Forgot your password?
typodupeerror
Microsoft Government The Courts News

Microsoft Tricks Hacker Into Jail 284

Posted by Zonk
from the ha-ha dept.
CompotatoJ writes "Wired News reported that William 'IllWill' Genovese was sentenced to prison after being tricked by a Microsoft Investigator offering to pay $20 for a copy of the secret source code. From the article: 'The investigator then returned and arranged a second $20 transaction for an FBI agent, which led to Genovese's indictment under the U.S. Economic Espionage Act, which makes it a felony to sell a company's stolen trade secrets ... [Microsoft] has also expressed fears that making its source code public could allow hackers to find security holes in Microsoft products -- though, so far, intruders are doing fine without the source.'"
This discussion has been archived. No new comments can be posted.

Microsoft Tricks Hacker Into Jail

Comments Filter:
  • $200? (Score:5, Funny)

    by Tx (96709) on Monday January 30, 2006 @07:31AM (#14597374) Journal
    You paid $200 for the Windows source? Dude, you got ripped off!
    • Re:$200? (Score:5, Funny)

      by Elitist_Phoenix (808424) on Monday January 30, 2006 @08:09AM (#14597558)
      I paid $200 for Windows and the source code wasn't included. I got ripped, I mean how am I meant to get applications to compile when I don't have the full kernel source?!
    • ... Remainings of MS lawer that tricked Don Vito Genovese's grandson into jail found in shoebox.
    • William 'IllWill' Genovese was sentenced to prison after being tricked by a Microsoft Investigator offering to pay $200 for a copy of the secret source code. From the article: 'The investigator then returned and arranged a second $20 transaction for an FBI agent

      Actually, sounds like Microsoft got the FBI a deal. Maybe we should put them in charge of the GSA and the government wouldn't be paying $5000 for popcorn poppers.

    • Re:$200? (Score:5, Funny)

      by thesnarky1 (846799) on Monday January 30, 2006 @08:45AM (#14597746) Homepage
      Yea, but he paid with YOUR Paypal account...
  • by Agelmar (205181) * on Monday January 30, 2006 @07:32AM (#14597376)
    The summary is wrong. It says the investigator paid $200. From TFA:
    "According to court records, an investigator hired by Microsoft took Genovese up on his offer and dropped two Hamiltons on the secret source code". Hamilton is on the $10 bill, not the $100 (That would be Franklin). Two Hamiltons is $20, hence the next sentence saying "...another $20 transaction..."
  • Available on P2P? (Score:5, Insightful)

    by killeena (794394) on Monday January 30, 2006 @07:34AM (#14597383) Homepage
    I haven't exactly gone looking for it or anything, but isn't the Windows source code available on P2P?

    If so, that is pretty damn stupid to be selling something that is readily available like that. I am betting these undercover folks would be his only customers.
    • I think that's essentially going to be the guy's (admittedly lame) defense -- he didn't actually acquire/misappropriate the source from Microsoft originally, it sounds like he got it from P2P, and then offered it on his website and burned it to CD (or something else) and gave it to the undercover investigator for $20.

      I'm not entirely certain with how trade secret law works -- my very vague understanding of it was that you can only go after the first person who steals it from you; once the secret gets into t
    • Step 1: Search for any well-known P2P program (Kazaa, SoulSeek, et al) on Google.
      Step 2: Click the very top sponsored link.
      Step 3: Awe at the fact that they're trying to sell it and yet are STILL in business.

      Unfortunately, there are a lot of companies that profit on their customers' stupidity.
    • Re:Available on P2P? (Score:3, Interesting)

      by E++99 (880734)
      Yes, it is/was available on P2P, and I believe the article said that the Feds were his only customers. And, yes, lawyers are basically saying that there was no case, as the code was in the public domain at that point. However, the poor sap took the advise of the public defender, so he'll be spending 2 years in jail.

      I'd be all for going after the guy who originally distributed this, I think this case really sucks.
  • by digitaldc (879047) * on Monday January 30, 2006 @07:36AM (#14597387)
    ...will serve three years of supervised release following his prison term, during which he'll be subject to electronic monitoring through special software installed on his computer

    Looks like they have finally found a legal use for the Sony Rootkit.
  • Hacker ?! (Score:5, Insightful)

    by ErrorBase (692520) <errorbase@hotmail.com> on Monday January 30, 2006 @07:36AM (#14597391)
    Probably just someone stupid enough to think he can make a quick buck by downloading something from a p2p network.
  • by LiquidCoooled (634315) on Monday January 30, 2006 @07:36AM (#14597392) Homepage Journal
    The company has long maintained that the source code to Windows and other products are its crown jewels, and that making the code public could cause serious harm by stripping it of trade-secret status, and allowing competitors to duplicate the functionality of Microsoft software.

    Come on - anybody can code up a BSOD if they really want to.

