Microsoft Tricks Hacker Into Jail

CompotatoJ writes "Wired News reported that William 'IllWill' Genovese was sentenced to prison after being tricked by a Microsoft Investigator offering to pay $20 for a copy of the secret source code. From the article: 'The investigator then returned and arranged a second $20 transaction for an FBI agent, which led to Genovese's indictment under the U.S. Economic Espionage Act, which makes it a felony to sell a company's stolen trade secrets ... [Microsoft] has also expressed fears that making its source code public could allow hackers to find security holes in Microsoft products -- though, so far, intruders are doing fine without the source.'"

$200?

[Tx]

You paid $200 for the Windows source? Dude, you got ripped off!

Re:$200?

[Elitist_Phoenix]

I paid $200 for Windows and the source code wasn't included. I got ripped, I mean how am I meant to get applications to compile when I don't have the full kernel source?!

Re:$200?

[Mattcelt]

Err, you know, Windows has had a stable API (and ABI) since 1.0.

And it is this stubborn refusal to update the API that allows the same attacks (buffer overflows, etc.) to be successful through four generations of OS.

Microsoft's vulnerabilities aren't just the result of pushy managers and sloppy coding - it's because the APIs weren't written with security in mind, and they have more holes than swiss cheese.

In related news...

[should_be_linear]

... Remainings of MS lawer that tricked Don Vito Genovese's grandson into jail found in shoebox.

Re:$200?

[smchris]

William 'IllWill' Genovese was sentenced to prison after being tricked by a Microsoft Investigator offering to pay $200 for a copy of the secret source code. From the article: 'The investigator then returned and arranged a second $20 transaction for an FBI agent

Actually, sounds like Microsoft got the FBI a deal. Maybe we should put them in charge of the GSA and the government wouldn't be paying $5000 for popcorn poppers.

Re:$200?

[thesnarky1]

Yea, but he paid with YOUR Paypal account...

Summary wrong, $20 not $200

[Agelmar]

The summary is wrong. It says the investigator paid $200. From TFA:
"According to court records, an investigator hired by Microsoft took Genovese up on his offer and dropped two Hamiltons on the secret source code". Hamilton is on the $10 bill, not the $100 (That would be Franklin). Two Hamiltons is $20, hence the next sentence saying "...another $20 transaction..."

Re:Summary wrong, $20 not $200

[John Nowak]

Submitter actin' like he never seen a ten before.

Re:Summary wrong, $20 not $200

[Cerberus7]

Snack attack, mutha f*****!!!

Re:Summary wrong, $20 not $200

[Irish_Samurai]

crazy delicious

Re:Summary wrong, $20 not $200

[Mattwolf7]

Well when you live in Mom's basement you never have to touch the money, she always runs to the store for you

Available on P2P?

[killeena]

I haven't exactly gone looking for it or anything, but isn't the Windows source code available on P2P?

If so, that is pretty damn stupid to be selling something that is readily available like that. I am betting these undercover folks would be his only customers.

Re:Available on P2P?

[Kadin2048]

I think that's essentially going to be the guy's (admittedly lame) defense -- he didn't actually acquire/misappropriate the source from Microsoft originally, it sounds like he got it from P2P, and then offered it on his website and burned it to CD (or something else) and gave it to the undercover investigator for $20.

I'm not entirely certain with how trade secret law works -- my very vague understanding of it was that you can only go after the first person who steals it from you; once the secret gets into t

Re:Available on P2P?

[geoffspear]

I'm not entirely sure how law works either, but if you think he's going to use that or anything else as his defense, when he's already been covicted and sentenced, you understand the law a lot worse than most people.

See, you're supposed to defend yourself before you're sent to prison.

Re:Available on P2P?

[MindStalker]

I'm not entirely sure how slashdot works either, but if you think he read the article, before he posted his comment, you understand slashdot a lot worse than most people.

See, you're supposed to post first before anyone else can.

Re:Available on P2P?

[TheSpoom]

Step 1: Search for any well-known P2P program (Kazaa, SoulSeek, et al) on Google.
Step 2: Click the very top sponsored link.
Step 3: Awe at the fact that they're trying to sell it and yet are STILL in business.

Unfortunately, there are a lot of companies that profit on their customers' stupidity.

Re:Available on P2P?

[E++99]

Yes, it is/was available on P2P, and I believe the article said that the Feds were his only customers. And, yes, lawyers are basically saying that there was no case, as the code was in the public domain at that point. However, the poor sap took the advise of the public defender, so he'll be spending 2 years in jail.

