Teenagers Jailed For Criminal Version of Facebook

An anonymous reader writes "Three teenagers in the UK have been sentenced for up to five years in jail for creating and operating Gh0stMarket.net, one of the world's largest English-language internet crime forums. The Gh0stMarket website, which had about 8,000 members, was dubbed by the court as the 'criminal equivalent of Facebook,' or 'Crimebook.'"

facebook this, facebook that

[pinkishpunk]

it was a plain and normal forum from what I read, or is suddenly anything facebook, even when you aint having your personal data analysed and sold ?

Re:facebook this, facebook that

[MrQuacker]

Its the new catch-all term for the ignant public. The same way Xerox is for photocopies, or Kleenex is for tissues; Facebook is for forums/social sites.

Re:

[Troll-Under-D'Bridge]

Well then I nominate /book [slashdot.org] as the antisocial equivalent of Facebook. Wait, where are the photos and the casual games? Really, if something's going to be called the X version of Facebook, shouldn't it be a site that at least allows you to deal with real people (or at least people pretending to be real) rather aliases and cartoon avatars? According to tFA, the site

appeared as lines of computer code and broken English [where] hackers and fraudsters traded anonymously [...]

Seems more like the "criminal" equiva

Re:

[adolf]

Wow. That's a nasty cut. Do you need a Band-Aid? Would a Coke make you feel better?

As you say, genericized trademarks are somewhat common.

The question is: Should we treat the very modern (and probably short-lived in the grand scheme of themes) marks of Google or Facebook any differently than we treat the time-tested genericized trademarks of "aspirin," "escalator," or "zipper?"

Re:

[Anonymous Coward]

Yeah but that still makes it similar to calling a Zipper "Metal Velcro". Personally i would have thought genericized trademarks tend to imply a similarity rather more close than exists between a threaded forum and Facebook.

Generic Aspirin tends to be Asaphen, Generic Escalators still tend to be moving stairs, and most people can tell a generic zipper from velcro. A forum may involve a user profile and them posting messages to other people, but it IS still a stretch to compare it to Facebook and its much mor

Re:

[adolf]

Quoth Wikipedia [wikipedia.org]:

-
As part of war reparations specified in the 1919 Treaty of Versailles following Germany's surrender after World War I, Aspirin (along with heroin) lost its status as a registered trademark in France, Russia, the United Kingdom, and the United States, where it became a generic name. Today, "aspirin" is a generic word in Australia, France, India, Ireland, New Zealand, Pakistan, Jamaica, the Philippines, South Africa, United Kingdom and the United States. Aspirin, with a capital "A", remains a

Gosh, you are unaware aren't you

[SmallFurryCreature]

You do realize that once the trademarks you mention were new and not known to become so standarized?

Shows a real lack of awareness of the world around you to only be able to see things from your own time.

Re:

[adolf]

Every legitimate trademark started out as something new. So what?

Do you have point to raise, or are you simply too focused on ad hominem character assassination to bother?

Re:

[Restil]

More importantly, if you're trying to make sure the greatest segment of your population understands a concept, there are probably more people that can relate what "Facebook" is, than "forum", even if forum was more accurate.

-Restil

Re:

[Sockatume]

It's not good journalism if your audience doesn't know what you're talking about, and many more people are familiar with the idea of an online social forum through Facebook than through discussion boards. It doesn't mean the audience are ignorant in the pejorative sense. Once upon a time we called all first-person games "Doom clones" because we'd all played Doom but nobody knew what the fuck "first-person" meant.

Re:

[Apothem]

Once upon a time we called all first-person games "Doom clones" because we'd all played Doom but nobody knew what the fuck "first-person" meant.

Well this is also because back in those days, most (if not all FPS'es) had about the same artstyle and/or engine. IIRC there were really only two major ones and those were the BUILD engine (Duke Nukem 3D) and the RayCaster Engine (Doom 1&2). Since they both roughly looked the same and the only real difference is how they calculate certain types of geometry, this really doesn't surprise me. Granted, I was pretty young when these games came out, so I dont really remember anyone calling them that.

