×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Microsoft Tricks Hacker Into Jail

Zonk posted more than 8 years ago | from the ha-ha dept.

Microsoft 284

CompotatoJ writes "Wired News reported that William 'IllWill' Genovese was sentenced to prison after being tricked by a Microsoft Investigator offering to pay $20 for a copy of the secret source code. From the article: 'The investigator then returned and arranged a second $20 transaction for an FBI agent, which led to Genovese's indictment under the U.S. Economic Espionage Act, which makes it a felony to sell a company's stolen trade secrets ... [Microsoft] has also expressed fears that making its source code public could allow hackers to find security holes in Microsoft products -- though, so far, intruders are doing fine without the source.'"

cancel ×
This is a preview of your comment

No Comment Title Entered

Anonymous Coward 1 minute ago

No Comment Entered

284 comments

Semantics... (-1, Flamebait)

gowen (141411) | more than 8 years ago | (#14597369)

You say "tricked", we say "entrapped". It's just semantics.

Re:Semantics... (5, Informative)

Richard_at_work (517087) | more than 8 years ago | (#14597413)

Entrapped means the person was talked into doing something they otherwise wouldnt have done, tricked has similiar connotations. In this case I would say Microsoft caught him fair and square, and the transaction provided all the evidence required to jail him. Good riddance I say.

Re:Semantics... (5, Insightful)

SeekerDarksteel (896422) | more than 8 years ago | (#14597420)

No, I don't think anyone says "entrapped" because this case has as much to do with entrapment [wikipedia.org] as it has to do with tea in China. Entrapment requires an agent of the government to coerce someone into comitting a crime they would not otherwise commit. In this case, the guilty party offered the source for sale on his website. This is like someone putting up a sign saying "Crack For Sale" in their yard. He was offering regardless of police interference. That's as far from coercion as you can get.

Re:Semantics... (-1, Troll)

Anonymous Coward | more than 8 years ago | (#14597543)

u r s00pid. m$$c$r$o$ft is teh 3v1l. p00r h4x00r is victim 0f mic$$$#oft$$$. bil$L gat$$$$ shuld b sh00t and pwn3d in teh he4d.

Re:Semantics... (4, Informative)

Shihar (153932) | more than 8 years ago | (#14597589)

Parent is absolutely right. The "summary" couldn't be any more wrong then it is.

First, this guy was not a 'hacker'. He downloaded the source from a P2P program. My mother could do that.

Second, if anyone had bothered to read the actual article, they would see there was absolutely no entrapment here. He downloaded the software and offered it up for sale on his website. The only 'entrapment' was that an agent bought what he was already offering. This guy was an idiot. He wasn't pushed by the authorities into doing anything illegal. Hell, he was the only one to be indited even though everyone and their dog has thsi source code because he was the only one stupid enough to try and sell what was freely avaliable. Not only that, but he already had a rap sheet.

This guy was just a moron, pure and simple.

Is somebody missing a sig? (1)

vm146j2 (233075) | more than 8 years ago | (#14597659)

FTA I like music, so I took some radios of kids I hated in high school. I like computers, so I hack.

The hacker's code...

Re:Semantics... (4, Funny)

RandoX (828285) | more than 8 years ago | (#14597699)

He downloaded the source from a P2P program. My mother could do that.

Really? Would she be interested in selling it? Please, speak a little louder... :)

Re:Semantics... (4, Funny)

Basehart (633304) | more than 8 years ago | (#14597739)

"Hell, he was the only one to be indited even though everyone and their dog has thsi source code"

After reading this I became curious and checked my dog's bedding, and sure enough I found a copy of the Microsoft source code.

Not entrapment (4, Informative)

msobkow (48369) | more than 8 years ago | (#14597475)

For it to be entrapment, someone would have had to approach him with an offer to buy the stolen source code. He posted an offer to sell the source code on a website, so he initiated the exchange.

Re:Not entrapment (1, Interesting)

Anonymous Coward | more than 8 years ago | (#14597545)

I think everyone other than Microsoft realized the offer to sell was not meant to be taken seriously.

$200? (5, Funny)

Tx (96709) | more than 8 years ago | (#14597374)

You paid $200 for the Windows source? Dude, you got ripped off!

Re:$200? (-1, Redundant)

suso (153703) | more than 8 years ago | (#14597409)

Actually, I would feel stupid if I accepted anything less than $200 for the source code. I would look for someone who was willing to pay at least $20,000 if not more.

