Gonzalez Accomplice Gets Probation for Selling Browser Exploit

[InfoSec News <alerts () infosecnews org>]

http://www.wired.com/threatlevel/2010/03/jethro-sentencing/

By Kim Zetter  
Threat Level
Wired.com
March 23, 2010

A computer security professional who sold Internet Explorer exploit code 
to credit card hacker Albert Gonzalez was sentenced Tuesday in Boston to 
three years probation and a $10,000 fine.

Jeremy Jethro, 29, was paid $60,000 by Gonzalez for a zero-day exploit 
against Microsoft's browser, "the purpose and function of which was to - 
enable the conspirators to unlawfully gain access to, and redirect, 
individual.s computers," according to court records.

Gonzalez led a team of hackers who gained unauthorized access to company 
networks and stole more than 90 million credit and debit card numbers, 
though it's not clear what role, if any, the $60,000 zero-day played in 
the attacks. Jethro's attorney, Stacey Richman, told Threat Level the 
exploit was a dud.

"The exploit never worked," she said. "None of them worked. There was a 
question of potentially two [exploits] and neither of them worked."

[...]


___________________________________________________________
Register now for HITBSecConf2010 - Dubai, the premier 
deep-knowledge network security event in the GCC, 
featuring keynote speakers John Viega and Matt Watchinski! 
http://conference.hitb.org/hitbsecconf2010dxb/