Slashdot Mirror
Maker of Kournikova Gets Wrist Slapped Too
shelflife writes: "This story
says 'It is the first time in history that the maker of a computer virus has been tried in the Netherlands -- indeed one of the few times it has been done in the world. Hypponen knows only of one conviction. A man was sentenced to 18 months in jail in the U.K. in the early 1990s. The man served 11 months, said Hypponen.' but that can't be true. What about Robert Morris? Anyway, the requested sentence is amazingly light -- 240 hours of civil service." The really interesting part is that this kid wasn't even a programmer. He just downloaded a kit. Shows how far this Virus Craze has gone in the last few years.
Ohhhhh, so it was a Java virus!
May be he is guilty for spreading it?
If you read the article it says, "The fact that no damage claims have been filed with the prosecutor's office is one of the reasons the prosecutor isn't asking for heavier sentencing. However, the U.S. Federal Bureau of Investigation said in a fax to the prosecutor it identified 55 victims of the Kournikova worm with a total damage of $166,827. That claim wasn't specific enough, the prosecutor said."
That is exactly right. No one stepped up to claim damages.
In light of that the defense attorney attacked the prosecution.
In terms of right or wrong it is obvious that the right thing wasn't done. In terms of judicial process and law, it was a success.
Maybe there needs to a better way to determine losses during a virus/worm incident. Are there any standard formulas not based on Anti Virus company PR?
The only thing I could find was this:
http://www.vibert.ca/prevbus.htm
It breaks time down on support efforts and totals it.
Joy. Now we have script kiddie wannabes.
That's messed up he used a kit. What a hobo.
Interesting that he turned himself in - perhaps this does lend credence to the idea that he really didn't know what he was doing. Although, to be fair, if you download a worm creation kit, use it to create a worm, and then post it to Usenet, it seems unlikely that you wouldn't be aware of the potential consequences.
When I first saw the title, I read it as "Mother of Kournikova... Too", then I wondered what she had done, and because of the "Too", I presumed it was Anna that had done something before her mother.
Mmmm.. Anna Kournikova naked and petrified...
What time is it/will be over there? Check with my iPhone app!
I think it's high time that this kind of thing happened. All these script kiddies with their DDOS and rootkit tools, virus kiddies and their kits, are able to do what they are doing because they don't have to suffer for it. Everyone else has to suffer instead. Situations like that are why we make laws in the first place.
I'm certainly against penalizing the authors of the kits, if they don't release viruses. We shouldn't do anything to people who alert us to security vulnerabilities, even to the extent of releasing an exploit, since this is often the only way to get companies to make a patch. But for those people who decide to use this information to steal the time and money of others to gratify their egos, the law is the proper recourse.
If you don't agree, that's fine. See how you feel after having to spend a weekend of your own time wiping and reinstalling the OS and applications on a machine or machines that have been hacked. Then, testing them and having to deploy new security procedures so that you can be live on Monday. It's not fun.
Finally someone in a computer-related trial gets a semi-fair sentencing. I'm suprised he didn't get $4,000,000,000 worth of jail time for all the "damages" he caused. I must admit, I'm a little suprised at the people who are not happy with the outcome of this trial..
---
evelakamatt
Anna K. never infested my email box the way Sircam has, but for some people it probably did.
I hope the court took into consideration:
- cumulative time (at sysadmin rates) spent cleaning off the virus
- long-distance and other comms. telling infectees, infected systems' admins that their systems are infected
- lost time due to disk-full errors etc.
What else?
The real loss / damage is that people are pissed off at each other for passing on a virus which someone else specifically designed for them to be able to pass on unknowingly.
Like switching the brake and clutch in city buses. Ha ha, what a riot. OK, so no one got killed, but Ha ha! Look at me! How'd you like the hospital treating your loved ones to be putting their resources toward cleaning off this scum rather than toward keeping records straight, making sure your parent / sibling / spouse / child doesn't get a medicine they're allergic to, etc?
timothy
jrnl: http://tinyurl.com/c2l8yr / foes: http://tinyurl.com/ckjno5
Will the makers of Outlook go to court for actively helping the spread of the worm by deliberately insecure handling of attachments?
