weapons can be easily transferred to the business world rather easily and the income is higher.

Honest money allows me to sleep at night and at the end of this train ride, the books will be balanced and that man in the sky will do the accounting and even it all out.

Re:Honest money (-1, Flamebait)

Anonymous Coward | more than 5 years ago | (#26336643)

Shame that man in the sky doesn't exist. Enjoy your eternity of nothingness loser!

Fiction worthy of Stephen Glass! (0)

Anonymous Coward | more than 5 years ago | (#26335911)

From TFA:The heat in Max Butler's safe house was nearly unbearable. It was the equipment's fault. Butler had crammed several servers and laptops into the studio apartment high above San Francisco's Tenderloin neighborhood, and the mass of processors and displays produced a swelter that pulsed through the room. Butler brought in some fans, but they didn't provide much relief. The electric bill was so high that the apartment manager suspected Butler of operating a hydroponic dope farm.

I am convinced that this story was fabricated by some Stephen Glass [wikipedia.org] wannabe.

White hat? (2, Funny)

Anonymous Coward | more than 5 years ago | (#26336037)

Just showing my ignorance here, but can someone give me a definition of what 'hat colors' mean? Red Hat I know (I guess), but White Hat? Black Hat? Blue Hat?

Someone throw me a bone, here.

Re:White hat? (4, Informative)

Anonymous Coward | more than 5 years ago | (#26336117)

It comes from old Western movies. The "good guy" cowboys all wore white hats, and the "bad guys" wore black hats.

Re:White hat? (1)

moderatorrater (1095745) | more than 5 years ago | (#26336191)

People who hack for "good" reasons are white hat. People who do it for malicious or immoral reasons are black hat.

Re:White hat? (1)

Facetious (710885) | more than 5 years ago | (#26336401)

So is curiosity a good thing or a bad thing?

Re:White hat? (2, Informative)

Xtifr (1323) | more than 5 years ago | (#26336585)

It's a grey area, which is why those who hack purely for the personal satisfaction, rather than for "good" or "bad" motives are called grey hats. :)

Re:White hat? (1)

darthflo (1095225) | more than 5 years ago | (#26336679)

A good thing. A white hat hacker might break into a network out of curiosity, enrich his knowledge and then alarm the network operators of their problems and even help them with plugging those holes. Penetration testers are white hats too.
A black hat would tend to publicize or sell the vulnerabilities without notifying potential victims.
A cracker would destroy or alter files and generally wreak havoc.

Re:White hat? (0)

Anonymous Coward | more than 5 years ago | (#26336299)

white hack:
common definition: hacker working for the good guys
real definition: hacker working for me^Wus.

black hack:
common definition: hacker working for the bad guys
real definition: hacker not working for me^Wus

Re:White hat? (0)

Anonymous Coward | more than 5 years ago | (#26336311)

Going by Final Fantasy here.

White Hat heals people
Black Hat attacks people
Blue Hat is a script kiddie
Red Hat can do a little bit of White and a little bit of Black. Why not Gray is beyond me.

Re:White hat? (1)

Defectuous (1097475) | more than 5 years ago | (#26336503)

Think of old westerns for the answer here. White almost always represents the good guy. Black almost always is the bad guy.

Re:White hat? (5, Funny)

TheoMurpse (729043) | more than 5 years ago | (#26336849)

Don't forget "green hat." Those are hackers who shut down computers across the globe in order to reduce the world's carbon footprint.

Ah. It all becomes clear (5, Insightful)

girlintraining (1395911) | more than 5 years ago | (#26336051)

It wasn't that this guy was whacking other underground sites, it's that he also nailed the FBI's "sting" website. The FBI and him engaged in a turf war, because if there's one thing the government hates, it's stealing. It hates competition.

Catching Max Butler (1, Interesting)

Arancaytar (966377) | more than 5 years ago | (#26336079)

I'm assuming this is a pseudonym? Or is he hiding abroad? Because if his real name is known, he can't be that hard to catch...

Re:Catching Max Butler (3, Insightful)

Emb3rz (1210286) | more than 5 years ago | (#26336141)

I must be new here, because it's difficult for me to believe that you didn't RTFA!

He's in a prison in Pennsylvania playing D&D while awaiting his trial.

Re:Catching Max Butler (1)

Arancaytar (966377) | more than 5 years ago | (#26336377)

Addendumg: RTFA, my bad. I took "made the feds determined to catch him" to mean they hadn't yet, but they have.

