Forgot your password?
typodupeerror
The Courts The Internet Your Rights Online

Man Convicted For Helping Thousands Steal Internet Access 378

Posted by samzenpus
from the free-web dept.
angry tapir writes "An Oregon man has been convicted of seven courts of wire fraud for helping thousands of people steal Internet service. Ryan Harris, 26, of Redmond, Oregon, was convicted by a jury in U.S. District Court for the District of Massachusetts. He faces a prison term of up to 20 years and a fine of up to $250,000 on each of the seven counts."
This discussion has been archived. No new comments can be posted.

Man Convicted For Helping Thousands Steal Internet Access

Comments Filter:
  • by ozduo (2043408) on Monday March 05, 2012 @03:18AM (#39245035)
    don't to the crime if you cant do the time
    • by MacGyver2210 (1053110) on Monday March 05, 2012 @04:09AM (#39245245)

      I would agree with you on that if corporate CEOs and pretty much everyone who makes over a million dollars a year hadn't set the precedent that defrauding thousands of people at a time comes only with a slap on the wrist and a meager fine despite a huge profit margin.

      Shit, that's the definition of how corporate America works. Why aren't they jailing the CEOs of the cable companies instead for charging >5000 times the amount they pay for bandwidth for the average user? Why aren't they jailing the AT&T and Verizon execs for bait-and-switch with the 'Unlimited' plans which are actually limited to single-digit bandwidth amounts?

      It's all ass-backward, and this guy just had the balls to do something about it. Do your time, but do it proudly.

      • by 0100010001010011 (652467) on Monday March 05, 2012 @04:48AM (#39245417)

        Why aren't they jailing the CEOs of the cable companies instead for charging >5000 times the amount they pay for bandwidth for the average user?

        I bet it'd be a different story if this guy had significant campaign contributions. It'd be a "Misunderstanding" of some sort.

        • Re: (Score:3, Insightful)

          by flyneye (84093)

          Because Mr. Harris didn't make any "political contributions" and Cable companies are on a first name basis with Repubmocrat legislators.
          Further Mr. Harris charged a fee for helping gain free internet access. Hackers put up this info for free on the internet. I notice they aren't being charged either.
          Nope, this was a case of regulating commerce and example making. Have your contribution ready 'cause you have to buy the right to make money here in the U.S.

        • Re: (Score:3, Insightful)

          by turing_m (1030530)

          A parasite on the cable companies is not going to be able to match the magnitude of the campaign contributions of said cable companies. Whoever makes a decision by looking at such things is going to say "Hmmm. Campaign contributions from cable companies >= Gross amount of your theft... kthxbye."

      • by Corbets (169101) on Monday March 05, 2012 @04:55AM (#39245445) Homepage

        I would agree with you on that if corporate CEOs and pretty much everyone who makes over a million dollars a year hadn't set the precedent that defrauding thousands of people at a time comes only with a slap on the wrist and a meager fine despite a huge profit margin.

        Shit, that's the definition of how corporate America works. Why aren't they jailing the CEOs of the cable companies instead for charging >5000 times the amount they pay for bandwidth for the average user? Why aren't they jailing the AT&T and Verizon execs for bait-and-switch with the 'Unlimited' plans which are actually limited to single-digit bandwidth amounts?

        It's all ass-backward, and this guy just had the balls to do something about it. Do your time, but do it proudly.

        Why aren't they also jailing each of the individual loan officers who sold mortgages to customers who couldn't pay them back? They were, perhaps, more directly responsible than the CEOs, and yet also directly benefited (commissions or bonuses, depending how such things work at each institution).

        That question is also your answer. There is a very large chain of people involved in the financial crisis, and it's unlikely that any single one of them can be apportioned enough blame to go to jail.

        • by Sycraft-fu (314770) on Monday March 05, 2012 @05:52AM (#39245641)

          Those that walked in to various loans, eyes wide shut? Or those who took loans they couldn't afford because they figured they'd just flip the house and make money?

