The dark side of the Internet provided Ryan Neil Green with a satisfaction that was missing in his life.
Green was a licensed plumber who was more interested in computers than pipes. Using his computer skills, authorities say he conspired with others to help infect at least 77,000 computers, turning them into a botnet that was sold to someone else who used the hijacked computers to send out spam emails.
“I loved how everyone on the Internet looked up to me because of all the things I could do,” he said in a letter to U.S. District Judge Arthur Schwab in federal court in Pittsburgh. “Everyone wanted to be my friend, and it was intoxicating.”
That changed with the birth of his daughter, Green told the judge Tuesday in court.
“I wanted to build a future that she could be proud of,” said Green, who pleaded guilty in January to hacking computers and making them send out spam messages.
Schwab sentenced Green, 32, of the Paducah, Ky., area to two years of probation and 50 hours of community service.
A prison sentence would have kept Green from providing for his daughter and would have interrupted the service Green provides through his business, Rygre Digital Marketing, the judge said.
Green and his attorney, Emily Roark, declined comment after the hearing.
Green was one of about 70 people charged worldwide in a July 2015 takedown of Darkode, an online forum where criminals met to buy and sell credit card and other personal information, to trade viruses and malware, and sometimes to sell narcotics.
Assistant U.S. Attorney James Kitchen and two FBI agents based in Pittsburgh led the international investigation, which started with an unnamed industry partner asking the FBI for help, agents said when the investigation became public.
About a year later, in January 2015, Kitchen and the FBI agents traveled to the Hague in the Netherlands to meet with prosecutors and police officers from 20 countries.
They had two more meetings at the Europol offices to coordinate their efforts over the next six months. Then, in July 2015, they started making arrests and disabling Darkode.
The suspects ranged from career criminals to college students trying to raise tuition money and computer experts moonlighting.
Green had joined Darkode in 2006. During the next six years, he conspired with others to infect computers and create the botnet they sold, Kitchen said.
“This went on for a while until I realized that I did not want to live that life anymore and the potential I had to use my talents to build a legal, profitable business,” Green said in his letter to the judge.
By the time FBI agents showed up at his home, Green had withdrawn from Darkode and was building that business, Roark said.
“He's a good father. He's become a good businessman. He's a good member of our community,” said Roark, whose law office is in Paducah.
Green volunteers his time to help other small businesses.
While pointing out the severity of Green's crime, Kitchen confirmed Green has apparently turned his life around.
“I have no reason to quarrel with anything Mr. Green or his attorney has said,” he told the judge. Green immediately cooperated with investigators, he said.
Anecdotally, there are plenty of examples of people who commit cybercrimes in their youth who go on to become law-abiding citizens and even computer security experts, said Brian Nussbaum, a former security intelligence analyst who teaches computer security at State University of New York at Albany.
“It has historically not been unusual for youthful indiscretions at the keyboard to lay the technical and intellectual foundations for careers in information technology and information security,” Nussbaum said.
How often that occurs, however, is an open question, he said.
While many criminal justice researchers focus on criminal behavior and how it changes over a person's lifetime, “there has been very little research applying this approach to cyber criminals,” Nussbaum said. “This is at least, in part, because the field of studying cyber criminality is much less mature than the broader field of studying criminality.”
Brian Bowling is a Tribune-Review staff writer. Reach him at 412-325-4301 or bbowling@tribweb.com.