Rather interesting line at end of article... (5, Interesting)

GPLDAN (732269) | more than 5 years ago | (#26336215)

Months later, Aragon's lawyer gave him some bad news. The Secret Service had cracked Butler's crypto and knew more about the hacker than Aragon didâ"which meant Aragon would probably never be offered a deal, even if he wanted one.

The USS cracked the Whole Disk Encryption of Max Butler.

Now reading about this guy, does Max Butler seem like the kind of guy who is going to keep his WDE password on his PDA?

No, I didn't think so either.

So, what kind would he be likely to use? dm-crypt under Linux? Commercial PGP? Scramdisk? TrueCrypt?

I think more WDE is backdoored than any of us suspect, and my takeaway from that line is that the commercial products aren't to be trusted.

Re:Rather interesting line at end of article... (5, Funny)

Schemat1c (464768) | more than 5 years ago | (#26336293)

The USS cracked

Sounds like the worst name ever for a ship.

Re:Rather interesting line at end of article... (-1, Flamebait)

GOMF (1443581) | more than 5 years ago | (#26336331)

Dont you watch NCIS ??? that hot goth babe can creack 256 bit encription before the next commercial break !!! as for black hat and white hat, a white hat was supposed to be the ones who would break into a system and not do any damage, but really all hackers are baddies (black hats) when the opportunity allows. Its like the criminals who feel remorse for their misdeeds, what they really feel is sorry they got caught, not for doing it in the first place. I hope he has fun in prison,, its the best place for his ilk.

Re:Rather interesting line at end of article... (1)

rezalas (1227518) | more than 5 years ago | (#26336521)

You know so little that your ignorance almost forms a loop back onto itself right past dumb ass and beyond, taking you right back to knowledgeable. Almost.

Re:Rather interesting line at end of article... (1)

rilian4 (591569) | more than 5 years ago | (#26336831)

ok. I saw the NCIS post and I can't resist...

They usually don't show a lot of the so called "hacking" that McGee(computer geek) or Abbey(the hot goth forensic scientist) partake in on screen thus making them almost believable (not quite) that the agents can actually do what they say they are doing...that said, they blundered badly in one episode. I don't recall which but here's how it played out...

McGee was tasked w/ searching a suspects laptop for data and stated to Gibbs that the hard drive had been 100% wiped out or erased or deleted or something like that. Note that 100% was in the dialog. The scene then quickly cut to a close up of the computer screen (very rare for NCIS) w/ a cutesy graphic displayed on the laptop showing "100% deleted" on top of what was obviously windows explorer in the background.

Most of you will see the error w/ no further explanation but just in case...

You can't run windows on a laptop that has just had its hard disk totally wiped out. Now if the window had been knoppix or other *nix w/ said graphic, I might have believed McGee actually booted the system off a forensic CD/DVD and checked the drive from there but this was a full blown regular looking windows explorer background w/ a cutesy window saying "hard disk 100% wiped"

NCIS is still one of my favorite shows and overall I think they've done a decent job w/ the hacking even if all they do is *not* show us fake graphic hacking screens...this is just one time where they blew it. What is more fake is where that "hot goth chick" can get DNA and fingerprint results back on anybody on the planet before the next commercial break or on a slow day, right after the break.. ;-p

Re:Rather interesting line at end of article... (2, Insightful)

snowraver1 (1052510) | more than 5 years ago | (#26336417)

It could also be that the gov't has farms built for the purpose of cracking encryption. This guy was clealy high on their list, so it was worth the CPU time to crack. Just a guess.

Re:Rather interesting line at end of article... (4, Insightful)

Raenex (947668) | more than 5 years ago | (#26336637)

If the encryption isn't government-farm proof then it's kind of worthless as encryption.

Re:Rather interesting line at end of article... (1)

betterunixthanunix (980855) | more than 5 years ago | (#26336787)

The probably just brute forced the key. It probably required a significant amount of time -- the article does not actually give timescales here, and Aragon's trial could have taken nearly two years, considering the high level operation that we are talking about here. With that much time, and the priority of the case, I would not doubt that the government could have devoted enough CPU time to brute force the password.

There are other ways that they could have gotten the password. For example, they could have analyzed the wear on each key from his keyboard, to figure out which letters were more likely to have been used in a password. It would not have cracked the password instantly, but it would remove many months of work from the process.