-- Ed Avis ed@membled.com
We at Micro$oft strive to give as much help and support to the budding young developers as possible. To this end we announce the Micro$oft Virus Developers Network (M$VDN). Join now, download our VDK 1.0 and recieve a FREE one month subscription to our developers resource center, where you can learn about new security holes and exploits as soon as we make them!
REAL programmers write everything in pure machine language!
B8 00 4C CD 21
The really interesting part is that this kid wasn't even a programmer. He just downloaded a kit.
and
The defendant, Jan de Wit, turned himself in to the police in his hometown Sneek, Netherlands, on Feb. 14.
I would venture a guess to say that those are the reasons why he was given such a light sentance, and the fact that he was 20 years old. A little remorse goes a long way in the courts, and turning yourself in too usually helps to give a lighter sentance.
If God gave us curiosity
She is so beautiful there are no words to describe her.
you are a total fag. and nothing more. i am sorry i had to break it to you this way, but somebody has to tell you...and its about time.
I was wondering how long it would take for the police to finally go after these low-lifes who seem to have nothing better to do with their time than cause other people aggravation. After having to deal with these script kiddies for quite some time, I think jail is the safest place for them. I know quite a few IT people who would love to hunt down these jerks and kill them (Jay and Silent Bob style hehe). I think that in addtion to putting these people in prison where they belong, they should also be fined for all the costs incurred by victims of these viruses.
Anyone who makes a "virus kit" or anything similar should also be imprisoned and fined. Figuring out how to breach security in software and letting the authors know so they can fix it is one thing, and its a good thing to do. But actually writing a program to exploit shortcomings in programs has nothing other than malice written all over it.
On the other hand... one could also make a case that people should be allowed to sue software manufacturers for costs incurred dealing with virii, etc. if the software company was indeed informed about the problem but took no corrective action to fix it. Of course, if they released a patch and you didn't bother to install it, or you didn't bother to install/set up the software correctly, that is and still should be your own fault.
In case of fire, do not use elevator. Use water!
ha...dont worry. all of your family and ancestory will be annialated. soon, your sorry muslim ass will die too...and in a few generations, the world will be completly rid of your scum.
... my buddy and I were reading about different poly-morphic and boot-sector viruses in the program F-Prot. We came across one that was written in Visual Basic - and laughed. Boy, have things changed!
Sure kids who program or release viruses should get their wrirsts slapped and do some community service. What gets me is these stupid figures for damages that get banded about. If companies really are losing much as they claim, why don't they just hire someone to install security patches when they become available, it's not exactly rocket science. In my view if you have some critical systems but don't bother to add security patches when they become available, you are equally to blame and should not be allowed to claim damages.
And here I was seeing "Kournikova" and "slapped" and thinking this article was going to be much more interesting (and perhaps have some pics!)
Got Rhinos?
It's a light sentence, as sentences go, but it makes the whole process, from putting it together to serving the sentence, more trouble than it's worth in entertainment.
The reason lame modern viruses get written is that it's really easy; you put in very little time, and then get to hear reports about how it spreads: very little effort, a little entertainment. If he'd known that it would take 250 hours of work, he probably wouldn't have bothered.
The same goes for hacking websites: people do it because it doesn't take any real effort. If it took 250 hours of boring work that you can't automate, people wouldn't bother.
Sorry....even white trash has enough taste not to fuck an arab. With your primitive intelect, grotesq smell, inferior beliefe and culture system, and down-rught uglyness. Question:you are in america. No one hurts you our persecuts you (i know this because you said you live in arazona...and you are happily siting on your computer posting in a slashdot forum.) Why the fuck do you think you shuld hurt us? does your feeble mind succomb to bin laden's pathetic propagand? are you that simple of a man?
"I'm ready for my close-up, Mr Katz"
I just heard some joyful news on talk radio - pharao and son of Ra Ra-Slurm-Gurm-Roort was found alive in his egyptian tomb this morning. There weren't any more details. I'm sure everyone in the Slashdot community will welcome him - even if you won't enjoy his work, there's no denying his upcoming contributions to popular culture. Truly an ancient icon.
she would never fuck your sorry sand nigger ass. you might wanna try a camel...they usuly dont mind.
Damn. I thought it said, "Kournikova Gets Slapped."
I got all excited for nothing.
He said he lived in Arizona. Area code 905 is in Canada.
