A UK university student has avoided jail over a malware-based scam that allowed him to break into the personal computers and webmail accounts of an estimated 100 victims. Paul McLouglin, 22, a Salford University student from Liverpool, tricked victims into downloading password-stealing software, called Istealer, which he had …
Missed the matrix...
He clearly took the blue pill.
how to stay safe online
Never ever download and run apps from unknown sources. If you have to run malware.exe to get access to a site then it is almost certainly a scam.
> McLouglin is reckoned to have accessed at least 20 individual accounts belonging to the estimated 100 victims hit by the scam.
How were the other 80 victems not affected ?
Infected but not abused?
I'm guessing the other 80 victims, although infected with the malware, didn't pass on usable login credentials.
Or, maybe they were playing games that the malware author dude wasn't interested in.
I should imagine...
... they felt that posting simplistic call-centre-level advice on a forum fairly well known for the technical expertise of its contributors was patronising enough to warrant a thumbs down.
Here, have another.
Especially that downloading unknown executables from the net, particularly those containing malware, is part of job description of some people here. Together with running them through debuggers, disassemblers et al. to see what exactly they do, and whether they should be added to the next release of AV databases. Capiche, comrade?
Mine's the one with a HIEW install disk in the pocket.
Can't say that...
...I have much sympathy for the users of keygens
sandboxie is your friend
that is all.
the victims were freetards
What the police have learned is that they can publish sting software (not malware, no sirree!) which purports to be keygen software but actually just uploads the identity of freetards to the Big Computer.
"disguised as a code-generation key for online games"
Why were the criminals who downloaded illegal, cracking software also not prosecuted.
You play with fire, expect to get burnt.
Because it wasn't cracking software.
Even if you can describe a keygen as cracking software and even if just possessing said software was illegal they didn't download any such thing, they downloaded spyware.
You can't prosecute someone who buys milk powder from a drug dealer for possession, even if they did believe they were getting cocaine and the same applies here.
All users of software are crims
If you've never downloaded a no-CD (or no-dongle) hack to use with software you legally purchased, you're a square. Illegal does not necessarily mean immoral. And it doesn't always mean stealing.
Granted, it's getting hard to find clean wares these days. Trojans everywhere. Where is the love?
Move to the U.S.
It's called conspiracy (as in to commit a crime). It's used when they can't bust someone on a normal charge. RICO allows the govt. to take the property used in the crime before a conviction is obtained. Nice racket. We also bust people for drug paraphenilia, even if they have no drugs on them and there is no residue on the items.
You can't prosecute someone who buys milk powder from a drug dealer ...
You can't? I seem to recall (maybe faultily) FBI and undercover police arresting people for buying what they thought were drugs when they were no buying drugs. (Again, my memory could be faulty)...
That is almost the same as arresting someone for solicitation. The undercover cop/fake sex offeror has no duty nor any likely intent to actually give his/her body for sex to cite or arrest a person for solicitation, intent, and agreeing to consort. In the name of keeping the public safe, the charges for solicitation tend to stick. Wouldn't the charges apply if a person is arrested for intent to purchase cocaine even if holding out cash that only obtains mashed-potato-power-mix subtitutes?
cracks may be a copyright issue as they are often modified versions of copyrighted files (they chop out the checking code from the games exe file for example), but a keygen is not illegal, there is nothing at all illegal about writing your own program and releasing it - well unless you are in the US and they patent the key generation algorithm of course!
re: Because it wasn't cracking software
You must have been asleep during the Labour years. Under thought crime legislation (brought in with the help of the Tories), INTENT is the only thing that matters now.
Anyway, no honour amongst thieves - who'd have thought it.
RE: You can't prosecute someone who buys milk powder from a drug dealer ...
IANAL, but laws on drugs possession seem to diffe between states, let alone countries, and are very different to those around software crime. In some areas of the World, possession of even the tiniest amount of some narcotics is illegal, and therefore your intent to commit the crime is shown by your attempting to purchase it, whether it actually is the drugs or powdered milk. In other areas, possession of small amounts for personal use is tolerated, in which cases the sting has to get you to buy more than the "personal use" amount so they can infer you are going to sell it on, i.e. be a dealer.
In this case, the key-gen software is itself not illegal, you could always claim you downloaded it out of curiosity, because you wanted to send it on to the game's manufacturer to allow them to tighten security, or because you wanted to study it. Because it would be very hard for the coppers to prove you had an intent to commit a criminal act, they'd probably not prosecute. It's like going to the hardware store and buying a crowbar - it doesn't make you a burglar until you take it out and use it to break into someone else's property.
Most likely because...
It's not illegal to own cracking software, It's pretty much only illegal to successfully use it. In the days of digital downloads, owning the files to some software without a license key is a very grey area.
Most cases of software "theft" aren't criminal offences, they're civil offences, which means that a case is only brought forward if the software's Intellectual Property owner brings a case forward, to successfully win a civil case you need a "balance of probabilities" which essentially means you need to prove your property rights have been trodden on, if someone unsuccessfully tries to steal software, but causes no further damage (to the software owner, in this case they damaged themselves but can't sue themselves) then there's no reasonable grounds for a civil offence case.
Parts of the internet are a hive of scum and villainy, aren't they? I have to wonder how many thousands of people are hit by this sort of thing. The bad guy in this case was just exceptionally unlucky to have been caught.
Money well spent
Nice to see cyber crime policing money so well spent.
So, to sum up; we just have illegal access to accounts of 20 people, who by the sound of it were online software thieves anyway.
And how much did this investigation and prosecution cost us all then?
re: Money well spent
"And how much did this investigation and prosecution cost us all then?"
Not as much as the vast sums they waste on the likes of CSC. And no one is accountable. EVER. Not even the NAO.
Continuous improvement - they've heard of it...
A US victim complained?
Am totally shocked he was tried in the UK.
I thought the new standard operating procedure was to extradite the bugger to the US so they can be sentenced to 80 odd years...
Nope, it's war now.
There are probably lots of helicopters flying around right now. But they're very stealthy. And they've crashed one.
Extradition is SO last season...
These days the US just send a team of navy seals to eliminate the problem.
Can you hear the black helicopters coming? There's no point trying to hide unless you switched your smartphone off 100km away.
Am totally shocked he was tried in the UK.
So am instead of them declining to prosecute and saying no crime was committed on our soil.
Not so bright, was he?
So the FTP account was easily traced to him? What would we do if there were smart criminals?
Section 3A of the Computer Misuse Act
I just read the text of section 3A and it does make interesting reading. So, if someone approaches me and asks me to supply a keylogger for what ever purpose, then I could be liable for two years in the slammer.
"A person is guilty of an offence if he makes, adapts, supplies or offers to supply any article intending .. believing that .. obtains any article .. its being supplied" ...
I don't think so...
You were only asked, not offering. I don't see anything about that.
What a complete waste of taxpayers' money!!
The title says it all - how much do you think that little farce cost, and all to protect some dumbos who were trying to break the law themselves!
US resident. University of Salford.
How long is that keyboard cable? (Or do you mean "US citizen"?)
Where's the pedantic icon - apologies, where's the icon for use by pedants? (The icon itself cannot be pedantic, after all.)