Man Gets 3 Years for Botnet Attack

Vobbo writes "Weeks after NANOG subscribers argued whether or not mitigating botnet command and control systems was a worthwhile endeavor, the LA Times reports that the old fashioned method of arresting and prosecuting criminals still works. Prosecutors successfully prosecuted a 21 year old who had conspired to create botnets that attacked the Department of Defense, a California school district, and a Seattle hospital before being arrested. He plead guilty and was sentenced to 3 years of 'supervised release.'"

Re:I wonder...

[legoburner]

I would imagine that since most people dont understand the full effect of the crimes, that they are more influenced by fictional events and representations. In a trial by a Jury or Judge who is not familiar with the exact scope of the technology, perhaps they err on the side of (what they see as) caution and give stricter penalties in comparison to something that is easily understood like burglary.

Re:I wonder...

[hoshino]

It depends on whether you think crimes should be judged by the intentions (which is often hard to gauge) or the effects (which can usually be factually shown). While cyber criminals often do not have the intention of causing harm to other people the same way a terrorist wants to kill people, the actions of cyber criminals can have the same if not greater effects. If someone released a computer virus that paralyzed a hospital's computer system and caused the deaths of numerous patients due to equipment failure or unnecessary delays even if you did not intent to, I personally feel that a harsh punishment is required for his lack of personal responsbility. Basically, I don't feel that "I didn't know" or "I didn't think it would be so serious" is a valid excuse.

Re:Remind me again, why do we need all these new l

[PopeRatzo]

No, friend, it's not just in Europe. I've driven down streets on the West Side of Chicago, watching police give parking tickets while open-air crack cocaine markets operate in clear view not 100 feet away.

It's not about crime and safety, it's about power and revenue.

A reminder to Americans: there's an election in a few months.

Re:What punishment?

[penix1]

"Supervised release"=="probation". They are assigned a probation officer to monitor the convicted to ensure they are living up to the conditions of their probation. One infraction of their probation sends them back to complete the full term of their sentence. Depending on the conditions, it can range from home confinement type (where they wear a tracking device and have frequent call-ins) to where they report in to the probation officer once a week or so. It depends on what the court orders. Another thing about probation...If the convicted breaks any law outside of their probation terms, the probation ends. This means that if this guy were to sell drugs, for example, while on probation for this then back to the slammer he goes.

It is a way to decrease the populations of already crowded prisons. Probation and parole are about the same thing with the exception that parole is granted by a parole board and probation is granted by the court. In short, parole isn't guaranteed to let them out early where probation is.

All in all, he got a light sentence compared to what he could have gotten for the DoD affair. He should count himself lucky he isn't in Gitmo with the rest of the "terrorists".

B.

3 yrs + 3 yrs probation plus $200K restitution

[JimmytheGeek]

He messed up a lot of people's machines, and he did it for money. I don't have a lot of sympathy, beyond a certain awe at the degree to which he is fucked. His life is pretty much over.

His probation stipulations will probably include not using computers, which when coupled with a felony conviction means he's going to be pretty much fucked in the job market when he gets out. Unless he has a whole bunch of other talents, like, being a Master Chef or something. He is therefore saddled with an unpayable debt. Even if he does pay it off, that's the equivalent of one whole house he won't get to buy. And that has repercussions down the line - who's going to hook up with a jobless loser with insurmountable debt? Added on top of the usual computer geek dating handicap, that's crushing.

He didn't think about the consequences when he attacked 400,000 machines. He probably didn't know he was hitting DoD networks and a hospital. Well, I'm not sure that attacking 400,000 home users wouldn't have still qualified him for this massive pain. Doing evil to a lot of people just because you can and get paid for it merits this kind of response.

A cleanup like he forced is expensive.

Folks - if you are interested and curious about computer security, set up a lab and 0wn the boxen therein to heart's content. Don't fire lots of live ammo indescriminately in densely populated neighborhoods, you dig? You can probably get in on a Capture the Flag haxoring event at a con near you on a nicely isolated network set up for the game. Win a Defcon CTF and I'll have a lot of respect. Being just another botherder does not show any impressive skeelz.

Re:War on Free Speech!

[tinkerghost]

I suggest you take a closer look at the facts in this situation. The police confiscated all the servers at the ISP. Pirate Bay, Pirate Party, and every other server hosted at the ISP. It was not an attempt to shut down the pirate party, it was a clear instance of attempting to intimidate ISP's into not hosting Pirate Bay. The Pirate Party and the Pirate Bay share several things, but servers is not one of them, nor is one a direct affiliate of the other.