Re:Rather interesting line at end of article... (5, Interesting)

Anonymous Coward | more than 5 years ago | (#26336747)

The thing is: people keep saying that good crypto, while breakable, isn't realistically breakable, by which they mean using the entire computational resources of the planet running continuously for thousands of years. No matter how big any government's encryption-cracking farm, it should be a problem orders of magnitude too large. Twofish, for instance, is estimated to take 32 Petabytes of text [wikipedia.org] before any significant progress could be made on decrypting it, while Blowfish [wikipedia.org] has "no known way to break".
So the question becomes: does the government have quantum computers, and hasn't let on (and if so, why use them on something like this and let the secret out) or are there vulnerabilities in what we're all calling 'good crypto'.

Or, much more likely, did he actually use good cryptography programs, or did he do something stupid? (Or did the government install keyloggers on his equipment or any of a multitude of other ways of attacking the problem that doesn't involve brute-forcing TrueCrypt, for instance.)

Re:Rather interesting line at end of article... (1)

MostAwesomeDude (980382) | more than 5 years ago | (#26336775)

There's only a few algorithms used in WDE, and of those, only AES and CAST have had any chance to be altered by governments. In particular, Blowfish and Serpent are, according to quite a few people, very reliable.

I personally find it very telling that the US government turned down Blowfish despite larger keysize, longer keyspace initialization, non-fixed S-boxes, and better performance, compared to AES.

At any rate, almost none of the current algorithms out there can be brute-forced, period. They're just too big.

Re:Rather interesting line at end of article... (1)

betterunixthanunix (980855) | more than 5 years ago | (#26336829)

It is very unlikely that the US government would deliberately sabotage the encryption standard for the entire country. It is asking for trouble to do so, since foreign powers are known to be engaged in hacking campaigns against US businesses and agencies, and back doors could be discovered by those powers. I thought we learned this lesson with DES, when the government demanded different S-boxes without telling anyone why, and the S-boxes they chose turned out to make the algorithm more resilient to differential attacks?

Re:Rather interesting line at end of article... (1)

rilian4 (591569) | more than 5 years ago | (#26336853)

It could also be that the gov't has farms built for the purpose of cracking encryption...

They do, it's called the National Security Agency. A whole department devoted to encryption/decryption.

Re:Rather interesting line at end of article... (0)

Anonymous Coward | more than 5 years ago | (#26336427)

Question is, are the GPL ones more trustworthy? If the back door is in the algorithm, AES (which comes from NSA), then Kaboom!

Re:Rather interesting line at end of article... (1)

GOMF (1443581) | more than 5 years ago | (#26336467)

I think there is justa restriction on the encription key length, so that with a good amount of processing power you can crack it without too much effort. the GLP'ed code is viewable, so a backdoor would be hard to get away with.

Re:Rather interesting line at end of article... (3, Informative)

jjohnson (62583) | more than 5 years ago | (#26336529)

AES does not come from the NSA. "AES" stands for "Advanced Encryption Standard", and the algorithm selected, Rijndael, comes from two Belgian cryptographers, Joan Daemen and Vincent Rijmen, who submitted it to the AES selection process. All algorithms that took part were publicly evaluated for five years by the cryptography community at large, and Rijndael was selected pretty much by public acclaim.

Re:Rather interesting line at end of article... (2, Insightful)

Cyberax (705495) | more than 5 years ago | (#26336587)

The main problem with encryption now is that you can't remember good enough keys anymore.

It's quite possible to brute-force ten-letter alphanumeric passwords. With some assumptions it should be possible to brute-force even larger passwords.

Fun with exponents (4, Interesting)

Chmcginn (201645) | more than 5 years ago | (#26336735)

It's quite possible to brute-force ten-letter alphanumeric passwords. With some assumptions it should be possible to brute-force even larger passwords.

If cracking a full-disk encryption with a ten-character password takes only five seconds, an eleven-character (assuming that it's case sensitive) password is going to take five minutes. A twelve-character will take about five hours. A thirteen-character, almost two weeks. Fourteen, two years.

Re:Fun with exponents (1)

Cyberax (705495) | more than 5 years ago | (#26336821)

Nope. Effective password alphabet is about 70 characters (26*2+10+punctuation).

You can also assume that passwords are unlikely to have 4 or more consecutive punctuation marks, contain parts of dictionary words, etc.