    Should Mark from sysinternals [sysinternals.com] be worried?
    • Come on - anybody can code up a BSOD if they really want to.

      Sure, but your friends at the former KGB [wired.com], and Communist China [zdnet.com] have an inside perspective. But hey, if you can sell crap like that to places that safeguard your countries most important secrets, why not share it with your enemies? You know they in turn are sharing it with their friends in North Korea, Pakistan and elsewhere. Terrorists indeed. No need to worry about that stuff proliferating because it's already gone. Given such an irresponsib

  • by musonica (949257) on Monday January 30, 2006 @07:37AM (#14597399) Homepage
    paid $200 and the go to jail..
  • I heard recently about three hackers which were charged but microsoft later dropped all charges and decided not sue. I believe their names were Whitman Price and Haddad.
  • by nstrom (152310) on Monday January 30, 2006 @07:47AM (#14597449)
    You can read about this arrest from a first person perspective at William Genovese's website here [illmob.org]. An interesting read, and he lists some of the e-mail and snail mail addresses used in the sting against him.
  • by Anonymous Coward on Monday January 30, 2006 @07:57AM (#14597491)
    Pamela Anderson's private home sex video stolen and sold is legal to sell because it's public interest a judge ruled.

    Microsoft source code stolen and sold is industrial espionage with 3 year sentence.

  • by Dausha (546002) on Monday January 30, 2006 @08:03AM (#14597524) Homepage
    "Microsoft Tricks Hacker Into Jail"

    That's not a very good headline. I mean, aren't many /.ers who write code self-described hackers? This guy was trading in pirated software. So, he is a "Pirate," not a "Hacker." I'd complain about the editing, but this is /..

    Ben
    • I would also suggest that he is not a "pirate". A pirate [gnu.org] is one who uses physical force to take things away from people, leaving the people without those items. And likely leaving them without their life. The person in the story, while still committing a crime, did not deprive anyone from use of any item, and did not use any physical force or threats.

      I have a bigger problem with the word "trick" in the headline. It implies that he wouldn't have committed the crime otherwise. And sting operations are fairly
    • by slavemowgli (585321) on Monday January 30, 2006 @11:09AM (#14598869) Homepage
      A pirate? You mean he sailed the seven seas, sunk other ships, stole their goods, raped their women and murdered the crew?

      I agree that the headline is typical Slashdot flamebait and that it's important to point out the difference between hackers and crackers, but it's also important to point out the difference between copyright infringment, stealing and piracy - those are three very distinct things (and only two of them are criminal offenses, too, FWIW).
  • by vm146j2 (233075) on Monday January 30, 2006 @08:05AM (#14597533)
    FTFA Genovese would have had a viable defense had he gone to trial, because the documents were widely available on peer-to-peer networks at the time of the sale, said Mark Rasch, a former Justice Department cybercrime prosecutor.

    "This guy didn't participate in the misappropriation, and probably didn't conspire with anybody to misappropriate it," said Rasch, a vice president at security company Solutionary. "Once it's posted online, it's just not secret anymore. At some point it becomes public information."


    Microsoft must be getting really serious 'bout this issue; not any security issue, mind you, but a PR one, thats for sure.

    They went after some guy who tried to sell what he found, and then was dum enuf to sell for $40 online, but who had no connection whatsoever to leaking anything, and, by his own description, is less than the sharpest tack in the bulletin board:

    "Basically, everything I do, I do ass-backwards," Genovese said in an instant-messaging interview ahead of Friday's sentencing. "I like drawing, so I spray paint. I like music, so I took some radios of kids I hated in high school. I like computers, so I hack."

    Selling other people's stuff that you find laying around may not be legal or especially smart, but making a big deal out of the 800 billion lb. gorilla "catching" a petty criminal in the act ain't much news, either, unless MS wants to spend their PR highlighting their own incompetence....Oh, now I get it.

  • Who even gets out of bed for $20 these days? I'd want at least $50
    • "Who even gets out of bed for $20 these days? I'd want at least $50"

      Apparently you've never even used windows. $20 is a rip-off!
  • M$ (Score:4, Funny)

    by sloths (909607) on Monday January 30, 2006 @08:11AM (#14597568)
    Google doesn't trick people into jail.
  • Trade secret law? (Score:5, Interesting)

    by Dr. Manhattan (29720) <sorceror171.gmail@com> on Monday January 30, 2006 @08:18AM (#14597595) Homepage
    My understanding was that if a trade secret gets out, the company doesn't really have any legal standing to go after people distributing it. They can go after the people who leaked or stole it, provided they actually did something illegal in the process of discovering it, but people that they give the secret to (so long as they weren't co-conspirators in the illegal acts) didn't do anything wrong under the law.