I'd be all for going after the guy who originally distributed this, I think this case really sucks.

Re:Available on P2P?

[Anonymous Coward]

When you download it from P2P, it looks so full of bugs and poorly written, it can't be the real thing!

electronic monitoring

[digitaldc]

...will serve three years of supervised release following his prison term, during which he'll be subject to electronic monitoring through special software installed on his computer

Looks like they have finally found a legal use for the Sony Rootkit.

Re:electronic monitoring

[AndroidCat]

No, but he'll sell you some for $200 each.

Hacker ?!

[ErrorBase]

Probably just someone stupid enough to think he can make a quick buck by downloading something from a p2p network.

Re:Hacker ?!

[Reignking]

Nah man, this guy got pwned!

Crown Jewels!

[LiquidCoooled]

The company has long maintained that the source code to Windows and other products are its crown jewels, and that making the code public could cause serious harm by stripping it of trade-secret status, and allowing competitors to duplicate the functionality of Microsoft software.

Come on - anybody can code up a BSOD if they really want to.

Should Mark from sysinternals [sysinternals.com] be worried?

Whored Jewels!

[twitter]

Come on - anybody can code up a BSOD if they really want to.

Sure, but your friends at the former KGB [wired.com], and Communist China [zdnet.com] have an inside perspective. But hey, if you can sell crap like that to places that safeguard your countries most important secrets, why not share it with your enemies? You know they in turn are sharing it with their friends in North Korea, Pakistan and elsewhere. Terrorists indeed. No need to worry about that stuff proliferating because it's already gone. Given such an irresponsib

Re:Crown Jewels!

[Andrewkov]

As a general rule of thumb, don't install that screensaver on a server. Trust me on this.

Re:Crown Jewels!

[loraksus]

Goddamn buggy software. It bluescreened my computer and now it keeps rebooting. Looks like I'm going to have to reinstall as soon as I find my cd.
Dammit!

heh, microsoft monopoly

[musonica]

paid $200 and the go to jail..

Re:heh, microsoft monopoly

[Big Nothing]

OMFG, your comment is funny on so many levels it's scary!

This is sooo untrue!

[cablepokerface]

I heard recently about three hackers which were charged but microsoft later dropped all charges and decided not sue. I believe their names were Whitman Price and Haddad.

Re:This is sooo untrue!

[TClevenger]

Last season's winners?

No. Last season's losers.

Story from a first-person perspective

[nstrom]

You can read about this arrest from a first person perspective at William Genovese's website here [illmob.org]. An interesting read, and he lists some of the e-mail and snail mail addresses used in the sting against him.

Re:Story from a first-person perspective

[IngramJames]

Here's a Google cache for that slashdotted site.

Apologies; "A HREF" doesn't seem to want to work with this on slashdot.
http://72.14.207.104/search?q=cache:7K18878iJ3gJ:w ww.illmob.org/+%22William+Genovese%22&hl=en&gl=uk& ct=clnk&cd=9&client=firefox-a [72.14.207.104]"

Re:Story from a first-person perspective

[PsychicX]

I read through that blog, and...wow. That guy is a complete and utter moron. Can't even write a coherent sentence, and stupid as hell when it came to the sting against him too.

Re:Story from a first-person perspective

[elrous0]

One phrase in the article pretty much says it all:

having been through 2 raids before

-Eric

Re:Story from a first-person perspective

[AndroidCat]

So, what's his Slashdot username?

Re:Story from a first-person perspective

[The Breeze]

This guy is lucky as hell. He now has two years in prison to take some English writing classes. It's obvious he's been neglecting his english studies.

I read his diatribe and all I can think is, "wow, this moron is really almost 30 years old?!"

Re:Story from a first-person perspective

[pclminion]

Wow, that dude's a real bright spark, isn't he? The fact that he can't comprehend why he should go to prison for what he's done is astonishing. Blaming everyone else is modus operandii for the criminally stupid.

The only unfortunate thing is the connections he'll make while serving his two years. He'll probably be even more dangerous when he gets out.

Notice corporate rights vs personal rights

[Anonymous Coward]

Pamela Anderson's private home sex video stolen and sold is legal to sell because it's public interest a judge ruled.

Microsoft source code stolen and sold is industrial espionage with 3 year sentence.

