Hacking: It's a love-hate relationship
Max Vision, regarded as a classic upstanding white hat -- and, it turns out, an FBI informant -- was indicted for breaking into government computers. The case illustrates the often awkward love-hate relationship between hackers and law enforcement agencies.
Max Ray Butler, 28, also known as Max Vision, was charged in March with hacking into the U.S. Department of Defense and other sensitive government computer systems. But Butler is not your typical precocious teen-age hacker. According to his complaint, Butler has worked as an FBI informant for two years.
Butler is also by most accounts an upstanding member of the security industry. He writes free software that helps companies catch computer intruders, frequently posts notes to security mailing lists, describes himself as an "expert in ethical hacking," and was regarded by many in the security community as a genuine "white hat."
The FBI wouldn't discuss its case, and Butler directed questions about his case to his lawyer, Jennifer Granick.
But several of Butler's friends say the arrest was the result of deal gone bad.
They suggest Butler was caught hacking, then agreed to act as an FBI consultant to avoid jail time. The deal went sour at some point, and then he was charged. Granick refused to discuss details, but she did hint her client was charged out of retribution.
"Even after the facts of this case arose, they continued to want his assistance, but at a certain point they had a disagreement about what kind of assistance he was providing them and at that point he was charged," Granick said. "They certainly seem to have a love-hate relationship with [hackers]."
When Butler next appears in court in September, computer hackers and law enforcement agents will watch the case carefully as, for one of the first times, a federal court will take up just how cozy investigators should get with the computer underground.
But no matter the outcome of the case, say some security experts, hackers and federal authorities will continue their often tense relations. In fact, the two groups need each other, according to Kevin Poulsen, perhaps the second most famous convicted computer hacker behind Kevin Mitnik. Poulsen said there seems to be an irresistible attraction between law enforcement and hackers.
"Hackers tend to have a certain mindset, a mischievousness, a cleverness when it comes to figuring out things, definitely a sneakiness. The only place a hacker can use that part of the brain legally is in the government," he said. Poulsen, who served a 5-year term for rigging radio station contests, was himself turned in by a computer criminal-turned-informant.
"It is love-hate. It goes both ways. The government needs that kind of talent to get those kinds of things done, and hackers are drawn to places where they can use their talents without risk of jail time."
Still, many law enforcement officers, say that is no different from the use of informants in the real world.
"There is no difference between using a hacker as a cooperator versus using a drug dealer as a cooperator. Sometimes it takes a thief to catch a thief," said Elliot Turrini, who prosecuted the Melissa virus author for the U.S Department of Justice.
But computer hackers respond that drug buyers and so-called "gray hats" -- hackers who work on the edge of legality -- shouldn't be compared. In the murky, nickname-laden world of computer security, the lines between research and illegal activity are often blurry, they say.
"I don't think there's a single security person out there who hasn't scanned a site and done something that could be considered illegal," said Dragos Ruiu, a Butler friend and CEO of security firm Dursec.com. Hackers -- "white hats" -- scan computers from across the Internet to see if they are vulnerable; computer intruders -"black hats" -- then take that information and break into the computer. It's unclear if scanning alone is illegal or simply a harmless "knock on the door."
In fact, the lines are so blurry that according to one federal prosecutor who requested anonymity, the U.S. Department of Justice is currently engaged in its own internal ethical debate about how much "illegal" hacking undercover FBI agents should be allowed to perform during investigations. Engaging in such activity is necessary because only by showing such skills can an undercover agent gain the trust of computer criminals, the source said.
And if they can't engage in those activities themselves, they sometimes get hackers to do it for them. Ruiu, of Vancouver, Canada, said he's been approached by law enforcement officers during his career and asked to perform questionable tasks.
"I remember thinking, 'I don't know if law enforcement should be involved in this," he said. "And am I doing something that is going to come back and bite me?" He worries that if Butler is sent to jail, security professionals will stop cooperating with authorities all together.
Still, other hackers say the line between legal and illegal activity isn't murky at all, and as long as you've got a clean background, there's no reason to stop helping government agents catch criminals. Joel de la Garza, a security expert at Security Inc., said he's been cooperating with the FBI for about five years.
"I've never committed cyber crimes. I have nothing to fear," he said. "I want these people to come to justice.
Martin Roesch, a well-known white hat who writes software which detects hacker activity, has also assisted in government investigations. He says his clean reputation means the Max Vision case won't impact any choice he might make to work with law enforcement. Like de la Garza, he attaches his real name to his computer security work, instead of using a pseudonym like most hackers - but he concedes that has its drawbacks.
"I've always been a white hat, tried to stay pretty squeaky clean," he said. "But being a white hat has its ups and downs. You aren't privy to a lot of information you might have if you had a fancy handle."
And it's that inside information that federal agents can't resist, which is why some create their own online personas and attempt to gain the trust of noted computer criminals that way. Still, it's much easier to form uneasy alliances with known underground characters -- either by threatening them with arrest or purely paying them -- and take advantage of their existing relationships.
"This is an important tool for law enforcement," said Tom Talleur, a federal investigator for 31 years, now a cybercrime consultant with KPMG LLP. "Courts have held that it's legitimate....But it can have unintended consequences."
For example, the informant may use information gleaned courtesy of the relationship to law enforcement to commit more crimes. That's a particular problem in any case that involves obsessive-compulsive informants like drug buyers, he said, who seem incapable of keeping promises to stay clean in the face of their overwhelming urges. Computer hackers are often obsessive-compulsive as well, he said, and will sometimes use information learned through their affiliation to break into government systems.
Poulsen disagrees, pointing out that Butler's case is a rarity, that there are few examples of hackers for hire turning against the law enforcement group they're working for. When informants who are hackers engage in illegal behavior, he said, they rarely betray their "employer."
Meanwhile, Butler's friends say they're sure he didn't take advantage of his relationship with the FBI, either.
"Here's a guy who's done nothing but add to the state of security. If this case really does keep going forward, it's a sign of desperation on the part of law enforcement, grasping at a guy who has been helping," Ruiu said.
Despite the complications of Butler's case, both hackers and federal investigators concede that for at least the near term, the FBI and other investigators will continue to turn to the computer underground for help -- both for technical expertise and access to individuals they can't find in the real world.
"They are coming up to speed rather quickly from a technology standpoint," said Space Rogue, editor of the Hacker News Network Web site. "But you always need somebody on the inside who's familiar with the people."
And despite the outcome of Max Butler's case, Poulsen thinks the flow of information between the groups won't slow down, because hackers will always want a chance to use their skills with impunity.
"So it's a chance both sides have to take," he said.