Re:$200? (5, Funny)

Elitist_Phoenix (808424) | more than 8 years ago | (#14597558)

I paid $200 for Windows and the source code wasn't included. I got ripped, I mean how am I meant to get applications to compile when I don't have the full kernel source?!

Re:$200? (0)

Anonymous Coward | more than 8 years ago | (#14597778)

I didn't pay $200 for windows and I didn't even get it :P

Re:$200? (1)

smchris (464899) | more than 8 years ago | (#14597688)

William 'IllWill' Genovese was sentenced to prison after being tricked by a Microsoft Investigator offering to pay $200 for a copy of the secret source code. From the article: 'The investigator then returned and arranged a second $20 transaction for an FBI agent

Actually, sounds like Microsoft got the FBI a deal. Maybe we should put them in charge of the GSA and the government wouldn't be paying $5000 for popcorn poppers.

Summary wrong, $20 not $200 (5, Informative)

Agelmar (205181) | more than 8 years ago | (#14597376)

The summary is wrong. It says the investigator paid $200. From TFA:
"According to court records, an investigator hired by Microsoft took Genovese up on his offer and dropped two Hamiltons on the secret source code". Hamilton is on the $10 bill, not the $100 (That would be Franklin). Two Hamiltons is $20, hence the next sentence saying "...another $20 transaction..."

Re:Summary wrong, $20 not $200 (4, Funny)

John Nowak (872479) | more than 8 years ago | (#14597386)

Submitter actin' like he never seen a ten before.

Re:Summary wrong, $20 not $200 (1)

Zenmonkeycat (749580) | more than 8 years ago | (#14597755)

Maybe he's really rich and he never has to look at anything below a Grant. Or maybe (probably) his entire life savings is invested in one "really nice-looking" Lincoln. Hey, it /is/ a 1995 series, which means it /could/ go up in value!

Those guys at Microsoft are smarter (-1, Troll)

cameronjdavis (946172) | more than 8 years ago | (#14597382)

Smarter than they look and Bill Gates looks like a supersamrt geek so that gives u some idea.

Re:Those guys at Microsoft are smarter (3, Informative)

NetRAVEN5000 (905777) | more than 8 years ago | (#14597450)

No, they're not - they didn't even catch the person who stole it.

It even says in TFA:
"Genovese would have had a viable defense had he gone to trial, because the documents were widely available on peer-to-peer networks at the time of the sale, said Mark Rasch, a former Justice Department cybercrime prosecutor.

'This guy didn't participate in the misappropriation, and probably didn't conspire with anybody to misappropriate it,' said Rasch, a vice president at security company Solutionary."

Available on P2P? (5, Insightful)

killeena (794394) | more than 8 years ago | (#14597383)

I haven't exactly gone looking for it or anything, but isn't the Windows source code available on P2P?

If so, that is pretty damn stupid to be selling something that is readily available like that. I am betting these undercover folks would be his only customers.

Re:Available on P2P? (1)

NetRAVEN5000 (905777) | more than 8 years ago | (#14597429)

I'm sure it's available on P2P. . . but do you really think MS doesn't also have fake versions on P2P? Plus, it's probably a HUGE download, so it'd take forever on P2P - but I'm assuming the guy is burning it to a CD when he sells it or making it available through a high-speed connection.

Re:Available on P2P? (3, Funny)

Anonymous Coward | more than 8 years ago | (#14597945)

When you download it from P2P, it looks so full of bugs and poorly written, it can't be the real thing!

Re:Available on P2P? (1)

Kadin2048 (468275) | more than 8 years ago | (#14597516)

I think that's essentially going to be the guy's (admittedly lame) defense -- he didn't actually acquire/misappropriate the source from Microsoft originally, it sounds like he got it from P2P, and then offered it on his website and burned it to CD (or something else) and gave it to the undercover investigator for $20.

I'm not entirely certain with how trade secret law works -- my very vague understanding of it was that you can only go after the first person who steals it from you; once the secret gets into the public domain, secondary redistribution isn't punishable. Perhaps that only works if the distributer can argue successfully that it had already been so diluted, it wasn't a trade secret anymore.

Regardless of the trade secrets, they almost certainly have him for copyright violations anyway, so when the Feds get done with him, then they can move in with a civil suit to fight over the corpse.