Re:Notice corporate rights vs personal rights

[RzUpAnmsCwrds]

Pamela Anderson's private home sex video stolen and sold is legal to sell because it's public interest a judge ruled.

Microsoft source code stolen and sold is industrial espionage with 3 year sentence.


Pamela's sex video isn't trade secret. The source code to Windows is.

But, hey, why let facts get in the way of a nice anti-corporate comment?

Re:Notice corporate rights vs personal rights

[PatHMV]

Your AC comment would indeed be "insightful," were it not completely wrong. In the end, at least one company was forced to pay Pamela and Tommy Lee substantial damages for making the video available on the internet. The only battle that the porn people won was its claim that the couple signed away their rights in their initial settlement agreement with the porn people who first aired it. After the trial judge's throwing the case for internet distribution out of court was overturned on appeal [bizreport.com], the porn people threw in the towel and judgment was rendered against them [bbc.co.uk] for the illegal distribution of the video.

Technically Speaking . . .

[Dausha]

"Microsoft Tricks Hacker Into Jail"

That's not a very good headline. I mean, aren't many /.ers who write code self-described hackers? This guy was trading in pirated software. So, he is a "Pirate," not a "Hacker." I'd complain about the editing, but this is /..

Ben

Re:Technically Speaking . . .

[booch]

I would also suggest that he is not a "pirate". A pirate [gnu.org] is one who uses physical force to take things away from people, leaving the people without those items. And likely leaving them without their life. The person in the story, while still committing a crime, did not deprive anyone from use of any item, and did not use any physical force or threats.

I have a bigger problem with the word "trick" in the headline. It implies that he wouldn't have committed the crime otherwise. And sting operations are fairly

Re:Technically Speaking . . .

[slavemowgli]

A pirate? You mean he sailed the seven seas, sunk other ships, stole their goods, raped their women and murdered the crew?

I agree that the headline is typical Slashdot flamebait and that it's important to point out the difference between hackers and crackers, but it's also important to point out the difference between copyright infringment, stealing and piracy - those are three very distinct things (and only two of them are criminal offenses, too, FWIW).

Re:Technically Speaking . . .

[Malc]

Perhaps one could argue he was just selling stolen goods. In which case "fence" might be a more appropriate label.

Not a hacker, and not very tricked

[vm146j2]

FTFA Genovese would have had a viable defense had he gone to trial, because the documents were widely available on peer-to-peer networks at the time of the sale, said Mark Rasch, a former Justice Department cybercrime prosecutor.

"This guy didn't participate in the misappropriation, and probably didn't conspire with anybody to misappropriate it," said Rasch, a vice president at security company Solutionary. "Once it's posted online, it's just not secret anymore. At some point it becomes public information."

Microsoft must be getting really serious 'bout this issue; not any security issue, mind you, but a PR one, thats for sure.

They went after some guy who tried to sell what he found, and then was dum enuf to sell for $40 online, but who had no connection whatsoever to leaking anything, and, by his own description, is less than the sharpest tack in the bulletin board:

"Basically, everything I do, I do ass-backwards," Genovese said in an instant-messaging interview ahead of Friday's sentencing. "I like drawing, so I spray paint. I like music, so I took some radios of kids I hated in high school. I like computers, so I hack."

Selling other people's stuff that you find laying around may not be legal or especially smart, but making a big deal out of the 800 billion lb. gorilla "catching" a petty criminal in the act ain't much news, either, unless MS wants to spend their PR highlighting their own incompetence....Oh, now I get it.

$20!?

[Turn-X Alphonse]

Who even gets out of bed for $20 these days? I'd want at least $50

Re:$20!?

[Zemplar]

"Who even gets out of bed for $20 these days? I'd want at least $50"

Apparently you've never even used windows. $20 is a rip-off!

M$

[sloths]

Google doesn't trick people into jail.

Apple

[Frankie70]

Google doesn't trick people into jail.


After drinking Steve Jobs' koolaid, people would
voluntarity go & get themselves arrested, if Jobs
asked them to. And would even pay daily board &
food charges at the jail.

Trade secret law?

[Dr. Manhattan]

My understanding was that if a trade secret gets out, the company doesn't really have any legal standing to go after people distributing it. They can go after the people who leaked or stole it, provided they actually did something illegal in the process of discovering it, but people that they give the secret to (so long as they weren't co-conspirators in the illegal acts) didn't do anything wrong under the law.