    So apparently this is wrong, or at least has been amended a bit by the act referenced in the summary. Would this guy have been in the clear if he'd just been offering a trade secret for download? (With source code, it's complicated by the fact that the code is subject to copyright, too, though. What if we were dealing with, say, the formual for Coca Cola, to take the canonical example?)

    • My understanding was that if a trade secret gets out, the company doesn't really have any legal standing to go after people distributing it.

      They do if it's copyrighted.

      -Eric

    • Normal trade secret law isn't a criminal issue. The economic espionage act is a Federal statute that covers "theft" of a trade secret that benefits a foreign nation, and includes provisions where anyone that tries to benefit economically from theft of a trade secret can also go to jail. It is something that is not widely prosecuted and the point is if MS didn't contact the Federal government, this guy wouldn't be prosecuted, whether that is a good thing or a bad thing I don't know.
    • by E++99 (880734)
      No, there's no difference. What he did was not illegal given the state of the intellectual property in question. On the advice of the public defender, he plead out for 2 years instead of the 10 he could gotten if convincted. However, with adequate counsel, there's no way in the world he would've been convicted.
    • They can go after the people who leaked or stole it, provided they actually did something illegal in the process of discovering it, but people that they give the secret to (so long as they weren't co-conspirators in the illegal acts) didn't do anything wrong under the law.

      Uh... The dude was illegally distributing COPYRIGHTED material. Its trade secret status doesn't come into it.

  • by bender647 (705126) on Monday January 30, 2006 @08:21AM (#14597617)

    When I first read these types of articles, I usually think, that's outrageous, he didn't do anything, the code was already leaked, now the poor sap has a conviction for something trivial.

    Then I realize, hey, I'd NEVER post stolen code or offer stolen code for sale on my website. Its friggin stupid. Its obviously stolen and obviously illegal and completely traceable to me. I'd expect to have the FBI knocking on my door if I did something so stupid. Like many criminals, this guy didn't cause any real harm but completely lacks judgement. Now he'll suffer a bit for it.

    • Why not? There are warez FTPs and Hotlines and stuff that offer to sell you downloads... people post tons of crap on the internet... why isn't the FBI tracking down on people who buy domains and use them for kiddie porn? Look, this guy didn't do /anything/ ! This is completely ridiculous!
  • by BoneFlower (107640) <george,worroll&gmail,com> on Monday January 30, 2006 @08:23AM (#14597630) Journal
    Sharing the source code would make it easier to find bugs. I don't think anyone seriously disputes this.

    Thats often the entire point. The hardest part of fixing a bug is often *finding* it. Unless you would prefer to leave it alone and hope for the best, you want your bugs, especially critical security flaws, to be found as quickly as possible so they can be fixed.
    • Actually I find it harder to get people to fix the bug after its been identificed. While some of our maintenance programmers may get around to it most of the programmers are more interested in writing new code or major changes to an existing program. Fixing bugs isn't as glamorous as doing something new.

      The other side is that you can fix the bug but dependancies may introduce something new that is as bad or worse. That leads the fixing programmers into a bind, that of it being an obvious fix but having t
  • by dcavanaugh (248349) on Monday January 30, 2006 @08:33AM (#14597682) Homepage
    Now that's news.
  • So what? (Score:2, Insightful)

    by AlvySinger (900304)

    No problem here, surely. Bloke caught for doing something wrong. Large organisation protects its IP.

    Asserting that code in the public domain might cause security problems is just spin consistent with protecting IP. It's PR and would anyone here expect anything different. Might not be convincing but MS wants its code to itself, sees it as IP and wants to keep control over it. How is this different to any other organisation? Deride MS for being closed but if it acts consistently, where's the problem?

    Wasn't

  • The first thing that bothers me is that a private company takes reasearch into their own hands. If they see such a thing, then you should go directly to the police (or FBI or whatever).

    Second is they they use an anti-spy law. As if trying to say: Hey, we cought somebody. What is the law that fits this and will put him away for the longest period of time?

    Yes, he was an idiot who did something wrong, but three years?
    • a private company takes reasearch into their own hands.

      This doesn't bother me at all. They're not going out and arresting people, they're simply proactively protecting their trade secrets. And if they had run to the police the second they found something with a name suggesting it was theirs, we'd have millions of frivilous lawsuits going on. (The RIAA is known for this, but does anyone else remember someone getting a scary letter from either SPA/Microsoft because they hosted OpenOffice, which was mistaken--
  • by Merle Darling (33121) on Monday January 30, 2006 @09:04AM (#14597850) Journal
    Ok, first of all I think it's weird that MS can claim the source code is a trade secret in the first place. It's my understand that in order for something to be classified as a trade secret it would have to be kept secret, and people who take it and distribute it would have to be pursued and dealt with. otherwise the company loses its right to claim it as a trade secret. Witness how little (if anything) they've done about the code being swapped around for years now. Then again, IANAL, ISUCK, etc.