Re:Available on P2P? (3, Funny)

geoffspear (692508) | more than 8 years ago | (#14597749)

I'm not entirely sure how law works either, but if you think he's going to use that or anything else as his defense, when he's already been covicted and sentenced, you understand the law a lot worse than most people.

See, you're supposed to defend yourself before you're sent to prison.

electronic monitoring (4, Funny)

digitaldc (879047) | more than 8 years ago | (#14597387)

...will serve three years of supervised release following his prison term, during which he'll be subject to electronic monitoring through special software installed on his computer

Looks like they have finally found a legal use for the Sony Rootkit.

Re:electronic monitoring (1)

frinkacheese (790787) | more than 8 years ago | (#14597484)

This special software on his computer could be whats stopping him from using Linux on the desktop....

Re:electronic monitoring (1)

dchallender (877575) | more than 8 years ago | (#14597705)

From the article
"At the time of the source-code sale, Genovese was on probation for computer trespass and eavesdropping after breaking into some private computers and installing keystroke-logging software."

Wonder if the "monitoring software" is something he is already intimately familiar with..?

Ah, so THAT'S how they can get away w' entrapment. (-1, Flamebait)

Caspian (99221) | more than 8 years ago | (#14597389)

I see now. Since the government isn't supposed to engage in entrapment, private companies will. And since private companies are now becoming increasingly indistinguishable from governments... I guess we're all fucked.

Re:Ah, so THAT'S how they can get away w' entrapme (1)

InsaneGeek (175763) | more than 8 years ago | (#14597457)

Why exactly do you think this is even remotely like entrapment? Here's a thought, since you obviously don't know what entrapment is, why don't you go and look up what it means before you engage your fingers here again.

Re:Ah, so THAT'S how they can get away w' entrapme (0)

Anonymous Coward | more than 8 years ago | (#14597772)

Actually -- it is EXACTLY like entrapment.

Entrapment is not illegal -- its just not allowed by gov't agents. If someone burglerizes your house and you hear that a local scum merchant has gotten his hands on it -- you can give the pawnshop owner $200 to 'find' this shit telling him there was something that you didn't want the owners to know about in it and if just out of the goodness of his heart, he seems to find it -- you can call the police and have his ass arrested. He has proven he didn't care that he was selling it back to the rightful owners and was willing to sell stolen goods to the highest buyer.

This is a form of entrapment. And its legal. And its not even immoral.

In this case, the guy has a website where he is BRAGGING that he has something that he didn't even have, someone offers him money for it and he goes out and finds it -- because, well, he was hard up for the cash and like, errr, everyone is doing it anyways -- this guy is both an idiot and a criminal and deserves more jail time for the idiot part than the crime.

Its as if he were bragging that he found a backpack full of drugs to all his friends and one of his friends dads tried to buy it off of him....hmmm...I could actually make some money on this...and goes out and finds some drugs and sells it to him. There is no difference in the eyes of the law in that, no, he wasn't a drugdealer until someone enticed him to do so, but he had already set the wheels in motion that pushed himself to it.

In the nonhypothetical, he could have told the guy no -- I don't have the Microsoft stuff and never have -- but he kept the deception up and even the second go around when he DID claim he no longer had it -- he still said he could find it again and get it to him.

Again, this is entrapment...and entrapment was barred from law enforcement solely because guys that weren't involved with ANYTHING and never claimed to be were being asked to do something that a reasonable person might undertake given the circumstances (Hey guy, I have $5k if you can point me in the direction of a drug dealer -- I *HATE* drugs and for that kind of money, I might point the idiot in the way of a drug dealer as well). An average citizen or even a corporate citizen is under no such obligations -- and yes, it can still be argued in court that it was entrapment and a jury would listen and judge based on that...I know the times I've been in a jury I've voted with both the law AND what a reasonable person should have done -- and I know others that have done the same thing (i.e., Jury Nullification...it should be taught to EVERY citizen...I don't think that if you nullify one case it should set precident for others, but I think in specific cases, it is very useful and every case should be judges on both law and what a reasonable person would do).

Anyhooo...posting this anonymously because of my employer.

Re:Ah, so THAT'S how they can get away w' entrapme (0)

Anonymous Coward | more than 8 years ago | (#14597929)

Since you have no idea what entrapment is (hint it involves more than lying to someone) here is what it means.