So apparently this is wrong, or at least has been amended a bit by the act referenced in the summary. Would this guy have been in the clear if he'd just been offering a trade secret for download? (With source code, it's complicated by the fact that the code is subject to copyright, too, though. What if we were dealing with, say, the formual for Coca Cola, to take the canonical example?)

Re:Trade secret law?

[elrous0]

My understanding was that if a trade secret gets out, the company doesn't really have any legal standing to go after people distributing it.

They do if it's copyrighted.

-Eric

Re:Trade secret law?

[damsa]

Normal trade secret law isn't a criminal issue. The economic espionage act is a Federal statute that covers "theft" of a trade secret that benefits a foreign nation, and includes provisions where anyone that tries to benefit economically from theft of a trade secret can also go to jail. It is something that is not widely prosecuted and the point is if MS didn't contact the Federal government, this guy wouldn't be prosecuted, whether that is a good thing or a bad thing I don't know.

Re:Trade secret law?

[E++99]

No, there's no difference. What he did was not illegal given the state of the intellectual property in question. On the advice of the public defender, he plead out for 2 years instead of the 10 he could gotten if convincted. However, with adequate counsel, there's no way in the world he would've been convicted.

Re:Trade secret law?

[pclminion]

They can go after the people who leaked or stole it, provided they actually did something illegal in the process of discovering it, but people that they give the secret to (so long as they weren't co-conspirators in the illegal acts) didn't do anything wrong under the law.

Uh... The dude was illegally distributing COPYRIGHTED material. Its trade secret status doesn't come into it.

More stupid than criminal

[bender647]

When I first read these types of articles, I usually think, that's outrageous, he didn't do anything, the code was already leaked, now the poor sap has a conviction for something trivial.

Then I realize, hey, I'd NEVER post stolen code or offer stolen code for sale on my website. Its friggin stupid. Its obviously stolen and obviously illegal and completely traceable to me. I'd expect to have the FBI knocking on my door if I did something so stupid. Like many criminals, this guy didn't cause any real harm but completely lacks judgement. Now he'll suffer a bit for it.

Re:More stupid than criminal

[fitchmicah]

Why not? There are warez FTPs and Hotlines and stuff that offer to sell you downloads... people post tons of crap on the internet... why isn't the FBI tracking down on people who buy domains and use them for kiddie porn? Look, this guy didn't do /anything/ ! This is completely ridiculous!

Yeah, they are right.

[BoneFlower]

Sharing the source code would make it easier to find bugs. I don't think anyone seriously disputes this.

Thats often the entire point. The hardest part of fixing a bug is often *finding* it. Unless you would prefer to leave it alone and hope for the best, you want your bugs, especially critical security flaws, to be found as quickly as possible so they can be fixed.

Re:Yeah, they are right.

[Shivetya]

Actually I find it harder to get people to fix the bug after its been identificed. While some of our maintenance programmers may get around to it most of the programmers are more interested in writing new code or major changes to an existing program. Fixing bugs isn't as glamorous as doing something new.

The other side is that you can fix the bug but dependancies may introduce something new that is as bad or worse. That leads the fixing programmers into a bind, that of it being an obvious fix but having t

Re:Yeah, they are right.

[Shadow99_1]

"You don't put a random dude in jail for two years just because you can."

Now that is funny... Do you really believe that doesn't happen every day? Because if you do I have news for you...

I'm guessing you've never heard of corrupt cops, attornies hired as if they were hitmen, or any of the various other applications of 'justice' that go on all the time...

I grew up in a small town with a corrupt police force ruled by a meglomaniac police chief. I've witnessed peopel being arrested and charged with 'crimes' be

Hacker outsmarted by Microsoft?

[dcavanaugh]

Now that's news.

So what?

[AlvySinger]

No problem here, surely. Bloke caught for doing something wrong. Large organisation protects its IP.

Asserting that code in the public domain might cause security problems is just spin consistent with protecting IP. It's PR and would anyone here expect anything different. Might not be convincing but MS wants its code to itself, sees it as IP and wants to keep control over it. How is this different to any other organisation? Deride MS for being closed but if it acts consistently, where's the problem?

Wasn't

Re:

[account_deleted]

Comment removed based on user account deletion

Re:This is wrong on so many levels.

[suwain_2]

a private company takes reasearch into their own hands.