          The idea that individuals were completely blameless in the financial crisis is silly. Sure there were some people who were suckered in. They were told one thing and given another. For them I have some sympathy (though really, there's a standard loan terms sheet that comes with every loan, it isn't hard to read). However there were plenty that got greedy and just ignored all good sense.

          An example would be my cousin, call him B. He owned a house that he'd had for quite some time, around 8-10 years on a 30 year fixed mortgage he could afford. then things went crazy and he decided he's take all his equity out in a refinance so that he could buy a bunch of new toys like a truck, take an expensive vacation, shit like that. His loan amount went way up because he was taking out more than the original loan had been for since his house was allegedly worth more. He couldn't afford a fixed loan at that rate so he got a cut rate ARM. Then prices crashed, the rate went up, and he lost his house. Not only should have he known better, my dad (among others) told him this was a stupid idea.

          Then there's me, I have a house that I had since before things went crazy, on a 30 year fixed mortgage that I can afford. It supposedly doubled in value during the craziness. I could have taken a ton of money out. I didn't, because I knew that was a bad idea. I still have my house, and I can still afford my loan.

          We were both in a similar situation, he chose one option, I chose another. Nobody held a gun to anyone's head and forced the issue.

          The crisis was caused by failures and greed at so many levels. The government, the bond rating companies, the investors, the banks, the loan officers, and yes the individuals. You can't just act like a certain group were the evil ones who caused everything. There is a lot of blame to go around.

          Now if you just want to start locking everyone up, I guess that's a valid position, but you might want to ask how well that's work in, say, the drug war.

          • by ByOhTek (1181381) on Monday March 05, 2012 @06:59AM (#39245861) Journal

            The loan reps aren't exactly blameless either.

            When I bought my places ($100k-$150k range), the first loan place I went to, the guy I talked to tried to convince me to get a more expensive house (you are approved for up to $350k! You should look at something nicer!)

            I would *not* be able to pay the mortgage on such a house, let alone cover food and utilities. He didn't care, they were just going to sell the loan to some other company, they would make their money, he'd get his commission.

            Glad I went with another company. That was obnoxious.

            • by Xacid (560407) on Monday March 05, 2012 @08:17AM (#39246177) Journal

              Conversely, the fella I worked with was very practical about the topic. Basically I can afford up to X but I'd be eating only ramen and wiping with newspaper. For every increment lower that I could get to would increase my quality of life so either make more money or find something significantly cheaper than X. And hell, I was 23 at the time.

              Oh, and the bank - Bank of America oddly enough. Incidentally that guy doesn't work there anymore. He moved back to Sweden. Probably saw the writing on the wall, heh.

            • by fearofcarpet (654438) on Monday March 05, 2012 @08:20AM (#39246205)

              He didn't care, they were just going to sell the loan to some other company, they would make their money, he'd get his commission.

              You nicely summarized the root cause of the collapse of housing markets across the US. The banks thought that, by chopping up mortgages and combining them with other securities, the resulting CDOs had less risk because it was spread around and since the cost of each tranche was proportional to the risk, and therefore the yield, everyone understood the risks involved. Of course that created a profit motive to create as many mortgages as possible--and the riskier the better because the risk magically disappeared once sliced up and repackaged. Opportunists climbed into cheap suits and starting fly-by-night mortgage brokerages, assembling teams of sleazy salespeople to push bad loans. By the time the mortgages went sour, everyone involved in the transaction had taken their profit but, thanks to deregulated banking, those profits were basically paid out of the savings accounts of the very same people getting the bad mortgages. And since all the banks merged into giant mega-banks that snatched up bad debt with your money, they were "too big to fail." But don't worry, they bought "insurance" against it in the form of credit default swaps so that the government wouldn't have to bail them out. Except that the "insurance companies" were also banks and didn't have nearly enough cash to pay out, so the government bailed them out, including the third parties that were buying credit default swaps on CDOs that they didn't even own.

