http://www.wired.com/news/technology/0,70106-0.html By Kevin Poulsen Jan, 27, 2006 Nobody was ever arrested for leaking the secret source code for parts of the Windows operating system in 2004, but a hacker who sold a copy online afterward was sentenced to two years in federal prison Friday. William "IllWill" Genovese, 29, will serve three years of supervised release following his prison term, during which he'll be subject to electronic monitoring through special software installed on his computer, under the terms handed down by federal Judge William Pauley in New York. He remains free on bail, and is scheduled to report to prison March 14. Genovese ran a popular hacking-oriented community website called IllMob.org in February 2004 when two 200-MB files containing incomplete portions of the source code for the Windows 2000 and Windows NT operating systems hit the internet, flooding dodgy websites and peer-to-peer networks like some hard-core geek version of the Paris Hilton video. Like many others, Genovese downloaded a copy. Unlike others, he posted a note to his website offering it for sale. According to court records, an investigator hired by Microsoft took Genovese up on his offer and dropped two Hamiltons on the secret source code. The investigator then returned and arranged a second $20 transaction for an FBI agent, which led to Genovese's indictment under the U.S. Economic Espionage Act, which makes it a felony to sell a company's stolen trade secrets. After consulting with his public defender, Genovese pleaded guilty last August. Genovese would have had a viable defense had he gone to trial, because the documents were widely available on peer-to-peer networks at the time of the sale, said Mark Rasch, a former Justice Department cybercrime prosecutor. "This guy didn't participate in the misappropriation, and probably didn't conspire with anybody to misappropriate it," said Rasch, a vice president at security company Solutionary. "Once it's posted online, it's just not secret anymore. At some point it becomes public information." But Genovese's public posting, coupled with his long rap sheet, made him an obvious target for prosecution. Government court filings show the Connecticut man has an extensive record of mostly petty crimes, beginning with a 1996 conviction for criminal trespass for spray painting a bridge, followed by a rash of thefts from motor vehicles and a burglary conviction. In 1999 he was convicted of "breaching the peace" by assaulting the mother of his child, according to court records. At the time of the source-code sale, Genovese was on probation for computer trespass and eavesdropping after breaking into some private computers and installing keystroke-logging software. "Basically, everything I do, I do ass-backwards," Genovese said in an instant-messaging interview ahead of Friday's sentencing. "I like drawing, so I spray paint. I like music, so I took some radios of kids I hated in high school. I like computers, so I hack." Microsoft also asked for an "appropriate amount" of financial restitution, which the government estimated at $70,000. The judge declined. The company has long maintained that the source code to Windows and other products are its crown jewels, and that making the code public could cause serious harm by stripping it of trade-secret status, and allowing competitors to duplicate the functionality of Microsoft software. The company has also expressed fears that making its source code public could allow hackers to find security holes in Microsoft products -- though, so far, intruders are doing fine without the source. Microsoft had no immediate comment on the case. Genovese said Thursday that he shut down IllMob.org temporarily this week after Assistant U.S. Attorney Alexander Southwell cited it in his request that Genovese receive a 30-month sentence -- the maximum under federal sentencing guidelines. In addition to providing free hacking tools, the website has played host to candid photos stolen from celebrity cell phones and Sidekicks. And Limp Bizkit lead singer Fred Durst recently blamed IllMob for stealing and releasing his sex video last year. _________________________________ InfoSec News v2.0 - Coming Soon! http://www.infosecnews.org
This archive was generated by hypermail 2.1.3 : Sun Jan 29 2006 - 22:59:47 PST