    Regardless, the guy was convicted of selling stolen trade secrets. He was a dumbass for selling it in the first place, but I digress.. It turns out that the penalty for POSSESSION of a stolen trade secret is up to 10 years in jail and a $250k fine. It's worth considering for those of you who might have copies stashed away in backups somewhere just for the hell of it.

    Not that I'd ever stoop so low as to possess stolen trade secrets, of course..

    (runs off to scour his hard drive)

    I wonder how hard it would be for MS to decide to scan your system for files with names matching those discovered on p2p networks. They could stick it in that monthly "Malicious Software Removal" tool in Windows Update, even. Ouch. I doubt it would work as evidence in a court but it would give them reason to suspect you or to attempt to gather evidence that WOULD stand up if they really wanted to bother charging everyone.
  • by Afecks (899057) on Monday January 30, 2006 @09:20AM (#14597939)
    I've known illwill for a very long time. We've both been in the same 'scene' for quite a while. The Windows backdoor programming scene. Most of the people in our little niche are sociopaths pure and simple. We know it's wrong but we don't really care. Saying illwill was tricked is pretty stupid. He knew it was wrong, he didn't care and he assumed no one else would. It's the same for many others, we just simply don't care. Now I'm sure illwill cares about going to jail for 2 years but that's fear of punishment, not fear of wrong doing. I'm sure even some of the more sane serial killers value their freedom.

    This being said, Microsoft has won nothing. He was responsible for distributing the source code to exactly 1 person, a Microsoft snitch. If it wasn't for the snitch taking him up on his offer there would have been nobody that cared. Taking away 2 years of a persons life over such trivial shit is appalling and only serves to make us more numb and hateful to the laws of our society.

    That being said, good luck illwill, we're going to miss your exploits and granny pr0n that you've posted in #trinity over the years!
  • by Helmholtz (2715) on Monday January 30, 2006 @10:15AM (#14598399) Homepage
    The comment:

    "...[Microsoft] has also expressed fears that making its source code public could allow hackers to find security holes in Microsoft products..."

    reminded me of something I've often thought while glacing over the "who has more security holes/patches" diatribe that flops around periodically. Back when the whole Linux thing was still relatively new, I remember seeing many conversations about how having all that source code for the main system publically available means it will be eaiser for people to find and exploit that software. Microsoft tends to bolster this view, stating that one purpose of its closed source code is increased security. But you don't seem to ever seem to see this concept followed through on. Linux and BSD based systems are all over the place (i.e. the internet) these days, and the majority of web servers out there are running Apache. The code for all this software has been publically available for a very long time now, but there don't seem to be (from my perspective, at least) the increased security issues that there "should" be based on the "closed proprietary" security argument.

    Nothing earth shattering, just a small observation. Take it for what you will. :)
  • Hacker? (Score:4, Insightful)

    by Lehk228 (705449) on Monday January 30, 2006 @10:23AM (#14598461) Journal
    what the hell? since when did we start handing out the title of Hacker to any douchebag who can figure out how to run a p2p app?
  • [Microsoft] has also expressed fears that making its source code public could allow hackers to find security holes in Microsoft products

    Is it just me, or did the /. editors posted Kevin Mitnick's comment about 'hacking' open source code just because of this? Hmmmmm.... *thinks*
  • by E++99 (880734)
    http://illmob.org/ [illmob.org] It's pretty hillarious when he describes the "bust". The feds pound on the door early in the morning. He asks who's there, they say that some cars were broken into and they want to check if his was one of them. So... he gets his shoes on goes out the BACK door to the parking lot. There's guy in a bullet-proof vest guarding his car, who obviously has no idea that he's the guy they're coming to arrest. When he indicates that that's his car, he's like "oh, uh... did you talk to the men
  • "[Microsoft] has also expressed fears that making its source code public could allow hackers to find security holes in Microsoft products"

    Microsoft has had access to the Windows sourcecode since 1.0 and there are still security holes they can't find themselves.

    Heck, I'd wager opening the source would actually lower the rate that these security flaws are found.
  • What kind of moron would think they could get source code to ANY closed source product that sells more than 20 copies a year, for such a price?

    Last I checked, getting the source code to an active data grid widget for VB5 (years ago, mind you) cost $5000 -- and you had to sign a bunch of NDA's to make sure you coudn't resell it or redistribute it in any form.
  • by AutopsyReport (856852) on Monday January 30, 2006 @01:50PM (#14600272)
    I always say, if you're going to rob a bank or a retailer, make sure it's loaded enough to live the rest of your life in luxury. Don't be stupid over a few bucks that can be earned in a couple days work.

    Some people are just ridiculously stupid.

Top Ten Things Overheard At The ANSI C Draft Committee Meetings: (2) Thank you for your generous donation, Mr. Wirth.

Working...