              So everyone made money--from the mortgage bundlers all the way up to the CEOs of the giant banks--no matter if they succeeded, failed, or wrecked the global economy in the process. And to get the economy going again, the Fed started loaning out money at %0.01 interest so the banks could turn around and lend it back to Treasury at 3% (and pay back the bailout after dumping their bad assets); it's socialism for banks, and "free markets" and personal responsibility for the rest of us. Now we have a mountain of government debt and a generation of college-educated young people entering a stagnated economy with student loans accrued during the boom-times. I guess that is what happens when you create a system in which you can flip someone's livelihood for a profit without taking on any risk or responsibility.

              ...but this guy goes to jail for 20 years for scamming cable companies.

              • by roman_mir (125474) on Monday March 05, 2012 @09:03AM (#39246435) Homepage Journal

                You nicely summarized the root cause of the collapse of housing markets across the US

                - that is NOT the root cause, that was an expected symptom based on the real root cause, which was government easy credit to the banks (they did push it down all the way to 1% for Clinton and 0% for Bush and it's there now too) and all of the mandates, that had government and quasi government agencies 'insuring' variable rate mortgages, liar loans, all of that stuff. At the time of Clinton and Bush it was mostly F&F, now it's mostly FHA, which 'insures' over 1Trillion with only 5Billion assets.

                Of-course all of this 'insurance', just like all other 'insurance' that government provides is not insurance. It's all debt and counterfeiting (hail the Fed).

                People saw this coming [youtube.com] miles away [youtube.com].

                • I imagine you're also lumping Community Reinvestment Act (CRA) loans into the culpability for the crisis. This is a thirty-year old law. You may want to look into that; CRA-approved mortgages were less likely to be subprime and less likely to be resold.

                  Also, Fannie and Freddie have rules that stipulate they would cover only 80% of a mortgage. Where did the other 20% come from? Ask Angelo Mozilo; Countrywide would just give you a second mortgage to cover the other 20%. Ta-da, 0% down payment home mortga

          • by Ihmhi (1206036)

            The idea that individuals were completely blameless in the financial crisis is silly.

            IMO it's not so much that as the fact that the banks made really irresponsible loans.

            Generally I'd say it's not only stupid but flat-out unethical for banks to give out loans to people they know can't repay them. They're just waiting for the other shoe to drop. When you have a few thousand of these loans floating around, well... look what happens.

        • That question is also your answer. There is a very large chain of people involved in the financial crisis, and it's unlikely that any single one of them can be apportioned enough blame to go to jail.

          I think there's plenty of blame to go around to justify jail time for the lot of 'em, just not enough space in the jails.

      • Re: (Score:2, Interesting)

        I would agree with you on that if corporate CEOs and pretty much everyone who makes over a million dollars a year hadn't set the precedent that defrauding thousands of people at a time comes only with a slap on the wrist and a meager fine despite a huge profit margin.

        Two wrongs make a right. Gotcha. You must be some kind of rebel freedom fighter.

        Shit, that's the definition of how corporate America works. Why aren't they jailing the CEOs of the cable companies instead for charging >5000 times the amount they pay for bandwidth for the average user?

        They aren't being jailing them because nobody has proven in a court of law that they've broken any laws. Please feel free to demand charges be pressed if you feel they're warranted. Maybe a few desperate law students can help you figure out a way to trump some charges up.

        On a related note, I was born in 1981. I probably grew up in the same culture you did, and still have admiration for things like The Conscience of a Hacker [ghostwheel.com]. Tha

      • by Richard_at_work (517087) <richardprice&gmail,com> on Monday March 05, 2012 @05:17AM (#39245523)

        Why aren't they jailing the CEOs of the cable companies instead for charging >5000 times the amount they pay for bandwidth for the average user?

        Because thats neither fraud nor any other crime - its not illegal to not base your prices on your costs. The cable companies can charge what they like for their product.

        Why aren't they jailing the AT&T and Verizon execs for bait-and-switch with the 'Unlimited' plans which are actually limited to single-digit bandwidth amounts?

        Now that's a better example, and one I can't give an answer to.

        It's all ass-backward, and this guy just had the balls to do something about it. Do your time, but do it proudly.

        Sorry, but that's just a pathetic excuse for this guys actions, he didn't do anything justifiable or the be proud of.

      • by erroneus (253617)

        It just means he should have incorporated and created a ficticious "personhood" to take the fall.