In jurisprudence, entrapment is a procedural defense by which a defendant may argue that they should not be held criminally liable for actions which broke the law, because they were induced (or entrapped) by the police to commit said acts. For the defense to be successful, the defendant must demonstrate that the police induced an otherwise unwilling person to commit a crime. However, when a person is predisposed to commit a crime, offering opportunities to commit the crime is not entrapment, such as in the widely held misconception that policemen must answer questions truthfully if they are asked the same question three times, or that they must say "yes" if asked if they are a police officer.

By definition, if its not entrapment unless its a government agent doing it. Also, your (wrong) defination seems to think the only requirement for entrapment is there must be some (any) enticement! By that definition basically everything anyone does would be considered entrapment! So if someone robs a bank because they want money. Then the money enticed them, so they were entraped? Or if I eat a humburger because it sounds good and entices me, have I just been entraped?

Re:Ah, so THAT'S how they can get away w' entrapme (0)

Anonymous Coward | more than 8 years ago | (#14597613)

do you not understand how things work?

An undercover agent get's a retarted drug dealer to sell him a bunch of Crystal meth, dealer get's busted. Duh, this is how police have worked for thousands of years.

Just because you have no idea how law enforcement works does not make things any different.

Re:Ah, so THAT'S how they can get away w' entrapme (4, Interesting)

ScentCone (795499) | more than 8 years ago | (#14597684)

I see now. Since the government isn't supposed to engage in entrapment, private companies will. And since private companies are now becoming increasingly indistinguishable from governments... I guess we're all fucked.

Are you so anxious to hate private businesses, and to think it's cool if people try to make $20 off of their stolen source code, that you're willing to pretend this jerk didn't advertise for the sale of the source code on his own web site? He wasn't "entrapped," he was advertising stolen stuff. Plus, he's obviously a complete moron.

As for private companies looking after their own welfare... why do you supposed that retailers are forced to have security guards? Retails stores, especially the ones selling expensive, eBay-friendly stuff, are hit constantly by shoplifters and scam artists. But most local taxpayers would scream bloody murder if they had to pay for enough police officers to have one on hand in every department store in every mall, 7 days a week. So, private security is a big and (unfortunately) completely necessary line of work.

You also seem to be forgetting about corporate/international espionage. Companies working on competitive products - especially those performing very expensive research - have to be continually vigilant against both inside and outside theft of their trade secrets, materials, financial plans, marketing campaigns, etc. If they don't use private security to help them deal with that, their only choice is to just put up with the consequences of seeing, say, a factory in China starting up production on something that the ripped-off research company just spent millions of dollars figuring out how to make, or they could... ask the government to provide trade security for every company? What would you say then, that the taxpayers are being forced to serve the coporations, blah blah blah? Exactly. So, when a company with a lot at stake has their own security people urgently tracking down people that are ripping them off (even some complete idiot advertising astoundingly sensitive stolen O/S source code for sale on his web site, and willing to take $20 for it), you can hardly bitch. Unless your position is that it's cool to steal sensitive information and sell it, in which case, let's start with yours: I can probably make $20 with your SSN and some other personal details. And that's too small to bother the police with, so I'm home free since you clearly don't think it's ethical for you to personally track down someone who rips you off.

Oh, and try one of those fancy new high-tech online dictionaries. You can immediately, and without fear of prosecution, learn what entrapment [m-w.com] actually means.

Re:Ah, so THAT'S how they can get away w' entrapme (2, Informative)

Jamesonius (824274) | more than 8 years ago | (#14597780)

For everyone who's ready to jump on this and scream "Entrapment!" let's do two things first:

1. Read TFA. From TFA: "Like many others, Genovese downloaded a copy. Unlike others, he posted a note to his website offering it for sale."

2. Learn TFD of Entrapment. From Wikipedia [wikipedia.org] : Entrapment is when someone is "induced (or entrapped) by the police to commit [a crime]. For the defense to be successful, the defendant must demonstrate that the police induced an otherwise unwilling person to commit a crime."

Come on everybody, think. You hear Microsoft and US Government and you assume they set the guy up, cuz they are *always* wrong.... He knowingly broke the law, he did that a lot. No news here.

Crown Jewels! (5, Funny)

LiquidCoooled (634315) | more than 8 years ago | (#14597392)

The company has long maintained that the source code to Windows and other products are its crown jewels, and that making the code public could cause serious harm by stripping it of trade-secret status, and allowing competitors to duplicate the functionality of Microsoft software.

