Bloomberg Anywhere Remote Login Bloomberg Terminal Demo Request


Connecting decision makers to a dynamic network of information, people and ideas, Bloomberg quickly and accurately delivers business and financial information, news and insight around the world.


Financial Products

Enterprise Products


Customer Support

  • Americas

    +1 212 318 2000

  • Europe, Middle East, & Africa

    +44 20 7330 7500

  • Asia Pacific

    +65 6212 1000


Industry Products

Media Services

Follow Us

Bloomberg Customers


As the Worm Turns

Computer security researcher and former FBI informant Max

Butler was sentenced Monday to 18 months in prison for launching an

Internet worm that spread through hundreds of military and defense

contractor computers over a few days in 1998.

In handing down the sentence, federal judge James Ware rejected defense

attorney Jennifer Granick's argument that the Air Force, and other victims

of the worm, improperly calculated their financial losses from the hack.

The judge also declined to give Butler credit for his brief stint as an

undercover FBI informant, during which he infiltrated a gang of hackers

that had penetrated 3Com's corporate phone network.

But the judge refused prosecutor Ross Nadel's request that Butler be

immediately taken into custody in the courtroom, and allowed the hacker to

remain free on bail until June 25th, when he's scheduled to report to

prison. With credit for good behavior, Butler will be eligible for

assignment to a community halfway house as early as April of next year,

and will be released in mid-October 2002. He'll then serve three years of

supervised release during which, under a special order, Butler will be

barred from accessing the Internet without permission of his probation

officer. Ware also ordered Butler to pay $60,000 in restitution.

A consultant who specializes in performing penetration tests on corporate

networks, the 28-year-old remained well regarded in computer security

circles even after his March, 2000 indictment. Butler is known for his

expertise in intrusion detection: the science of automatically analyzing

Internet traffic for "signatures" indicative of an attack, and he created

arachnids, a popular open source catalog of attack signatures that forms

part of an overall public resource at

Butler, known as "Max Vision" to friends and associates, crossed the line

in June of 1998, at a time when much of the Internet was still vulnerable

to a hole that had been discovered months earlier in a ubiquitous piece of

software called the BIND "named" domain server. The hacker group ADM

published a computer program capable of spreading through vulnerable

systems automatically. Butler launched a special strain of the worm that

penetrated systems, but also automatically closed the BIND hole as it

spread, forestalling attacks from other hackers.

Tall and soft-spoken, wearing a blazer and rumpled cargo pants, the hacker

apologetically told Judge Ware that he got caught up in the need to close

a serious security hole.

"I got swept up," said Butler. "It's hard to explain the feelings of

someone who's gotten caught up in the computer security field... I felt at

the time that I was in a race. That if I went in and closed the holes

quickly, I could do it before people with more malicious intentions could

use them."

Butler did not address why he left malevolent features from the ADM worm

in his own program, including one that created a secret back door on every

system it penetrated.

"What I did was reprehensible," Butler told the court. "I've hurt my

reputation in the computer security field. I've hurt my family and


Judge Ware emphasized the need to deter other hackers. "There's a need for those who would follow your footsteps to know that this can result in incarceration," said Ware. By Kevin Poulsen

blog comments powered by Disqus