      • by bws111 (1216812)

        Yeah, right. Let's examine your claim that "defrauding thousands of people at a time comes only with a slap on the wrist and a meager fine".

        Bernie Madoff - 150 years
        Bernie Ebbers - 25 years
        Dennis Kozlowski - 25 years
        Jeffrey Skilling - 24 years, 4 months

        Yup, just 'slaps on the wrist'.

        Why aren't they jailing the CEO of cables companies? How about: because they aren't doing anything illegal. What laws do you imagine they have broken? If we take your ridiculous assertion that they are charging >5000 tim

    • by TheVelvetFlamebait (986083) on Monday March 05, 2012 @05:08AM (#39245487) Journal

      It depresses me that people think that some people it takes material profit in order to make fraud and theft of service immoral. Apparently you can't commit a crime against a rich person, unless you become one in the process.

      • by evilviper (135110)

        Apparently you can't commit a crime against a rich person, unless you become one in the process.

        You're way off. In this case the fact that he made a decent amount of money off of the fraud COMPLETELY undercuts his claim of this being a "freedom of information" situation, where he just reported on a known exploit, or some such.

        We've heard enough cases here, of legitimate researchers facing unjustified prosecution at the behest of corporate interests, that those in the know have become highly suspicious of a

      • by steelfood (895457)

        No, you just can't commit a crime against a rich person in general. Now, poor people, you can bend them over backwards and fuck 'em however you like. At worst, you'll get a slap on the wrist. At best, you'll get a pat on the back for a job well done. Either way, you'll be filthy rich.

    • not necessarily (Score:5, Insightful)

      by Weezul (52464) on Monday March 05, 2012 @05:47AM (#39245629)

      We should never outlaw creating tools like lockpicks, knives, cable modem sniffers, or CPUs able to run unsigned code. We should only outlaw specific usages of said tool.

      A priori, there is nothing wrong with explaining how such tools work either, but aiding customers with the specifics of their particular cable provider could eventually cross the line into conspiracy to commit wire fraud, just like helping a robber a house's door would become conspiracy to commit robbery.

      I therefore hope they convicted him on specific instances of technical support he provided which unambiguously made him a conspirator in specific customer's wire fraud. And I hope he wins back his freedom on appeal if they convicted him on any other grounds.

      In fact, we should discuss the physical plans for equipment and software which he sold here because I'm sure we're curious what exactly he sold. Anyone got links to DIY kits? We should add this stuff to thepiratebay.se's physibles section : http://thepiratebay.se/blog/203

    • by andsens (1658865) on Monday March 05, 2012 @05:57AM (#39245649)

      don't to the crime if you cant do the time

      I know, but 20 years?!?! Are they serious? That is an insane amount of time for a non-violent crime!

  • by Anonymous Coward on Monday March 05, 2012 @03:22AM (#39245051)

    Courts are an odd unit to measure instances of wire fraud.

  • Bad design (Score:5, Interesting)

    by xenobyte (446878) on Monday March 05, 2012 @03:26AM (#39245065)

    If this guy could build a business, complete with websites, forums and so on, it must have gone on for quite a while (6 years it turns out), so it is obvious that:

    1) The ISP didn't know enough about their business to realize the giant holes this guy was exploiting.
    2) The ISP was incompetent enough to let this guy and his customers steal service (which the ISP's other customers paid for) for a long time.

    Any sentencing here should include a heavy fine to the ISP for technical incompetence.

    • Re:Bad design (Score:4, Insightful)

      by Dexter Herbivore (1322345) on Monday March 05, 2012 @03:33AM (#39245085) Journal

      Any sentencing here should include a heavy fine to the ISP for technical incompetence.

      Theoretically it already has, it's paid the fine in lost customers due to their service being so crappy. I can't imagine that you could pull something like this off without massively degrading the hijacked service.

      • Theoretically it already has, it's paid the fine in lost customers due to their service being so crappy. I can't imagine that you could pull something like this off without massively degrading the hijacked service.