This doesn't bother me at all. They're not going out and arresting people, they're simply proactively protecting their trade secrets. And if they had run to the police the second they found something with a name suggesting it was theirs, we'd have millions of frivilous lawsuits going on. (The RIAA is known for this, but does anyone else remember someone getting a scary letter from either SPA/Microsoft because they hosted OpenOffice, which was mistaken--

A public service announcement

[Merle Darling]

Ok, first of all I think it's weird that MS can claim the source code is a trade secret in the first place. It's my understand that in order for something to be classified as a trade secret it would have to be kept secret, and people who take it and distribute it would have to be pursued and dealt with. otherwise the company loses its right to claim it as a trade secret. Witness how little (if anything) they've done about the code being swapped around for years now. Then again, IANAL, ISUCK, etc.

Regardless, the guy was convicted of selling stolen trade secrets. He was a dumbass for selling it in the first place, but I digress.. It turns out that the penalty for POSSESSION of a stolen trade secret is up to 10 years in jail and a $250k fine. It's worth considering for those of you who might have copies stashed away in backups somewhere just for the hell of it.

Not that I'd ever stoop so low as to possess stolen trade secrets, of course..

(runs off to scour his hard drive)

I wonder how hard it would be for MS to decide to scan your system for files with names matching those discovered on p2p networks. They could stick it in that monthly "Malicious Software Removal" tool in Windows Update, even. Ouch. I doubt it would work as evidence in a court but it would give them reason to suspect you or to attempt to gather evidence that WOULD stand up if they really wanted to bother charging everyone.

I know illwill, he's not that bad...

[Afecks]

I've known illwill for a very long time. We've both been in the same 'scene' for quite a while. The Windows backdoor programming scene. Most of the people in our little niche are sociopaths pure and simple. We know it's wrong but we don't really care. Saying illwill was tricked is pretty stupid. He knew it was wrong, he didn't care and he assumed no one else would. It's the same for many others, we just simply don't care. Now I'm sure illwill cares about going to jail for 2 years but that's fear of punishment, not fear of wrong doing. I'm sure even some of the more sane serial killers value their freedom.

This being said, Microsoft has won nothing. He was responsible for distributing the source code to exactly 1 person, a Microsoft snitch. If it wasn't for the snitch taking him up on his offer there would have been nobody that cared. Taking away 2 years of a persons life over such trivial shit is appalling and only serves to make us more numb and hateful to the laws of our society.

That being said, good luck illwill, we're going to miss your exploits and granny pr0n that you've posted in #trinity over the years!

source code transparancy & security

[Helmholtz]

The comment:

"...[Microsoft] has also expressed fears that making its source code public could allow hackers to find security holes in Microsoft products..."

reminded me of something I've often thought while glacing over the "who has more security holes/patches" diatribe that flops around periodically. Back when the whole Linux thing was still relatively new, I remember seeing many conversations about how having all that source code for the main system publically available means it will be eaiser for people to find and exploit that software. Microsoft tends to bolster this view, stating that one purpose of its closed source code is increased security. But you don't seem to ever seem to see this concept followed through on. Linux and BSD based systems are all over the place (i.e. the internet) these days, and the majority of web servers out there are running Apache. The code for all this software has been publically available for a very long time now, but there don't seem to be (from my perspective, at least) the increased security issues that there "should" be based on the "closed proprietary" security argument.

Nothing earth shattering, just a small observation. Take it for what you will. :)

Hacker?

[Lehk228]

what the hell? since when did we start handing out the title of Hacker to any douchebag who can figure out how to run a p2p app?

Kevin Mitnick

[Spy der Mann]

[Microsoft] has also expressed fears that making its source code public could allow hackers to find security holes in Microsoft products

Is it just me, or did the /. editors posted Kevin Mitnick's comment about 'hacking' open source code just because of this? Hmmmmm.... *thinks*

Read the Perp's Account

[E++99]

http://illmob.org/ [illmob.org] It's pretty hillarious when he describes the "bust". The feds pound on the door early in the morning. He asks who's there, they say that some cars were broken into and they want to check if his was one of them. So... he gets his shoes on goes out the BACK door to the parking lot. There's guy in a bullet-proof vest guarding his car, who obviously has no idea that he's the guy they're coming to arrest. When he indicates that that's his car, he's like "oh, uh... did you talk to the men

Has to be said

[Guppy06]

"[Microsoft] has also expressed fears that making its source code public could allow hackers to find security holes in Microsoft products"

Microsoft has had access to the Windows sourcecode since 1.0 and there are still security holes they can't find themselves.

Heck, I'd wager opening the source would actually lower the rate that these security flaws are found.

$200? You're kidding.