I think that all viruses show how much the Internet relies on trust, and how easy it is to violate that trust. To me this is like removing stop signs at intersections, or disabling stop lights -- on the one hand, a thoughtless prank,
; on the other hand, a criminal act that costs countless money and time. I hope this kid has to do sysadmin work, install patches, and fight off other viruses as part of his community service.
...to the father of the beutiful tennis player?
"A man was sentenced to 18 months in jail in the U.K. in the early 1990s. The man served 11 months, said Hypponen.' but that can't be true. What about Robert Morris?"
Not to take away from RTM, but what about Kevin Mitnick?
Guns don't kill people; Physics kills people! - John Lithgow as Dick Solomon on Third Rock From The Sun
240 hours of community service is quite a bit, at least in my book.
Say you work a 40-hour week (days)...that pretty much only gives you weekends to devote to service. If you work 8 hours on saturday, it will take 30 weeks to complete the sentence.
Anybody want to give up 30 saturdays? I didn't think so.
The punishment is certainly less than what one might have expected, but I think this is a good trend, not a bad one. I'd much rather see these marginally troublesome white-collar criminals get easier sentences than ANY drunk driver or other violent criminal acts. So the virus is bad. Sure. Was there any loss of life? Was anyone maimed or psychologically traumatized (heh) over the incident? Hell - he didn't even try to steal information or money.
Punishments should fit the crime. What he did was not excusable, but a little perspective check is in order - especially after tuesday's events.
sedawkgrep
Is that a salami in my pants or am I just happy to be me?
and you wipe your asses with your hands. i mean whats that all about?
Last few years? Hmm. Virus kits have been around for awhile now. Right now I am looking over the docs for IVP (Instant Virus Production Kit) 1.7 which has a time-stamp from 1992. It supported .COM/.EXE(MZ) infections, encryption, etc. If you look through a virus bestiary, all of these viruses begin with IVP.*. I remember seeing a "review" of the kit by a virus software company, calling it shoddy. So I guess Virus Kits are nothing new. Just thought I would mention it.
We should send a message to all clueless amateurs out there that go around "clicking" in virus making kits and creating Outlook viruses that force law abiding companies to close down their e-mail systems and loose thousands of dolars in revenues (imagine all those suffering employees that cannot send the latest joke to all their collegues).
If we don't act swiftly and decisively now, we risk having these "amateurs" playing around with Code Red Creation Kits.
I say hang the guy in Dam square in Amsterdam - that will show them!!!
I got that quote from ESR's page, and it may not be what you think it is :)
http://tuxedo.org/~esr/fortunes/rkba.html
timothy
jrnl: http://tinyurl.com/c2l8yr / foes: http://tinyurl.com/ckjno5
If you choose a OS that can be infected with Virii (M$ & some MacOSs, M$DOS) then you CHOOSE to recieve the consequences along with it. You CHOOSE an insecure OS that ALLOWS it to duplicate itself. For god's sake. What kind of an OS would execute a file by itself? I don't see any Unix, or most embeded OSs doing this!
Don't complain when you get virii. Because you CHOOSE an OS that can get it. Stop your childish whining.
Oh? Why not blame a OS maker that makes an OS THAT AUTOMATICLY EXECUTES VIRII? You have no choice. The OS will execute it BY ITSELF. You choose M$ products, you CHOOSE to get a virus. Quit whining when you get one. If you don't want a virus, don't use an OS that can be infected with one. And don't be monkey brained enough to run the fscking thing.
He is well within his rights [as is anybody] do do wtf they like on the computer with viruses or whatever.
Releasing it is what made life hell for people, hence theres the crime.
As long as its just him screwing with it and learning about stuff, who the hall can tell him what he can and cant do within the boundarys of his own computer?
Oh hang on whats this DMCA thingy....
Ali ( at london d0t c0m )
In the name of all that's holy, don't let our marketing department hear about this!
The really interesting part is that this kid wasn't even a programmer.
The really interesting part is that he did not make the gun, just pointed it and pulled the trigger.
- - - - - - - - - - -
I am a programmer. I am paid to produce syntax not grammar. Deal with it.
The conviction in 1990 wasn't for creating a virus. I know, because I was network manager at one of the sites involved and was responsible for logging network activity which formed part of the evidence. In that case, the individual had found a vulnerability in the ICL 3980 mainframe series - in essence, root password changes were logged to a journal which was publicly readable. He had already taken over several machines in the UK before we were alerted, but as it happened he hadn't managed to root us because we were "slack" in our password changing and the root password hadn't actually been changed for many months. Other more diligant sites who changed the password weekly or monthly weren't so fortunate.
