Hacker, Counterfeiter Comes Clean Ahead of Prison Stint
Hacker, Counterfeiter Comes Clean Ahead of Prison Stint - Via Threat Level:
Jeremiah Mondello was a damn good software salesman. While he was still in college, he started a backyard eBay business that earned him some $300,000 in three years, mostly shipping Intuit's Quicken financial software at the rock-bottom price of about $30 a pop.
His secret? He pirated the software, burned it onto counterfeit discs and laundered his profits through a series of PayPal accounts established under stolen identities. This week a federal judge sentenced the 23-year-old to four years in prison for identity theft, copyright violation and mail fraud, in a prosecution hailed by the Justice Department as a warning shot to software counterfeiters.
"It's the scariest thing I've ever imagined," Mondello said. "I never dreamed this would happen in my wildest dreams. I never wanted any of this. It was a huge mistake."
In an exclusive interview with Wired.com, Mondello described how he stumbled into the counterfeit software business, and the fear gripping him as he awaits his upcoming prison stint; free on bail for the moment, he has to report to jail within 60 days.
Mondello's conviction, the 29th involving online auctioning and commercial distribution of counterfeit software, comes as Congress considers strengthening enforcement of copyrights and trademarks -- legislation that would set up an FBI anti-piracy unit and create an executive-level copyright czar reporting directly to the president. The Software Information and Industry Association and other groups say U.S. companies lose billions in revenue from piracy.
Mondello started small. In 2005, while a college student, it occurred to him he could make a quick buck by copying the SonicMY DVD Deluxe software that came with his new computer, then selling the original. Then he noticed his Epson photo printer had the ability to print on discs at a near professional quality, so he took the logical next step and began making counterfeit versions of DVD Deluxe and other programs, and offering them on eBay.
"I just sold a few to pay for gas and lunch. I was on financial aid. I didn't want to take out any more student loans," he said. "That was the starting motivation. Later, I guess I kind of decided I thought it would be a good idea to save some money and start my own business and do some travel."
Like any smart businessman, he poured some of his profits back into the enterprise, investing in some acrylic spray from the local hardware store and a few more Epson printers. "This spray-on you get from the hardware store, it gives it a nice seal," he said. "It looks professional. I thought that was kind of interesting."
Mondello chose to counterfeit products like Intuit's because they were often marketed without retail packaging.
He said he "started experimenting out in the back shed. I tried to see what I could produce for a better product. I sold a few more. Then I was like 'Well, I'm selling this under my name under my eBay account with my PayPal account with my return address.' I thought this was a pretty bad idea."
Mondello decided to conceal his identity, but needed real PayPal accounts to receive payment for the thousands of discs he was selling, which were eventually produced on two Bravo Premier Pro copiers. PayPal, though, required a link to a real bank account, and for obvious reasons he didn't want to use his own. That's where the hacking entered.
He began delivering a Trojan horse program to bank-account holders over instant messenger. The Trojan monitored the key strokes of his victims, allowing him to acquire their online banking passwords. He wielded the stolen passwords to get the victims' bank account numbers, and then to verify the microdeposits that PayPal sends as a bulwark against exactly this kind of fraud.
He withdrew his piracy profits from cash machines using PayPal debit cards. But he insists that he never stole a penny from the bank accounts he hacked. "Absolutely not. I would never do that and take that money. I never did anything I felt was wrong. And that's the truth," he said in the telephone interview from Eugene, Oregon, where he was a University of Oregon student.
Mondello, who comes from a broken home (.pdf), said he learned his craft on internet forums or websites. "It was all discovered online," he said. "I was self-taught."
He knew the scheme would eventually come to a halt, but he didn't expect to be arrested. "What I thought: I would probably one day get an e-mail from somebody asking for me to stop. That e-mail never came," he said.
Instead, last Halloween, federal agents showed up to his apartment in Eugene. "I opened the door. I immediately felt they had the wrong house," he said. "''What is this?' I thought. I was not expecting that. They started to read me the warrants. It kind of dawned on me that they had the right house."
He doesn't recall whether they were armed. Nevertheless, he spilled his guts. "I gave them (.pdf) all they wanted," he said.
For all he precautions he took to conceal his own identity, he kept records of every transaction on his laptop. He watched as the U.S. Customs agents carted the computer out the door.
"I had all the records on my computer that they took. It never ever occurred to me that anybody would ever come in my home like that," he said. "I never password-protected the computer. I never encrypted anything."
He pleaded guilty in May, and returned about $160,000 in cash. Matthew Friedrich, acting assistant attorney general for the Justice Department's Criminal Division, said the case "proves that law enforcement can identify and prosecute offenders who attempt such schemes."
Mondello's lawyer, Jay Frank, said in a court filing that the hacker has "has learned a great deal in the last year or so."
"He feels tremendous remorse for what he's done," Frank wrote. "In addition, he is extremely fearful of prison, and seems ... to be more openly fearful, and more openly preoccupied with what his circumstances will be when he's in prison, than virtually any other client [I have] represented in this court since 1985."
See Also:
- Ameritrade Hack Settlement: $2 Per Victim, $1.8 Million for Lawyers
- San Francisco Held Cyber-Hostage? Disgruntled Techies Have Wreaked ...
- San Francisco Admin Charged With Hijacking City's Network
- Prosecutor: Admin Rigged City Network for 'Failure'
- ICANN and IANA Sites Hacked, Redirected
- Republicans Search For Dollars Online
- New York Hack Hacked
(Read Original Article - Via Threat Level.)
Twitter
Digg
StumbleUpon
Technorati
del.icio.us
Facebook
Furl
LinkedIn
YahooRecent blog posts
- Undercover Feds on Social Networking Sites Raise Questions
- FBI Uses Fake Facebook Profiles To Spy On Suspects
- Lawrence Lessig: Citizens Unite
- Case Report – BCCA says aerial surveillance by telphoto zoom lens not a search
- Obama threatens to veto greater intelligence oversight
- EFF Asks Illinois Appellate Court to Block Unmasking of Anonymous Online Critic
- Who You Love Shouldn't Matter When You Serve
- EFF Posts Documents Detailing Law Enforcement Collection of Data From Social Media Sites
- Smackdown: Consumer Privacy vs. Advertiser Revenue
- Secret Document Calls Wikileaks ‘Threat’ to U.S. Army