[Quixadhal]

What kind of moron would think they could get source code to ANY closed source product that sells more than 20 copies a year, for such a price?

Last I checked, getting the source code to an active data grid widget for VB5 (years ago, mind you) cost $5000 -- and you had to sign a bunch of NDA's to make sure you coudn't resell it or redistribute it in any form.

All for a couple bucks

[AutopsyReport]

I always say, if you're going to rob a bank or a retailer, make sure it's loaded enough to live the rest of your life in luxury. Don't be stupid over a few bucks that can be earned in a couple days work.

Some people are just ridiculously stupid.

Re:Semantics...

[EVil Lawyer]

Um, no...this isn't even remotely entrapment.

Re:Semantics...

[Richard_at_work]

Entrapped means the person was talked into doing something they otherwise wouldnt have done, tricked has similiar connotations. In this case I would say Microsoft caught him fair and square, and the transaction provided all the evidence required to jail him. Good riddance I say.

Re:Semantics...

[SeekerDarksteel]

No, I don't think anyone says "entrapped" because this case has as much to do with entrapment [wikipedia.org] as it has to do with tea in China. Entrapment requires an agent of the government to coerce someone into comitting a crime they would not otherwise commit. In this case, the guilty party offered the source for sale on his website. This is like someone putting up a sign saying "Crack For Sale" in their yard. He was offering regardless of police interference. That's as far from coercion as you can get.

Re:Semantics...

[Shihar]

Parent is absolutely right. The "summary" couldn't be any more wrong then it is.

First, this guy was not a 'hacker'. He downloaded the source from a P2P program. My mother could do that.

Second, if anyone had bothered to read the actual article, they would see there was absolutely no entrapment here. He downloaded the software and offered it up for sale on his website. The only 'entrapment' was that an agent bought what he was already offering. This guy was an idiot. He wasn't pushed by the authorities into doing anything illegal. Hell, he was the only one to be indited even though everyone and their dog has thsi source code because he was the only one stupid enough to try and sell what was freely avaliable. Not only that, but he already had a rap sheet.

This guy was just a moron, pure and simple.

Re:Semantics...

[RandoX]

He downloaded the source from a P2P program. My mother could do that.

Really? Would she be interested in selling it? Please, speak a little louder... :)

Re:Semantics...

[Basehart]

"Hell, he was the only one to be indited even though everyone and their dog has thsi source code"

After reading this I became curious and checked my dog's bedding, and sure enough I found a copy of the Microsoft source code.

Re:Semantics...

[mindaktiviti]

No kidding, I found a copy inside the CD Cover of Snoop Doggy Dogg's latest album.

Re:Semantics...

[TWX]

"After reading this I became curious and checked my dog's bedding, and sure enough I found a copy of the Microsoft source code."

So you're saying that your dog's not house-broken?

Not entrapment

[msobkow]

For it to be entrapment, someone would have had to approach him with an offer to buy the stolen source code. He posted an offer to sell the source code on a website, so he initiated the exchange.

Re:Semantics...

[hunterx11]

Private citizens or entities cannot commit entrapment unless they are acting on behalf of the government. Microsoft could have blatantly pushed Genovese into doing something he otherwise wouldn't have done, and he would still be guilty (although in such a case, Microsoft might be guilty as well).

Re:Semantics...

[JohnFluxx]

Really? If I offer someone a million pounds to steal a library book, then secretly film them doing so, and then get them arrested, is that legal? What about ethical?

Re:Those guys at Microsoft are smarter

[NetRAVEN5000]

No, they're not - they didn't even catch the person who stole it.

It even says in TFA:
"Genovese would have had a viable defense had he gone to trial, because the documents were widely available on peer-to-peer networks at the time of the sale, said Mark Rasch, a former Justice Department cybercrime prosecutor.

'This guy didn't participate in the misappropriation, and probably didn't conspire with anybody to misappropriate it,' said Rasch, a vice president at security company Solutionary."

Re:Those guys at Microsoft are smarter

[hey]

Wow, they caught a guy advertizing the code for sale. Genious!

Re:Ah, so THAT'S how they can get away w' entrapme

[InsaneGeek]

Why exactly do you think this is even remotely like entrapment? Here's a thought, since you obviously don't know what entrapment is, why don't you go and look up what it means before you engage your fingers here again.

Re:Ah, so THAT'S how they can get away w' entrapme

[InsaneGeek]

Not only do you have no clue what entrapment is, you can't even read the linked story:

"Like many others, Genovese downloaded a copy. Unlike others, he posted a note to his website offering it for sale.