For a couple of weeks I created logs of his connections to our machine; they were traced back to a dial-up connection at one of the colleges in London. Once the evidence was in place, the authorities gave him (I quote the detective who interviewed me) "the wobbly door treatment" one evening, much to the amazement of his mother who was cooking dinner while her son was "playing" with his computer in his bedroom
At the time, the Computer Misuse Act was only just going through parliament and therefore he had to be charged under existing laws. The prosecution case was that modifying the magnetic fields on hard drives amounted to criminal damage, and it was for this that he was tried and convicted. He was sentenced to 12 months, with a further 6 months suspended. He came out after 11 months to an operator job with a company using ICL mainframes.
My next sig will be ready soon, but subscribers can beat the rush
mod up the above post
its funny
in the context of the post by the indignant Arab, although i can understand both their anger. reportedly muslim taxi drivers in NYC are afraid to go to work and ignorant racists have mistakenly attacked Sikhs (who wear turbans and are not muslim).
This tragedy has however usually brought out the best in _MOST_ people
AV pr peeps always predict ludicrously high "damages" purely to push sales to their product, they make it sound worse situation than it actually is by use of high "damage" estimates.
..
$50,000.000.000 and so on
if they have you all fearing the damage some lame VB worm "can cause", then they have you all buying their "solution" (which don't do very good jobs anyway).
in short : Blown out of all proportion by av companies and pr, to sell stuff.
brought back down to reality by the courts, It just show's you how over exajerated AV "news" really is.
Don't trust the media , learn to read between the lines.
Outlook makes virus propagation so easy all you have to do is come up with a catchy subject line and the rest is a CS101 project.
If they announced kernel 2.6 was pushed back a year then all the linux fundies would be spouting off about how its better to wait. Just look at any mozilla story for another example.
Only the State obtains its revenue by coercion. - Murray Rothbard
Eighteen months in jail is nothing like getting your wrists slapped! That's a year and a half in confinement at a very dangerous place. It's a jail sentence, not a slap on the wrist.
What the hell is the matter with people who think they're entitled to take away people's freedom for causing a little economic damage? People are more important than money!
A lot of these hackers might learn their lesson through public humiliation and education. Jail does nothing to fix people, so why the hell resort to it except in hopeless cases?
"In prison you just have to shut your eyes and take it. Here you have to shut your eyes and give it."
The guy who got 18 months was a different person. That's what I get for not reading the story.
I think they should return the kid his computer. They should delete the viruses and let him keep his computer and data. Just because he released a virus shouln't be reason to seize his entire digital "assets".
"In prison you just have to shut your eyes and take it. Here you have to shut your eyes and give it."
didn't write a virus. It was a worm. It sought out vulnerabilities that were (at the time) unknown to the majority of internet users. It replicated and attempted to spread at such a rate it crippled the internet.
Desperation is a stinky cologne
Google lists a few. Looks pretty insecure to me.
Not convinced? How about doing a search for Outlook Express at Security Focus?
Or browse a few Crypto-Gram by Bruce Schneier. Good reading, IMHO.
...c'mon, where's the craftsmanship? Where's the pride in your work? When I wrote viruses, it was all about doing it yourself, accomplishing something. Now you don't even have to be a programmer, you just have to know how to point-and-click. I tell ya, when pride in craftsmanship goes down the toilet, there's nothing left.
"Make it ten--I am only a poor corrupt official."
--Captain Louis Renault (Claude Rains), Casablanca
CmdrTaco appears to be one of those people out there who have a rather confused notion of how severe sentences actually are. This is the second posting about how 18 months in juvie or 240 hours of community service + a criminal record amounts to a slap on the wrist.
This is pretty dumb. Jail is boring, obnoxious, demeaning and occasionally dangerous, particularly for these type of people. A sentence of several months is not a slap on the wrist. Community service sounds about right.
"Anna," I said, "You have to hear this: SKIDP's are dead. I'm sorry I had to bring you such horrendous news."
"That's okay," she said, much to my surprise. "You wanna see what I did?"
"Sure," I said.