Come on - anybody can code up a BSOD if they really want to.

Should Mark from sysinternals [sysinternals.com] be worried?

Re:Crown Jewels! (0)

Anonymous Coward | more than 8 years ago | (#14597513)

Should Mark from sysinternals be worried?

Yes; he encourages Win9x users to copy software from Win2k machines to their own, so perhaps Microsoft will try to send him to jail also.

In all seriousness though, I totally agree. There is nothing in the Windows source that is so brilliant that a competitor would need to copy it. In fact, there are very few original or unique ideas in there at all!

If Microsoft wants to make the claim that the Windows source is so valuable, then they need to produce higher-quality software.

Re:Crown Jewels! (0)

Anonymous Coward | more than 8 years ago | (#14597647)

"Should Mark from sysinternals be worried?"

Anyone else use that screensaver? I tried it once at work but it was so realistic (and common) that other coworkers would end up restarting a non-hung box out of habit! The implication is sad.

Re:Crown Jewels! (4, Funny)

Andrewkov (140579) | more than 8 years ago | (#14597913)

As a general rule of thumb, don't install that screensaver on a server. Trust me on this.

Source code? (1)

frinkacheese (790787) | more than 8 years ago | (#14597393)

[Microsoft] has also expressed fears that making its source code public could allow hackers to find security holes in Microsoft products

But surely this is good as it'll result in a better, more secure product in the end?
I really do not see what is so secret about Windows source code, what trade secrets can you possible hide in it apart from sekret protocol dox?

He paid $20 for the Microsoft source code?! (-1, Redundant)

Anonymous Coward | more than 8 years ago | (#14597394)

Is it worth that much?

This is sooo untrue! (2, Funny)

cablepokerface (718716) | more than 8 years ago | (#14597432)

I heard recently about three hackers which were charged but microsoft later dropped all charges and decided not sue. I believe their names were Whitman Price and Haddad.

Re:This is sooo untrue! (0)

Anonymous Coward | more than 8 years ago | (#14597731)

Didn't those guys win last season's The Amazing Survivors?

Story from a first-person perspective (4, Informative)

nstrom (152310) | more than 8 years ago | (#14597449)

You can read about this arrest from a first person perspective at William Genovese's website here [illmob.org] . An interesting read, and he lists some of the e-mail and snail mail addresses used in the sting against him.

So in theory, I can put Microsoft in jail, too (0, Offtopic)

layer3switch (783864) | more than 8 years ago | (#14597462)

Only if I can sucker Microsoft to buy the Brooklyn Bridge...

---
Don't let the fools fool you. They are the clever ones."

Entrapment (1, Redundant)

Fiachra06 (945611) | more than 8 years ago | (#14597479)

Unfortunatle it only counts as entrapment if the offer is made by a member of a law enforcment agency. Funny thing though technically if it's illegal to sell the stuff I would assume it's illegal to buy it so the microsoft investigator committed a crime too. If I were to buy illegal narcotics from someone and then tell the cops about it I would most likely be done for possession. These are the things I think about when I should be working. Ho hum.

Re:Entrapment (1)

gromitcode (888226) | more than 8 years ago | (#14597502)

no it would not have been entrapment EVEN if it was a government law official, look up the meaning of entrapment before posting. entrapment requires a government official to talk into or coerce someone to do something illegal that they otherwise would not have done, this moron offered the code for sale on his web site and then followed through on his offer when approached. no entrapment, just another moron.

Re:Entrapment (1)

TheRaven64 (641858) | more than 8 years ago | (#14597530)

Microsoft owns the Windows source code, so they are presumably allowed to buy and sell copies of it. If you bought something someone had stolen from you[1], then you would probably not be liable for handling stolen goods. If you arranged to buy something that had been stolen from you, had the police arrive at the exchange, and were able to prove that the item had originally belonged to you (and been stolen), then this would probably lead to a quick arrest.

[1] Yes, copyright infringement is not theft, but the concept of original ownership is the same in both cases.

Re:Entrapment (1)

BarryNorton (778694) | more than 8 years ago | (#14597638)

Unfortunatle it only counts as entrapment if the offer is made by a member of a law enforcment agency
The offer was made by the defendent (advertising on his web site), so entrapment doesn't come into it...