Re:Fun with exponents (1)

betterunixthanunix (980855) | more than 5 years ago | (#26336867)

Hi! I am a government agency hell bent on figuring out your password. Where do I begin?
  1. Go for it, throwing all my CPU time at and trying everything possible
  2. Take your keyboard and analyze the wear on each key, so I can tell which letters you are most likely to use and use that to tip the odds in my favor.
  3. Review your entire life, looking for clues about how you might try to pick passwords.
  4. Some combination of (2) and (3), plus other techniques that would allow me to shave years off of the work of brute forcing the password

Re:Rather interesting line at end of article... (0)

Anonymous Coward | more than 5 years ago | (#26336691)

Someone I know in the US intelligence field stated that most crypto he came across in the field could be backdoored. Since that statement I've been highly skeptical of everything not tried and true open source.

Why didn't the FBI do the disruption? (1)

daigu (111684) | more than 5 years ago | (#26336337)

Most illegal online loot was fenced through four so-called carder sites--marketplaces for online criminals to buy and sell credit card numbers, Social Security numbers, and other purloined data. One by one, Butler took them down.

The obvious question: why didn't the FBI do this rather than set-up a honeypot site? I understand the focus on gathering evidence, but it is interesting the disruption isn't a more important part of the law-enforcement toolkit.

Re:Why didn't the FBI do the disruption? (2, Insightful)

iluvcapra (782887) | more than 5 years ago | (#26336647)

>

The obvious question: why didn't the FBI do this rather than set-up a honeypot site?

Police and prosecutors are rewarded based on the number of arrests and convictions, and not necessarily on reduction in crime?

Re:Why didn't the FBI do the disruption? (2, Informative)

wjh31 (1372867) | more than 5 years ago | (#26336663)

would you like to give them the legal right to disrupt any website they felt fit before they had enough evidence to proove wrong doing. If there is wrong doing then gather evidence and prosecute and shut down for good, if there isnt wrong doing, leave it, dont cause disruption just because someone has a hunch, or whatever other motives any paranoids/conspiricists/etc would like to add

Re:Why didn't the FBI do the disruption? (1)

betterunixthanunix (980855) | more than 5 years ago | (#26336899)

They are probably not allowed to do it, by law. Until they can prove that a computer is being used for illegal purposes, hacking their way into it and messing with the data stored on it is more likely to get the criminals off "on a technicality" than get them locked away for life.

Max Butler In One Word: (0)

Anonymous Coward | more than 5 years ago | (#26336459)

Moron.

Sincerely,
Kilgore Trout

Kilgore Trout In One Word: (0)

Anonymous Coward | more than 5 years ago | (#26336685)

Coward.

Sincerely,
Theodore Sturgeon

icebreaker (1)

bugs2squash (1132591) | more than 5 years ago | (#26336471)

recently operation icebreaker brought down some local meth dealers. I bet the same name had been used for similar stings hundreds of times.

Now operation DarkMarket turns out to be a Fed-run honeypot.

How hard could it be to make a dictionary of likely FBI operation names, or even an application to rank the probability of a domain name being based on operation names that have been used on TV in the past ?

Not exactly (4, Interesting)

Chmcginn (201645) | more than 5 years ago | (#26336635)

Now operation DarkMarket turns out to be a Fed-run honeypot.

Not exactly true. One of the admins was compromised after an arrest, and rather than shutting it down, they kept it running for a bit longer, planning on setting up big buyers for eventual busts.

Re:icebreaker (1)

wjh31 (1372867) | more than 5 years ago | (#26336703)

dark market was the name of the sting website, not neccecerily the operation, how likely are you to hear the name of an operation at a time such that you can know its something related to what you are doing, where would a meth dealer have herd someone say 'operation icebreaker'?

Obsession (4, Insightful)

BountyX (1227176) | more than 5 years ago | (#26336791)

Hacking is an obsession and an addiction. It can easily take over your life, especially if you are good at it. Finding your next target is like getting in your next fix. It offers the ultimate escape, diversion and self-esteem. In a sense, it is a power trip. The kind of rush you expirience when your skills pay off is incredible. For some, it is a rush better than sex and drugs combined. It adds a new dimension to an otherwise mundane and seemingly predictable reality. Some perspective ;)
Load More Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Sign up for Slashdot Newsletters
Create a Slashdot Account

Loading...