Re:

[Wiarumas]

You realize that's a good thing from a business perspective, right? Many companies spend millions of dollars trying to coin phrases like that in the general public... for example, Kodak tried to convert Kodak synonymous with picture (Kodak moment) like how Polaroid is not the only company to have instant film. To have the word Facebook synonymous with social networking is a great thing for Facebook and their soon to be investors. Kinda like how the word Google is synonymous with a general search nowadays -

genericized terms like "Google it with Bing!"

[KWTm]

You realize that's a good thing from a business perspective, right? Many companies spend millions of dollars trying to coin phrases like that in the general public... Kinda like how the word Google is synonymous with a general search nowadays - its the de facto standard.

Apropos of this, take a look at this hilarious YouTube parody produced by CollegeHumor [youtube.com], supposedly an ad to promote Microsoft's Bing search engine, which keeps using "google" as a generic search term. "You can google lots of things with Bin

Re:

[lennier1]

At least with criminals you don't have to dig through a lot of legalese to know that your data will be sold to others.

Re:

[Combatso]

its called market branding, and its way older than facebook... We don't search, we google.. we don't blow our noses in generic tissue, we reach for a Kleenex... Our good are delivered on MACK trucks, we dont listen to mp3 players, we listen to iPods. We don't copy things we Xerox them. We don't use correction fluid, we use White-out. We don't use small self adhesive bandages, we use BAND-AIDS. Sometimes it good for the brand, sometimes it isn't.. In the case of White-OUT, it hurts, because all the user

Re:

[maxwell demon]

I guess a web site where you reveal your identity wouldn't exactly attract criminals. Except as target, of course.

Arrested for What?

[ko7]

From TFA: "19-year-old Nicholas Webber and 18-year-old Ryan Thomas were still at school when they were arrested after trying to pay a £1,000 ($1,600) hotel bill with a stolen card in October 2009. After finding details of 100,000 stolen credit cards on Webber’s laptop, the police uncovered the existence of the website, as well as registered losses on 65,000 bank accounts. "

It would seem the evidence obtained from the boy's computer implicates them in much more serious crimes than just running a shady website.

Re:

[thehodapp]

The kid's an idiot for not encrypting his drive. If I were stealing thousands of credit cards and operating an extremely illegal website, I'd at least encrypt those files if not my whole dang hard drive.

Oh and I can't imagine what a stray nerd on wireshark would think if they picked this guy's ftp packets with files of credit card numbers...sheesh....

Re:

[TechnoFrood]

Wouldn't have helped much with the Police here in the UK, you can get thrown in jail for not handing over your encryption password/keys.

Re:

[Anonymous Coward]

As opposed to being thrown in prison for hacking 100,000 credit cards? Seriously, which crime looks more smart to you?

Re:

[Custard Horse]

The laptop was probably stolen anyway so he may as well say he found/stole it but was hoping to strip it for parts. Clearly he was not the criminal genius in all respects.

Re:

[maxwell demon]

Of course the smart criminal would have had two passwords; one revealing the secret data, and another revealing some legal stuff.
But then, the smart criminal would probably have used steganography anyway, so the police wouldn't have accidentally found anything.

Re:

[Anonymous Coward]

Same in Australia - 6 months prison for not divulging passwords.

However TrueCrypt would be his friend - that provides plausibly deniable hidden drives.

Re:

[N1AK]

But would it? The same argument is proposed here time and time again. The law makes it illegal to refuse to hand over a password. The prosecutions case would go like this: "Ladies and Gentlemen of the jury. The defendant has a hard drive with enough space to store 300 CDs worth of information. He has encrypted it to hide his illegal activities, and has only given us a password for 30 CDs worth (your dummy volume). He continues to refuse to give us access to the other 270 CDs worth, where we believe he keeps

Re:

[tris203]

interesting that he only has a 20gb harddrive, where have you based this fact on?