Secure?! NEVER! (0, Offtopic)

Kranfer (620510) | more than 8 years ago | (#14597481)

Microsoft products will never be secure, if the source code is released or not. No ifs ands or buts about it. End of story. Run Microsoft Windows, allow people access to everything you do online.

Notice corporate rights vs personal rights (3, Insightful)

Anonymous Coward | more than 8 years ago | (#14597491)

Pamela Anderson's private home sex video stolen and sold is legal to sell because it's public interest a judge ruled.

Microsoft source code stolen and sold is industrial espionage with 3 year sentence.

Re:Notice corporate rights vs personal rights (0)

Anonymous Coward | more than 8 years ago | (#14597598)

It's really sad that personal rights and corporate rights have flipped so much. It use to be corporations had no rights. Someday this back-asswords world will be fixed. =/

hacker? (1)

jtalerico (950602) | more than 8 years ago | (#14597509)

I do not see how he is a hacker? It was some guy that has Kazza running and came across something that seemed cool... So he downloaded it! How is that a hacker? I am pretty sure my grandmother could get a P2P program running and possibly come across the source code and download it. What a crock.

Re:hacker? (0)

Anonymous Coward | more than 8 years ago | (#14597777)

Yeah a true hacker would have downloaded the source code and made a new BSOD for it, an ansi art version. Then instead of selling it he would changed a few things in it and GPLed it.

Why pay $200 when you can just get the BitTorrent? (0)

Anonymous Coward | more than 8 years ago | (#14597514)

He should have known it was entrapment,
because only a n00b or a fed would offer to pay $200 for something that can be downloaded for free.

Technically Speaking . . . (5, Insightful)

Dausha (546002) | more than 8 years ago | (#14597524)

"Microsoft Tricks Hacker Into Jail"

That's not a very good headline. I mean, aren't many /.ers who write code self-described hackers? This guy was trading in pirated software. So, he is a "Pirate," not a "Hacker." I'd complain about the editing, but this is /..

Ben

Re:Technically Speaking . . . (0)

Anonymous Coward | more than 8 years ago | (#14597875)

I'd complain about the editing

You just did.

And hacker is a catch-all for most pirates, crackers, phreakers, script kiddies, etc. Just deal with it and move on.

Not a hacker, and not very tricked (5, Interesting)

vm146j2 (233075) | more than 8 years ago | (#14597533)

FTFA Genovese would have had a viable defense had he gone to trial, because the documents were widely available on peer-to-peer networks at the time of the sale, said Mark Rasch, a former Justice Department cybercrime prosecutor.

"This guy didn't participate in the misappropriation, and probably didn't conspire with anybody to misappropriate it," said Rasch, a vice president at security company Solutionary. "Once it's posted online, it's just not secret anymore. At some point it becomes public information."


Microsoft must be getting really serious 'bout this issue; not any security issue, mind you, but a PR one, thats for sure.

They went after some guy who tried to sell what he found, and then was dum enuf to sell for $40 online, but who had no connection whatsoever to leaking anything, and, by his own description, is less than the sharpest tack in the bulletin board:

"Basically, everything I do, I do ass-backwards," Genovese said in an instant-messaging interview ahead of Friday's sentencing. "I like drawing, so I spray paint. I like music, so I took some radios of kids I hated in high school. I like computers, so I hack."

Selling other people's stuff that you find laying around may not be legal or especially smart, but making a big deal out of the 800 billion lb. gorilla "catching" a petty criminal in the act ain't much news, either, unless MS wants to spend their PR highlighting their own incompetence....Oh, now I get it.

The open source method (1)

quickbasicguru (886035) | more than 8 years ago | (#14597584)

[Microsoft] has also expressed fears that making its source code public could allow hackers to find security holes in Microsoft products

I guess Microsoft thinks having many eyes on the source won't work as well as it does for the open source projects...

Re:The open source method (1)

claus.rosito (913183) | more than 8 years ago | (#14597660)

yeah, right, making the source code makes software a lot more insecure and vulnerable to attacks, like linux, freebsd, etc.

we should start thinking about a campaign to make windows free software and open source. we should put the code in a public cvs or subversion server and start making a better and safer os out of it.

there is the example of transport tycoon, a great game written in the mid '90s. the developer didn't want to update it any further or add any new features. a group of enthusiasts created openttd (www.openttd.org), which is opensource, based on the original- and much better than the original.