According to court records, an investigator hired by Microsoft took Genovese up on his offer and dropped two Hamiltons on the secret source code. The investigator then returned and arranged a second $20 transaction for an FBI agent, which led to Genovese's indictment under the U.S. Economic Espionage"

Follow me

Re:Ah, so THAT'S how they can get away w' entrapme

[InsaneGeek]

Again, even under his explanation that still *doesn't* fall under entrapment

http://www.lectlaw.com/def/e024.htm [lectlaw.com]

"However, there is no entrapment where a person is ready and willing to break the law and the Government agents merely provide what appears to be a favorable opportunity for the person to commit the crime. For example, it is not entrapment for a Government agent to pretend to be someone else and to offer, either directly or through an informer or other decoy, to engage in an unlawful transaction wi

Re:Ah, so THAT'S how they can get away w' entrapme

[InsaneGeek]

You do realize that entrapment in layman terms means that you entice them to do something that they normally WOULD NOT DO, don't you? Unless we are allowing you to make up a completely new definition that's what it is. We was most certainly willing to do this, it would be a very difficult statment to say that this would be something that he would not normally do. Entrapment in layman terms is that you entice them with something so much that you basically force them to cross a moral boundry they normally

Re:Ah, so THAT'S how they can get away w' entrapme

[ScentCone]

I see now. Since the government isn't supposed to engage in entrapment, private companies will. And since private companies are now becoming increasingly indistinguishable from governments... I guess we're all fucked.

Are you so anxious to hate private businesses, and to think it's cool if people try to make $20 off of their stolen source code, that you're willing to pretend this jerk didn't advertise for the sale of the source code on his own web site? He wasn't "entrapped," he was advertising stolen stuff. Plus, he's obviously a complete moron.

As for private companies looking after their own welfare... why do you supposed that retailers are forced to have security guards? Retails stores, especially the ones selling expensive, eBay-friendly stuff, are hit constantly by shoplifters and scam artists. But most local taxpayers would scream bloody murder if they had to pay for enough police officers to have one on hand in every department store in every mall, 7 days a week. So, private security is a big and (unfortunately) completely necessary line of work.

You also seem to be forgetting about corporate/international espionage. Companies working on competitive products - especially those performing very expensive research - have to be continually vigilant against both inside and outside theft of their trade secrets, materials, financial plans, marketing campaigns, etc. If they don't use private security to help them deal with that, their only choice is to just put up with the consequences of seeing, say, a factory in China starting up production on something that the ripped-off research company just spent millions of dollars figuring out how to make, or they could... ask the government to provide trade security for every company? What would you say then, that the taxpayers are being forced to serve the coporations, blah blah blah? Exactly. So, when a company with a lot at stake has their own security people urgently tracking down people that are ripping them off (even some complete idiot advertising astoundingly sensitive stolen O/S source code for sale on his web site, and willing to take $20 for it), you can hardly bitch. Unless your position is that it's cool to steal sensitive information and sell it, in which case, let's start with yours: I can probably make $20 with your SSN and some other personal details. And that's too small to bother the police with, so I'm home free since you clearly don't think it's ethical for you to personally track down someone who rips you off.

Oh, and try one of those fancy new high-tech online dictionaries. You can immediately, and without fear of prosecution, learn what entrapment [m-w.com] actually means.

Re:Ah, so THAT'S how they can get away w' entrapme

[Jamesonius]

For everyone who's ready to jump on this and scream "Entrapment!" let's do two things first:

1. Read TFA. From TFA: "Like many others, Genovese downloaded a copy. Unlike others, he posted a note to his website offering it for sale."

2. Learn TFD of Entrapment. From Wikipedia [wikipedia.org]: Entrapment is when someone is "induced (or entrapped) by the police to commit [a crime]. For the defense to be successful, the defendant must demonstrate that the police induced an otherwise unwilling per

Re:Ah, so THAT'S how they can get away w' entrapme

[Geoffreyerffoeg]

Since the government isn't supposed to engage in entrapment, private companies will.