From the very first page of the TrueCrypt website:

A possible plausible explanation for the existence of a partition/device containing solely random data is that you have wiped (securely erased) the content of the partition/device using one of the tools that erase data by overwriting it with random data (in fact, TrueCrypt can be used to securely erase a partition/device too, by creating an empty encrypted partition/device-hoste

Re:

[lennier1]

I still have a Vista partition on one of my machines which I reinstalled for testing purposes but never used.
It only contains the OS, hence nothing of value. Does that count?

Re:

[wed128]

i find random data less suspicious...

Re:

[JonySuede]

cant you use the mathemagic spell called compress sensing to detect that the data is not random enough

Re:

[L4t3r4lu5]

The dummy (host) volume will be reported to the OS as "30 CDs worth" used, the rest free. You can read and write to that free space all you wish. What is required is the key for the hidden volume in order to protect it from being overwritten when you write to the host volume.

In either case, the defence would state that prosecution is speculating, and has no forensic evidence that there is a hidden volume at all. If he did have that evidence, the point would be moot and excluded from cross examination; It

Re:

[Dan541]

What trouble. I would give the jury a quick demonstration of how to encrypt a hard drive. (Time lapse the actual encryption process obviously).

True crypt makes it so easy that there is absolutely no excuse not to use it. It should be standard.

Re:

[rufty_tufty]

Hang on I have never used TrueCrypt, but if I read what you say correctly any unpartitioned space on a hard drive could be a truecrypt drive. Therefore anyone with unpartitioned space could be accused of having any data the police choose to accuse them of, and there is no possible defence because I don't know the key required to unencrypt that area to give them the data they want.

That can't be right surely?

Re:

[maxume]

Imagine if you downloaded an image with an encrypted blob appended to it. You wouldn't even know it was there and could still be prosecuted for not knowing the password.

Re:

[mlts]

You can convince a jury of anything here in the US and get them to rubber stamp a DA's verdict when it comes to technology. Especially with the lack of education and the rampant technophobic qualities of most people here, all the prosecution has to say, "Nobody in their right mind doesn't use up all the space on a hard disk, so the empty space is hiding something."

The defense has to then try to prove a negative (good luck), and almost always, the jury will side with the prosecution because their brains ach

Re:

[Schadrach]

Except I thought TrueCrypt hidden partitions worked like this:

You create an encrypted partition/disk image/whatever of a given size.
You request it have a hidden partition, and that the hidden partition be some smaller size.
TrueCrypt creates a partition of the larger size and hides the smaller one in the same space (but at the other end of the disk/file/partition/whatever).

So you have, for example, a 200GB TrueCrypt partition that contains a 160GB hidden TrueCrypt partition. Providing the password for the n

Re:

[peragrin]

But why make the dummy volume so big? Why not make it 1 gb or 1.1 CD's worth and then claim it was bad sectors on the drive?

Or better yet just encrypt everything on a flash drive and keep the drive physically hidden unless your working. An SD card is very easy to hide.

Re:

[micheas]

It's harder to explain a thumbdrive full of random data than a hard drive. Overwriting hard drives is relatively common.

It's a bad drive?

Re:

[Zerth]

Nah, the thumbdrive is just holding your guaranteed random bits that you bought for use as a One Time Pad.

Doesn't everyone have a few gigs of random bits, just in case? Sure, you can buy a decent hardware generator for a few hundred bucks, but you'll cache your random ahead of time because if you need to send a big file, nobody wants to wait for the random to dribble in like it was coming over a POTS modem.

Re:

[Rogerborg]

Wouldn't have helped much with the Police here in the UK, you can get thrown in jail for not handing over your encryption password/keys.

For 2 years, rather than 5. Do the maths.

Re:

[moonbender]

Wouldn't have helped much with the Police here in the UK, you can get thrown in jail for not handing over your encryption password/keys.