Trade secret law? (5, Interesting)

Dr. Manhattan (29720) | more than 8 years ago | (#14597595)

My understanding was that if a trade secret gets out, the company doesn't really have any legal standing to go after people distributing it. They can go after the people who leaked or stole it, provided they actually did something illegal in the process of discovering it, but people that they give the secret to (so long as they weren't co-conspirators in the illegal acts) didn't do anything wrong under the law.

So apparently this is wrong, or at least has been amended a bit by the act referenced in the summary. Would this guy have been in the clear if he'd just been offering a trade secret for download? (With source code, it's complicated by the fact that the code is subject to copyright, too, though. What if we were dealing with, say, the formual for Coca Cola, to take the canonical example?)

Microsoft Entraps Downloader into Jail (0)

db32 (862117) | more than 8 years ago | (#14597614)

Seems like a more appropriate headline. But how can you blame Microsoft? I mean really, the Microsoft vs DoJ thing already proved the DoJ and legal system really isn't doing their jobs well, so its only logical for Microsoft to step in and help them right? We should all thank MS for using their money exposing the inherent weaknesses in our judicial system, and then using more of their money to help patch it up themselves! Gates, Redmond Ranger.

More stupid than criminal (5, Insightful)

bender647 (705126) | more than 8 years ago | (#14597617)

When I first read these types of articles, I usually think, that's outrageous, he didn't do anything, the code was already leaked, now the poor sap has a conviction for something trivial.

Then I realize, hey, I'd NEVER post stolen code or offer stolen code for sale on my website. Its friggin stupid. Its obviously stolen and obviously illegal and completely traceable to me. I'd expect to have the FBI knocking on my door if I did something so stupid. Like many criminals, this guy didn't cause any real harm but completely lacks judgement. Now he'll suffer a bit for it.

Re:More stupid than criminal (2, Interesting)

fitchmicah (920679) | more than 8 years ago | (#14597650)

Why not? There are warez FTPs and Hotlines and stuff that offer to sell you downloads... people post tons of crap on the internet... why isn't the FBI tracking down on people who buy domains and use them for kiddie porn? Look, this guy didn't do /anything/ ! This is completely ridiculous!

Yeah, they are right. (2, Interesting)

BoneFlower (107640) | more than 8 years ago | (#14597630)

Sharing the source code would make it easier to find bugs. I don't think anyone seriously disputes this.

Thats often the entire point. The hardest part of fixing a bug is often *finding* it. Unless you would prefer to leave it alone and hope for the best, you want your bugs, especially critical security flaws, to be found as quickly as possible so they can be fixed.

Re:Yeah, they are right. (1)

fitchmicah (920679) | more than 8 years ago | (#14597633)

I don't think you understand... no, they are wrong. You don't put a random dude in jail for two years just because you can.

So what? (2, Insightful)

AlvySinger (900304) | more than 8 years ago | (#14597692)

No problem here, surely. Bloke caught for doing something wrong. Large organisation protects its IP.

Asserting that code in the public domain might cause security problems is just spin consistent with protecting IP. It's PR and would anyone here expect anything different. Might not be convincing but MS wants its code to itself, sees it as IP and wants to keep control over it. How is this different to any other organisation? Deride MS for being closed but if it acts consistently, where's the problem?

Wasn't there a war recently where the justification didn't really appear to reflect reality? Unless this guy is some kind of freedom fighter then where's the issue?

I wonder (0)

Anonymous Coward | more than 8 years ago | (#14597769)

If he was convicted, then the evidence (ie. the source code) should be part of the court proceedings, and available to all. Unless the court decided to seal them. I wonder...

FUD - And A Weak Security Tactic (0, Troll)

ausoleil (322752) | more than 8 years ago | (#14597779)

Microsoft, ever the marketing company and ever the master of Fear, Uncertainty and Doubt uses this sting operation to tout once again that open source software MUST be less secure because the source code is out there.

"...expressed fears that making its source code public could allow hackers to find security holes in Microsoft products..."

But theirs is not, because the source code is super-uber-duper Top SECRET.

And that is FUD as usual.

Oddly, the most notable open source OS, Linux, is more secure, partially because of its design (not letting every tom, dick and harry process have access to and control of the kernel) and also in large part due to the fact that people CAN inspect the source code and create fixes for security holes that inevitably emerge.

Security through obscurity has never worked, and one would think Microsoft would be smart enough to realize that by now. They undoubtedly do realize that, but don't want you or I to, otherwise we will not be willing to pony up license fees for their OS when free alternatives are there for the
(legal) downloading.

