Packet inspection vendors and hackers
Following a report last week that Iran is spying on domestic internet users with western-supplied technology, advocacy groups are pressuring federal lawmakers to scrutinize the use of the same technology in the U.S.
The Open Internet Coalition sent a letter to all members of the House and Senate urging them to launch hearings aimed at examining and possibly regulating the so-called deep-packet inspection technology.
Two senators also announced plans to introduce a bill that would bar foreign companies that sell IT technology to Iran from obtaining U.S. government contracts, legislation that is clearly aimed at the two European companies that reportedly sold the equipment to Iran.
The Wall Street Journal reported last week that Nokia Siemens Networks, a joint venture between Germany’s Siemens and Finland’s Nokia, recently gave Iran deep-packet inspection equipment that would allow the government to spy on internet users.
According to the Journal, Iranian officials have used deep-packet surveillance to snoop on the content of e-mail, VoIP calls and other online communication as well as track users’ other online activity, such as uploading videos to YouTube. Iranian officials are said to be using it to monitor activists engaged in protests over the country’s recent disputed presidential election, though the Journal said it couldn’t confirm whether Iran was using the Nokia Siemens Networks equipment for this purpose or equipment from another maker.
Nokia Siemens has denied that it provided Iran with such technology.
But similar technology is being installed at ISPs in the U.S.
It spurred extensive controversy last year when Charter Communications, one of the country’s largest ISPs, announced that it planned to use deep-packet inspection to spy on broadband customers to help advertisers deliver targeted ads.
My confidential sources say the packet inspection operations comes from
PITTSBURGH — A skilled San Francisco-based computer hacker who once sought to unite the cyber underworld under his benign rule pleaded guilty to federal wire fraud charges here Monday, admitting he stole nearly 2 million credit card numbers from banks, businesses and other hackers, which were used to rack up $86 million in fraudulent charges.
Max Ray Butler, 36, faces up to 60 years in prison for the two felonies under law, but his actual sentence will be influenced by a number of factors, not least a plea agreement with federal prosecutors that was filed under seal Monday.
Wearing an ill-fitting orange jail uniform and round glasses, his hair cut short and neat, the six-foot-plus Butler towered over the burly deputy marshals that brought him into the court room. Once he settled into his seat, he spoke softly and evenly as he answered questions from the judge, frequently drawing admonishments to speak up for the benefit of the court reporter.
“I actually did the actions that are relevant in the indictment, and I am guilty,” Butler said, at one point.
Butler identified himself in court as “Max Vision,” the name he gave himself in the 1990s when he became a superstar in the computer security community. At that time Butler was billing himself out as a $100-an-hour computer security consultant, and he earned the respect of his peers for creating and curating an open source library of attack signatures used to detect computer intrusions.
But it turned out Butler was staging recreational hacks on the side, and in 2001 he was sent to federal prison for 18 months for launching a scripted attack that closed security holes on thousands on Pentagon systems, and left backdoors behind for his own use.
While in prison, Butler met more serious criminals, and he was befriended by a professional swindler named Jeffrey Norminton. After his release, Norminton introduced him to an Orange County, California entrepreneur and former bank robber named Chris Aragon.
Butler admitted Monday that he began hacking banks, merchants and other hackers to steal credit card numbers, then sold them to Aragon. Aragon, who’s pending trial on related state charges in southern California, turned that stolen data into near-perfect counterfeit cards, complete with holograms, and recruited a crew of shoppers who used the cards to snap up designer merchandise for resale on eBay. Aragon earned at least $1 million in the business, police say.
Butler became a priority to federal law enforcement officials in 2006, when, under the handle “Iceman,” he staged a brazen takeover of the online carder forums where hackers and fraudsters buy and sell stolen data, fake IDs and specialized underground services.
He hacked into the forums, wiped out their databases, and absorbed their content and membership into his own site, called CardersMarket.
Continue Reading “Superhacker Max Butler Pleads Guilty” »