You give way too little credit to the government. They could just have avoided coming up with the idea of entrapment in the first place. All of these defenses and legal terms were either coined by the government (through civil law), or used by a clever lawyer and accepted by the judge (through common law). If they wanted to, they could've built a Star Chamber. They haven't*. Here's a surprise: the justice system is actually

Re:Entrapment

[TheRaven64]

Microsoft owns the Windows source code, so they are presumably allowed to buy and sell copies of it. If you bought something someone had stolen from you[1], then you would probably not be liable for handling stolen goods. If you arranged to buy something that had been stolen from you, had the police arrive at the exchange, and were able to prove that the item had originally belonged to you (and been stolen), then this would probably lead to a quick arrest.

[1] Yes, copyright infringement is not theft, bu

Re:Entrapment

[BarryNorton]

Unfortunatle it only counts as entrapment if the offer is made by a member of a law enforcment agency

The offer was made by the defendent (advertising on his web site), so entrapment doesn't come into it...

Re:Entrapment

[JourneymanMereel]

The original purchase could not be considered entrapment because he did make the offer on his website, but according to his account [illmob.org] of what happened, when the second purchase was made for the sake of the investigator he said that he "didnt [sic] have a copy of it anymore" and that the person contacting him "could prolly still find it on p2p etc." The contacting person apparently then claimed "'im too stupid to find that kinda stuff, if you can find it again ill give you $40 for your trouble'" which could be

Re:Entrapment

[MoneyT]

Part of entrapment is intent. That is, it's entrapment if you had no intention of comiting the illegal act but the cop provided incentive to coerce you into commiting the act. It would be pretty tough to argue that after having sold the source once, and then saying "I don't have it anymore" that he was unwilling to comit the crime. IANAL/IANALEO/IANAPL/YMMV

Re:Entrapment

[pclminion]

Funny thing though technically if it's illegal to sell the stuff I would assume it's illegal to buy it so the microsoft investigator committed a crime too.

You think it's illegal for a copyright holder to purchase their own copyrighted material from somebody? Uh...? How the hell does this compare to narcotics? Narcotics are an illegal substance, the MS Windows source code, to my knowledge is not (though it should be).

Re:hacker?

[amliebsch]

a new BSOD for it, an ansi art version.

How exactly would that look different than the current BSOD?

Re:Microsoft Entraps Downloader into Jail

[Americano]

Wow. You need to actually RTFA, and understand that words have specific meanings.

Entrapment [wikipedia.org]:

In jurisprudence, entrapment is a procedural defense by which a defendant may argue that they should not be held criminally liable for actions which broke the law, because they were induced (or entrapped) by the police to commit said acts. For the defense to be successful, the defendant must demonstrate that the police induced an otherwise unwilling person to commit a crime. However, when a person is predisposed to commit a crime, offering opportunities to commit the crime is not entrapment, such as in the widely held misconception that policemen must answer questions truthfully if they are asked the same question three times, or that they must say "yes" if asked if they are a police officer.

This guy offered the code for sale. He was not unwillingly "induced", or "coerced" to sell it. This is NOT entrapment.

That said, he is also not a simple downloader. Before your heart starts bleeding for him too badly, look at his criminal history, discussed in the article. Mostly small-time stuff, but, FTFA:

Government court filings show the Connecticut man has an extensive record of mostly petty crimes, beginning with a 1996 conviction for criminal trespass for spray painting a bridge, followed by a rash of thefts from motor vehicles and a burglary conviction. In 1999 he was convicted of "breaching the peace" by assaulting the mother of his child, according to court records. At the time of the source-code sale, Genovese was on probation for computer trespass and eavesdropping after breaking into some private computers and installing keystroke-logging software.

So let's see. He downloaded a copy of proprietary source code. He then tried to make money by selling it on his "hacking-related" web site which he operates. He also is on probation for breaking into some private computers & installing key logging software. In the very BEST light possible, he's a small-time cracker & pirate, with a history of stupid criminal behavior.

Just because Microsoft chooses not to release its source code does NOT give someone else the right to take it, and then attempt to profit by reselling that source code. Like it or not, whether or not they open-source their operating system is their CHOICE (isn't that one of the fundamental principals of the F/OSS movement?), not yours. You may not like their choice, but that doesn't give anyone the right to "correct" Microsoft's choice because it's not the same choice RMS would make.

Re:Source code?

[symbolic]

But surely this is good as it'll result in a better, more secure product in the end?

Not necessarily. First you have the security flaw, then you have the endless meetings between various groups as they decide who gets to fix it, what else might be affected, etc. After that you have the specification drawn up to determine what resources will be required, and finally, someone decides if fixing it will result in a reasonable ROI. In this case, the "ROI" translates to "people at risk". This is the downside to p