But never let something good like MS catching pirates pass without turning it into an opportunity to FUD some more.

Re:FUD - And A Weak Security Tactic (1)

Bacon Bits (926911) | more than 8 years ago | (#14597932)

You're missing the obvious: If source code is stolen, then primarily only the black hats will get it. Legitimate users, which 99% of people who look at FOSS code are, basically don't exist in the black market. The code is closed. It's not like Mr. Russinovich is going to submit a bug fix because he read stolen code.

more likely patent infringement (0)

Anonymous Coward | more than 8 years ago | (#14597785)

More likely, Microsoft is afraid patent infringements will be found.

paid way too much (1)

suezz (804747) | more than 8 years ago | (#14597787)

you couldn't pay me to take or look or do anything with microsoft's source code. microsoft seems to think that it is valuable or something.

well here is message to bill - if your source code went to cyberspace heaven today the world would still function fine without it.

so please take and keep your source code to yourself and go play with it by yourself.

DOS (0)

Anonymous Coward | more than 8 years ago | (#14597814)

This reminds me of DOS. How Microsoft resold something that they came across and called it theirs. This guy was trying to make a quick buck. Microsoft should be putting him in their hall of fame or at least give him a job.

This is wrong on so many levels. (1)

houghi (78078) | more than 8 years ago | (#14597835)

The first thing that bothers me is that a private company takes reasearch into their own hands. If they see such a thing, then you should go directly to the police (or FBI or whatever).

Second is they they use an anti-spy law. As if trying to say: Hey, we cought somebody. What is the law that fits this and will put him away for the longest period of time?

Yes, he was an idiot who did something wrong, but three years?

A public service announcement (5, Interesting)

Merle Darling (33121) | more than 8 years ago | (#14597850)

Ok, first of all I think it's weird that MS can claim the source code is a trade secret in the first place. It's my understand that in order for something to be classified as a trade secret it would have to be kept secret, and people who take it and distribute it would have to be pursued and dealt with. otherwise the company loses its right to claim it as a trade secret. Witness how little (if anything) they've done about the code being swapped around for years now. Then again, IANAL, ISUCK, etc.

Regardless, the guy was convicted of selling stolen trade secrets. He was a dumbass for selling it in the first place, but I digress.. It turns out that the penalty for POSSESSION of a stolen trade secret is up to 10 years in jail and a $250k fine. It's worth considering for those of you who might have copies stashed away in backups somewhere just for the hell of it.

Not that I'd ever stoop so low as to possess stolen trade secrets, of course..

(runs off to scour his hard drive)

I wonder how hard it would be for MS to decide to scan your system for files with names matching those discovered on p2p networks. They could stick it in that monthly "Malicious Software Removal" tool in Windows Update, even. Ouch. I doubt it would work as evidence in a court but it would give them reason to suspect you or to attempt to gather evidence that WOULD stand up if they really wanted to bother charging everyone.

I know illwill, he's not that bad... (3, Interesting)

Afecks (899057) | more than 8 years ago | (#14597939)

I've known illwill for a very long time. We've both been in the same 'scene' for quite a while. The Windows backdoor programming scene. Most of the people in our little niche are sociopaths pure and simple. We know it's wrong but we don't really care. Saying illwill was tricked is pretty stupid. He knew it was wrong, he didn't care and he assumed no one else would. It's the same for many others, we just simply don't care. Now I'm sure illwill cares about going to jail for 2 years but that's fear of punishment, not fear of wrong doing. I'm sure even some of the more sane serial killers value their freedom.

This being said, Microsoft has won nothing. He was responsible for distributing the source code to exactly 1 person, a Microsoft snitch. If it wasn't for the snitch taking him up on his offer there would have been nobody that cared. Taking away 2 years of a persons life over such trivial shit is appalling and only serves to make us more numb and hateful to the laws of our society.

That being said, good luck illwill, we're going to miss your exploits and granny pr0n that you've posted in #trinity over the years!

Tricks? Hacker? (0, Flamebait)

vandenh (224583) | more than 8 years ago | (#14597948)

This guy is just a thief.. selling illegal stuff on the internet. No excuse!

Please note he also has a string of previous offenses. Please don't let your hate for MS turn this guy somehow into a hero.
Load More Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Sign up for Slashdot Newsletters
Create a Slashdot Account

Loading...