For 2 years, rather than 5. Do the maths.

Okay. [wolframalpha.com]

Apparently, 5 years is 3 years more than 2 years.

Re:

[Ngarrang]

Wouldn't have helped much with the Police here in the UK, you can get thrown in jail for not handing over your encryption password/keys.

Which is worse, the jail time for not divulging the password, or the jail time for what they find if you do?

Re:

[Anonymous Coward]

Surely the kid's an idiot for breaking the law in the first place. That's a better focus than just critiquing his lack of tech prowess at covering his tracks.

Re:

[icebraining]

"Idiot" usually refers to the person's intelligence, not moral conduct. He wouldn't be an idiot if he knew enough not to get caught. He would still be a despicable person for stealing people's money, though.

Re:

[TheRaven64]

In theory, laws are structured so that breaking them means making a poor risk/reward judgement. The inability to balance risk and reward is a sign of low intelligence.

Re:

[icebraining]

In theory, laws are structured so that breaking them means making a poor risk/reward judgement.

Are they? Maybe based on the average law breaker, but that's irrelevant for a particular person. There are obviously people who will get caught easily, and there are those who know enough to make it almost impossible to catch them. For the latter, breaking the law might not be stupid at all.

Re:

[AmonTheMetalhead]

The kid is an idiot alright, i wouldn't store the files on any device i own, plenty of online places you can drop data that isn't linked to you in any way but an email address, and even those can be completely anonymous.

Seriously, what kind of an idiot pays a hotel bill with a stolen card? You have to go through a whole bunch of loops if you don't want the booking/sale to be traceable to you, that means you don't book hotels in your name with a stolen credit card (or any name for that matter, the cops can

Re:

[Kylock]

You seem pretty knowledgeable about this type of thing... you should check under your car for an illegal FBI GPS tracker [slashdot.org]!

Re:

[AmonTheMetalhead]

No worries, i still live in the free world (Europe)

Re:

[dave562]

And information about commiting fraud (and getting away with it) has been available online for decades. At 13 I knew about all of that thanks to the local BBS. Paying a hotel bill with a stolen card is just about as bad as using a stolen calling card from your home phone.

Re:

[hesaigo999ca]

Also, 2 small time students are involved in some major scheme netting them all that money from all those bank accounts, yeah right....more like they were mules of sorts for a ring (russian?) of which no one is coming forth, and the feds need a scapegoat.

Re:

[nobodie]

I guess i shouldn't ask how they ran up a £1000 bill at a hotel, should I?

Not quite...

[nettdata]

They weren't jailed for a social website, they were jailed for stealing and selling credit card numbers for millions of dollars and had offshore bank accounts.

Re:

[Rakshasa Taisab]

And they still have those offshore accounts...

What does really (not) surprise me is they were using those stolen cards for stupid smalltime stuff like pay hotel bills. Seriously, that's just stupid when you're making enough money illegally.

Re:

[SudoGhost]

Slashdot poster arrested for misleading articles

"One douchebag in the UK has been sentenced for up to five years in jail for creating and operating bullshit, one of the world's largest English-language internet annoyances. The bullshit, which had about 8,000 misleading statements, was dubbed by the court as the 'criminal equivalent of the television show House, M.D.,' or 'Crimehouse.'"

House is a popular show, so anything not really related to it should be stretched to try to apply it to the article, ri

Re:

[Rysc]

+101, The Truth

Except it should be "over 9,000 misleading statements"

Potential

[Anonymous Coward]

Sounds like these fellows have potential, someone send them a MBA and put them in charge of a bank!

Re:

[Anonymous Coward]

Someone with potential knows that there are entirely legal and protected ways to completely fuck-over your fellow man. They go to school and learn how to not go to jail. Failing that, you might choose to become a politician.

These were a couple of borderline-retarded kids that did the same BS that's been getting people busted for decades. There's nothing 'l33t' about scamming cards and then making a nice, centralized little website for fellow dumbshits to congregate and brag on.