She then took off her panties, which was all she was wearing, and showed me: She had shaved her pussy, and I could see that it was glistening with her juices. Without a word, I dropped to my knees, and she flung her right leg over my shoulder. I immediately began licking her swollen clitoris, and sucking the warm smagma off of her labia. She moaned in ecstasy. I spread the lips with one hand in order to get my tongue more completely into her. I moistened the middle finger of my other hand with her juices, and slipped it into her asshole. As I did this, she came, flooding my mouth with her pussy's hot liquid. I drank some of it, and kept some of it in my mouth. I then stood up to kiss her, and she drank her own juices as though she was dying of thirst. Sliding my hard, throbbing cock into her was like sliding into melted butter. After fucking her like this for some time, I pulled out of her cunt and slid my pussy-drenched cock into her ass. She wrapped her legs around me (I was still standing up), and I began to pound her ass with my cock, fucking her harder and faster with every thrust. She screamed when she came, and as she did, I shot my hot load of cum into her asshole.
After a few cigarettes smoked in silence, Anna asked me, "Did you say SKIDP's are dead?"
"Yes," I replied. "Dead as Dr. Laura's battered, used-up fuckhole."
She nodded sadly. She finished her cigarette and began to gently rub her own clit. I finished my cigarette and went back to work on her.
I think it is a great thing that he is going to trial. It is time for everyone to stop seeing people such as Jan de Wit as innocent. He created something that caused companies problems. The fact that he used a creationkit to create the worm is beside the point. Everyone are responisble for their own actions, and everyone should be prepared to take ALL consekvenses that their actions may have... always!
If you look at most "new" viruses that are added to the databases of Antivirus products, you can see that they aren't actually new. Most of them are modified versions of some existing virus. So, if we get another case where someone modifies an existing virus to avoid detection by AV products, is he the creator of it? I say that he is the creator just as much as Jan de Wit is the creator of this worm.
I hope that he this guy gets a penalty. I hope that this will prevent some other people from creating viruses. Something else that is good about this case is that the creator of the kit, [K]alamar, stopped creating more kits (his name was in on Argentinan TV and this scared him).
Viruses are bad. Even though they fund an entire industri, I think everyone would be happier without them, even people in the industri. Bringing people that create or spread them to justice is a good start in the path toward a virusfree world.
Wow. The moderators have been horrible lately. What's wrong with this post? The fact that you don't agree with it does not make it flamebait. The person who moderated this down does a little bit to much of a different bait word.
An Short:
Fuckin Jerk-offs.
Looks like the link you provided is indeed the case referred to in the article. The case I was involved in happened five years earlier in 1990 and I as far as I know, then and now, was the first time there was a conviction in court for a "computer misdemeanour". Just a coincidence that both perps ended up doing 11 months, I guess.
My next sig will be ready soon, but subscribers can beat the rush
For writing software that MIGHT be used to violate copyright law and therefore violates the DMCA, Dimitry Sklyarov gets the book thrown at him. Where the hell is the justice in that? Nothing that Mr. Sklyarov did was malicious, and yet his "crime" is treated far worse than those whose actions were deliberately intended to do damage. There is something seriously wrong with this picture.
IANAL... But I play one on
For once admins had to actually work for the king's ransom that they get paid, and they actually whine about it? Buck up, this is what you are getting paid to do. I'm sorry that you had to be awakened from your sleep and actually do something useful for once, but you admins have it easy.
he is the black baron, or chris pyle. responsible for SMEG.
nice work, man. but then,I'm pretty easy to please.
If you are interested in men, then you have more to "keep this crap off" than just slashdot. :)
Anyway, the requested sentence is amazingly light -- 240 hours of civil service.
How often people say that a sentence is "amazingly light". I think that should be a crime punishable by whatever sentence the speaker/writer says is "amazingly light".
Just to remind people: at the trial, no evidence that this guy's activity had harmed anyone in any way was presented. Yes, viruses are bad; yes, he should be punished; but for a first offence, wouldn't probation and a fine be more appropriate? If he doesn't learn his lesson and offends again, OK, then throw the book at him.
No more goatsex references, please.
Yes but Dimitry Sklyarov committed his crime under US law. The US has the highest incarceration rate in the world. The wristslapping in the last few days occured outside America, and hence, the sentancing is a little more level headed.
...that way we might get secure, commercially-available email clients.