        His technique used a packet sniffer & changed the MAC addresses on the modems. That creates the same havoc on the network as 2 devices with the same IP address. So you would have a situation with huge blocks of packet loss while one modem was getting the data for both modems, until the ARP

    • Re:Bad design (Score:5, Informative)

      by SuricouRaven (1897204) on Monday March 05, 2012 @03:38AM (#39245103)
      Worse, actually. He was impersonating modems using sniffed MAC addresses, which is only possible if the network is running without encryption - a feature that should be easily supported by DOCSIS (BPI has been in there since version 1.0), if the ISP were willing to fork out for the equipment. Coax is a shared medium, which means that every customer's data was being sent to every other customer on that segment, in cleartext - the only thing to stop someone from sniffing all the facebook accounts, emails, MMORPG logins and other non-SSL data they could desire would be the firewall in their modems, which is easily broken with a hacked firmware. That's a massive security worry right there - the ISP were lucky he only exploited it for theft of service, rather than sniffing all traffic and selling details to scammers who might use it for ID theft, spam and the looting of World of Warcraft accounts.
      • Re:Bad design (Score:5, Insightful)

        by ArsenneLupin (766289) on Monday March 05, 2012 @04:49AM (#39245423)

        He was impersonating modems using sniffed MAC addresses, which is only possible if the network is running without encryption

        Are you sure about this? Many encryption schemes only encrypt the payload, not link-level headers, such as the MAC address. Or how else would the modem be able to figure out which packets are for itself, and which aren't? Attempting to decrypt every packet (including those not intended for it) would be a huge performance drain.

        • by sjames (1099)

          That's fine though. Only the legitimate holder of a given MAC address would possess the correct encryption key. Another modem could transmit a packet with forged link level headers, but the payload wouldn't decrypt correctly and so wouldn't be forwarded.

      • Anything going across the public internet is in cleartext unless you take steps to encrypt it yourself. It is foolhardy to assume otherwise, or to increase the cost of modems by speccing enough CPU grunt to encrypt all traffic.
    • Re:Bad design (Score:5, Interesting)

      by Asic Eng (193332) on Monday March 05, 2012 @04:01AM (#39245209)

      Well, from the description it appears the guy was selling modified cable modems to sniff data on the coax line and enabling the user to change MAC addresses etc. This [coaxthief.com] would seem to indicate that the device would operate with several configuration sets - maybe switching those on the fly depending whether they were already in use. This way the users' modems would be able to replicate the access data of other users.

      That could be prevented by using encryption for exchanging login data, but it's pretty hard to detect: You can't easily tell the difference between unauthorized access of user B with user A's login data, and user A who just happens to use the internet a lot. Also you wouldn't notice a few users doing that in one particular segment, the guys customers could be distributed all over the US:

      • Re:Bad design (Score:4, Insightful)

        by SuricouRaven (1897204) on Monday March 05, 2012 @04:20AM (#39245291)
        Cable modems actually solved that a long time ago. The modems themselves are the authentication token - they each have a unique private key embedded in them, and the network uses that. Or rather, should use that - the type of impersonation attack that the article describes is only possible if the ISP has disabled encryption on their network (I'm assuming it's some version of DOCSIS), which is just really stupid of them.
      • by wvmarle (1070040)

        The network should be able to detect this. The end user too.

        Why I say so: let's say the thief, T, tries to go online. One way or another T intercepts the authentication codes of user U. Well maybe several users over time. Then when T wants to go online, he uses U's authentication codes to authenticate his modem to the ISP. So now T is online with U's authentication.

        Some time later, T still connected, and U wants to connect her modem to the Internet. Now there are suddenly two modems with the same authentica

    • by Sycraft-fu (314770) on Monday March 05, 2012 @04:07AM (#39245235)

      You are ok with a fine on you if your house gets broken in to and it is found you didn't do a good job securing it. After all, if we fining people for not doing security properly, then it needs to apply to physical security too, and to individuals too. So if you are like most people and have a cheap lock that is vulnerable to bumping and picking, single pane windows with no security screen or coating, no security locks on your windows, no alarm system, and so on then if you get broken in to, you get fined too.