I, for one, celebrate this

Re:

[neminem]

Really? You learn how to not go to jail from school? I hear there are much better places to learn that sort of thing - for instance... I'm reminded of a great song:

They locked us away for three years and a day
Completing our alienation
But we learned from those men how to not get caught again
California finally paid our education

Re:

[Combatso]

or a large country

Re-educate them!

[MrQuacker]

They need to be re-educated. Train them in Banking, then they can rob the public blind with impunity!

Hope they get everything they deserve.

[vivian]

Bwahhahahahaha

Serves the little sh*ts right. It takes no great skill to set up something like this - it only takes the willingness to be an aesehole who wants to leech off others, and perhaps an html for dummies book.

Re:

[Combatso]

everything they deserve? I'm guessing it works out to 5 months in jail, a year probation and maybe a six month wait before they crack open their offshore accounts with millions... the only people punished here are the victims and their insurance companies.... but it sends a message to other thieves.... "don't get caught"

Crimebook?

[mr100percent]

That brings up an interesting question, legally how liable is a forum operator for the postings on the site?

Re:

[Nursie]

It is an interesting question, but moot in this case because the forum operators were involved in credit card fraud and money laundering.

Re:

[SharpFang]

It is an interesting question, but moot in this case because

WTF does Moot [wikipedia.org] have to do with this?

Re:

[uxbn_kuribo]

Alot considering moot's had trouble of his own in the past with forum posters.

Re:

[Anonymous Coward]

It is an interesting question, but moot in this case because

WTF does Moot [wikipedia.org] have to do with this?

I'm very sad anyone wasted mod points on this.

Re:

[sparrowhead]

I wouldn't want to discuss that based on this story. After all, the intent behind their website was to handle stolen goods and information.

IANAL, but I think they could even face organized crime charges in some legislations

Re:

[sumdumass]

It depends on how much they know and where it is at.

If they are hands off, I don't enter, it's up to the members posting and they remove anything brought to their attention- reporting obvious law violations to the authorities, then there is a good chance they aren't liable at all. But if they know and do nothing, or encourage it, they can be very liable.

Chances are, the forum would be considered possession of criminal tools in the act of whatever related crime and some sort of conspiracy charge to commit th

Re:

[91degrees]

Yup.

This is one of those situations where intent matters. I could quite easily set up a discussion forum on the older threads on Slashdot, taking about exactly the same stuff, but this isn't going to step Slashdot from being primarily a tech news website and that quite obviously being its intent.

If you have a site that is pretty much only about crime, and you seem to be encouraging this, then I'd say you hold some liability.

Lame name...

[Anonymous Coward]

more like Crookbook

Re:

[Crookdotter]

Hey!

Wtf has Facebook got to do with it?

[miffo.swe]

This was a normal forum just as any other the past 20 years, not something like Facebook. Facebook is one iteration of a forum, and a crappy at that.

Facebook is inferior to most forums as its just about:
"Status Update" I got nailed today.
"Reply stranger mysteriously called friend" How nice!!!!!1111ponies!!!
"Stupid git trying to be funny" You preggo?

A good forum is about informed debate on prearranged topics with moderators holding the stupidest idiots at bay, or like slashdot.

Crimebook hehe

[philmarcracken]

I would have thought the police would have allowed a 'crimebook' to continue if it lived up to the assumption of the name. I'm sure coppers already have their own crimebook and could use this as second life.

Michael Rowland: 'Gonna rob the local servo on Mitchel ave. 12am today..'
Constable Steven Briggs likes this
See all 14 comments

Re:

[nethenson]

Well, criminals are already using Facebook to determine which houses are empty and worth robbing, and even which people can be kidnapped [link [usatoday.com]]...

So a Crimebook would be only fair.

Re:

[Anonymous Coward]

I would have thought the police would have allowed a 'crimebook' to continue if it lived up to the assumption of the name. I'm sure coppers already have their own crimebook and could use this as second life.

