[ISN] Microsoft Tricks Hacker Into Jail

From: InfoSec News (isn@private)
Date: Sun Jan 29 2006 - 22:34:04 PST


http://www.wired.com/news/technology/0,70106-0.html

By Kevin Poulsen
Jan, 27, 2006 

Nobody was ever arrested for leaking the secret source code for parts
of the Windows operating system in 2004, but a hacker who sold a copy
online afterward was sentenced to two years in federal prison Friday.

William "IllWill" Genovese, 29, will serve three years of supervised
release following his prison term, during which he'll be subject to
electronic monitoring through special software installed on his
computer, under the terms handed down by federal Judge William Pauley
in New York. He remains free on bail, and is scheduled to report to
prison March 14.

Genovese ran a popular hacking-oriented community website called
IllMob.org in February 2004 when two 200-MB files containing
incomplete portions of the source code for the Windows 2000 and
Windows NT operating systems hit the internet, flooding dodgy websites
and peer-to-peer networks like some hard-core geek version of the
Paris Hilton video.

Like many others, Genovese downloaded a copy. Unlike others, he posted
a note to his website offering it for sale.

According to court records, an investigator hired by Microsoft took
Genovese up on his offer and dropped two Hamiltons on the secret
source code. The investigator then returned and arranged a second $20
transaction for an FBI agent, which led to Genovese's indictment under
the U.S. Economic Espionage Act, which makes it a felony to sell a
company's stolen trade secrets. After consulting with his public
defender, Genovese pleaded guilty last August.

Genovese would have had a viable defense had he gone to trial, because
the documents were widely available on peer-to-peer networks at the
time of the sale, said Mark Rasch, a former Justice Department
cybercrime prosecutor.

"This guy didn't participate in the misappropriation, and probably
didn't conspire with anybody to misappropriate it," said Rasch, a vice
president at security company Solutionary. "Once it's posted online,
it's just not secret anymore. At some point it becomes public
information."

But Genovese's public posting, coupled with his long rap sheet, made
him an obvious target for prosecution. Government court filings show
the Connecticut man has an extensive record of mostly petty crimes,
beginning with a 1996 conviction for criminal trespass for spray
painting a bridge, followed by a rash of thefts from motor vehicles
and a burglary conviction. In 1999 he was convicted of "breaching the
peace" by assaulting the mother of his child, according to court
records.

At the time of the source-code sale, Genovese was on probation for
computer trespass and eavesdropping after breaking into some private
computers and installing keystroke-logging software.

"Basically, everything I do, I do ass-backwards," Genovese said in an
instant-messaging interview ahead of Friday's sentencing. "I like
drawing, so I spray paint. I like music, so I took some radios of kids
I hated in high school. I like computers, so I hack."

Microsoft also asked for an "appropriate amount" of financial
restitution, which the government estimated at $70,000. The judge
declined.

The company has long maintained that the source code to Windows and
other products are its crown jewels, and that making the code public
could cause serious harm by stripping it of trade-secret status, and
allowing competitors to duplicate the functionality of Microsoft
software.

The company has also expressed fears that making its source code
public could allow hackers to find security holes in Microsoft
products -- though, so far, intruders are doing fine without the
source.

Microsoft had no immediate comment on the case.

Genovese said Thursday that he shut down IllMob.org temporarily this
week after Assistant U.S. Attorney Alexander Southwell cited it in his
request that Genovese receive a 30-month sentence -- the maximum under
federal sentencing guidelines.

In addition to providing free hacking tools, the website has played
host to candid photos stolen from celebrity cell phones and Sidekicks.  
And Limp Bizkit lead singer Fred Durst recently blamed IllMob for
stealing and releasing his sex video last year.



_________________________________
InfoSec News v2.0 - Coming Soon! 
http://www.infosecnews.org 



This archive was generated by hypermail 2.1.3 : Sun Jan 29 2006 - 22:59:47 PST