      After all, it is something you can fix. You can get high security locks from someone like Medeco or Assa that can't be bumped, and key controlled, hard to pick etc. You can have your windows replaced with coated glass and screens that are very difficult to break through. You can buy friction security locks for your windows that you take on and off when you want to open them and so on.

      You probably don't choose to. Few people do. It costs more and is inconvenient. However it does make it much easier for someone to break in to your house.

      Now if you aren't ok with that, then I have to ask why it is ok to fine the ISP. Could have the had better security? Most certainly. However they chose not to and that doesn't make what was done to them right. Same shit with you. You can choose to have better security. Just because you don't, doesn't make it right for someone to break in.

      • by rdebath (884132)

        I dunno about the exact rules for high security locks and so forth, but insurance companies will refuse to pay out if you left the door unlocked.

        Plus if you've already been broken into they will not insure you unless you've increased the security since then.

        So yes, most people will "get fined" even if they don't know it yet.

        • Same deal for the ISP's insurance, and yes they have insurance of many types.

          So why again should they be punished by the court system? Just because smart ass geeks think they could do better?

    • by Tim C (15259)

      Any sentencing here should include a heavy fine to the ISP for technical incompetence.

      I wasn't aware that was illegal.

  • by dutchwhizzman (817898) on Monday March 05, 2012 @03:54AM (#39245177)
    Writing tools to configure cable modems is what he got convicted for. He just wrote some tools so you could BOOTP your cable modem with a "valid" MAC and uncapped access speed. The cable companies knew they were putting the security in the dynamically configured end user device. They didn't fix the security flaw after it was publicly known. All the guy did was write an exploit for a publicly known bug, others (end users) were the ones that abused it.

    Oh well, at least now there is jurisprudence to put gun manufacturers into jail. After all, they make the tools that others use to commit crimes, which is what this guy is going to do hard time for.
    • by amiga3D (567632) on Monday March 05, 2012 @04:10AM (#39245251)

      It is slightly different in that he did provide customer support in cracking the network. Even so I wonder how this will do on appeal.

    • by snowgirl (978879)

      Oh well, at least now there is jurisprudence to put gun manufacturers into jail. After all, they make the tools that others use to commit crimes, which is what this guy is going to do hard time for.

      Only if they're selling their weapons with full knowledge and intent that it will be used to commit crimes, but then this was the case prior to this guy anyways...

    • And if the gun manufacturer was taped giving advice on how to use the gun to rob a bank, knowing that the customer was going to follow their advice?
  • Tcniso uncapper to remove bandwidth restrictions http://www.cable-modem.net/dcforum/DCForumID5/205.html [cable-modem.net] lot of interesting software still available by googling tcniso and on the torrents... stuff is really interesting how he wrote it
  • With all the effort and work that went into this thing, he could have built a legitimate business offering legal goods and services.

  • by Anonymous Coward on Monday March 05, 2012 @04:28AM (#39245343)

    I mean -- 20 years for a simple financial fraud thing. In other countries, murder is less.

    No wonder you have a considerable fraction of your population in jail [wikipedia.org].

    Scary.

  • Meanwhile... (Score:5, Informative)

    by Tasha26 (1613349) on Monday March 05, 2012 @08:38AM (#39246293) Homepage

    prison term of up to 20 years and a fine of up to US$250,000

    ...the real criminals in the banking and mortgage industry got away scoff free even after they caused damages in the trillions. Is the law blind?

  • by subreality (157447) on Monday March 05, 2012 @09:20AM (#39246571)

    I'm tired of "stealing" getting applied to every instance of "underhandedly doing something you weren't supposed to".

  • by walterbyrd (182728) on Monday March 05, 2012 @10:02AM (#39246931)

    I don't think most people get that kind of a sentence for murder.

    I saw one case on this "I Survived" show they have on Biography channel: a woman shot her husband six times in the chest, and she was sentenced to six days for aggravated assault. Six days for unloading a gun into somebody's chest, 20 years for stealing internet; what a wonderful justice system we have.

Time to take stock. Go home with some office supplies.

Working...