Michael Rowland: 'Gonna rob the local servo on Mitchel ave. 12am today..'

Constable Steven Briggs likes this

See all 14 comments

Off topic, but if a person is speaking about 12am as a time in the future, can they refer to it as "today?"

Re:

[j-beda]

Off topic, but if a person is speaking about 12am as a time in the future, can they refer to it as "today?"

Man, I hate that time. I can never recall if 12am is noon (just one minute after 11:59 AM) or midnight (one minute after 11:59 PM) and even if I was confident which was which I can never be sure that all those other idiots out there know what's what.

If I have to refer to either of these times I usually use "noon" or "midnight" to be less likely to be understood, and if I have to schedule something to that time with various compute pull-down menus and number entry fields I usually just use 11:59 instead.

Link to TFA

[tick-tock-atona]

This is the original article: http://www.guardian.co.uk/uk/2011/mar/02/ghostmarket-web-scam-teenagers [guardian.co.uk]

Bonus picture of kid being a douche.

Re:

[zero0ne]

Bringing Thug Life to a web forum near you.

Re:

[Sockatume]

"After seizing Webber's laptop, police discovered details of 100,000 stolen credit cards and a trail back to the Gh0stMarket website. Webber and Thomas jumped bail that December, fleeing to Majorca, but were rearrested when they flew back to Gatwick airport on 31 January 2010."

Yeah, just wait two months, they'll totally forget about you and you can come back.

Re:

[VeNoM0619]

"Southwark crown court was told how public-school-educated Webber, the son of a former Guernsey politician, was using an offshore bank account in Costa Rica to process funds from the frauds. After his initial arrest, Webber threatened on a forum to blow up the head of the police e-crimes unit in retaliation, and used his hacking skills to trace officers' addresses."

The entire article is a must read...

In other news...

[gnalre]

Microsoft has taken a 2% stake valuing the site at 2 billion dollars....

Let Facebook sue them !

[alexhs]

The Gh0stMarket website [...] was dubbed by the court as [...] 'Crimebook.'

We know that Facebook owns trademark on .*book, just let them sue the court !

The courts should thank him

[francium de neobie]

Now that you have criminals going to the Internet and disclosing what they're doing... so you can round them up before they commit crimes. And you wanna stop that? Seriously?

*book.com

[Five Bucks!]

I like how any noun can be 'book'ed if there is a web site and some social structure to it. I should assume that wrought iron fence enthusiasts would start a GateBook.com

And then if there was an insidious scandal between Gatebook.com and PicketFencebook.com the scandal would be termed Gatebook Gate.

i call foul!! I need a lawyer

[Combatso]

As the author of a Crime Book, I fear I will lose sales as now people will associate my work with Facebook.... Infact, I will sue anyone using the work book

Re:

[snookiex]

And if you used IRC instead, they'd call it CrimeMSN so you actually have two problems.

Vigilante Wars

[davewalthall]

Do they play Vigilante Wars?

Stupid Criminal: Use a Second Computer

[Ngarrang]

Duh! Use a second computer, a laptop, plugged in at another location. Remotely access it with an encrypted connection to do your dirty work. The second computer should be running TrueCrypt, as per the advice already given here. Should the device become inaccessible, assume it is found and in the hands of authorities. Create another "criminal" laptop and place it at a different location. Don't go looking for the old laptop.

Haven't kids these days learned anything from watching TV?

Patsies?

[Voltas]

I watched this documentary about how a government agent was a webmaster on a similar (or maybe this site) to entrap people and build "trust" with people dealing in this. The strange part is that the agent was clearly a part of the exchange of credit card info. With identity theft corporations and how organized the business is, I highly doubt theses teens where the leaders of this. Most probably used for some of their skills and information and then now it looks like they are taking the fall.

Re:

[AmonTheMetalhead]

Awww... he takes after his daddy