Slashdot Mirror
Appropriate Punishment For Crackers?
Cally writes "There's a Kevin Poulson article on SecurityFocus reporting that the US Sentencing Commission is seeking opinions about the appropriate punishment for convicted system crackers and other black-hat types. On one hand, it seems absurd to ruin the entire life of a foolish 15 year-old for committing the equivalent of graffiti. Then again, perhaps these people are cyber-terrorists who should be illegally imprisoned, indefinitely, without a trial, charges, or legal representation? You choose."
They should be our slaves for a while.
If I'm the accused, I want a nice short probation...if someone cracking my website, then I want 'em hung, drawn and quartered...
Hacking a website is much more than graffiti. If you spraypaint the outside of wal-mart, people can still go in and shop. If you hack walmart.com and replace it with "shout outz" then wal-mart will probably lose hundreds of sales per hour to their competitors. That is very real money to these businesses. Hacking (cracking is breaking copy-protection) a website should not have the same punishment as violent crime, but it is definitely a more severe crime than graffiti, and deserves a much harsher punishment.
A slashdotter who didn't build his own computer is like a Jedi who didn't build his own lightsaber.
I wanna know something. If someone (attempts to) breaks into your home (in the USA), you are allowed to shoot that person in self defense. Are you likewise allowed to take out anyone attacking your network?
Stop the brainwash
I don't see why cracking something you own (i.e. a DVD disc) can be illegal. It just seems that the media and government give people who are into computers a lot (nerds) are all 'hackers' and that all of them are bad. Don't they 'promote' the average consumer being knowledgable with a computer? What is so wrong that just get more into it?
Cyber-crime is no different to ordinary crime. If the 15 year old 'cracker' writes his name all over a site (i.e. graffiti) he should get the same as a 15 year-old who scrawls all over his local shopping mall (i.e. fuck all or a safari or something).
If however he goes and steals 10000 credit card numbers and uses them to buy every back issue of playboy he should be locked up for a long time. With lubricant.
There's a link in Rense.org which make the story look like yet another conspiracy theory...
:
Anyway, (closer to the topic) I guess a young cracker should do some work for the company whose products he has cracked
There's nothing as dangerous for the whole community as an angry young cracker.
If he just rehabilitate himself by doing some good work for his former victim, then he will also learn how to valuate his savoir-faire.
Trolling using another account since 2005.
How about referencing recent hacker cases, and the sentences that were imposed. How about some information on the ages of the black-hatters. No, that would be relevant to the discussion...
Force them to use DOS for a few years. That should be painful enough
Cheap UK and US VPS
Murder ... life in prison or death (by state)
... 10 years
... 5 years
... 3 years ( -1 year for good behavior)
... 6 months - 2 years
... 20 years?????
... especially when the damage can easily be undone with last night's tape backup within an hour or two in most cases ....
... and take a little more responsibility for their Internet presence .... they spend tons of money on swipe cards, cameras, etc .... why should the think they are going to do less on the Internet???
... everyone else pretty much says "SHIT! ... then stomps their feet for a few minutes, laughes when they discover how the hacker got in, then rebuilds their system or patches it, and then moves on with life ...
...
Grand theft auto
Assult and battery
Theft
Throwing eggs or spray painting a building
Hacking a computer a defacing a web site
Does that make sence????
I don't want to encourage people to commit cyber crimes, but it seems as though our society's values are a little out of whack
Perhaps some of these coorporations that are so worried about this kind of stuff shold place a little more of the blame on themselves
BTW: I am pointing at the corps. because it is their lobbiests that are pushing for these rediculous sentences for cyber crimes
Just my $0.02 cents
HallmarkOrnaments.Com
I'm not sure why you need new sentencing guidelines for old crimes (theft, extortion, fraud, embezelment, etc...) committed using new technology. Why is a crime different because a computer is involved?
$G
-- $G
Personally I think we should take a page from Singapore's book and explore the latest options in caning. Nothing drives a lesson in ethics home more quickly than being beaten severely with a bamboo stick by a martial arts master. I would also view caning as an appropriate remedy for spammers violating anti-spam laws, telemarketers ignoring do-not-call lists, as part of a comprehensive package for the last round of fraud-perpitrating corporate CEOs and companies who file frivolous patent lawsuits based on laughable patents.
I'm trying to teach myself to set people on fire with my mind... Is it hot in here?
Cyber-crime is no different to ordinary crime. If the 15 year old 'cracker' writes his name all over a site (i.e. graffiti) he should get the same as a 15 year-old who scrawls all over his local shopping mall (i.e. fuck all or a safari or something).
Hey, cleaning up a mall is expensive, cleaning up a web site should not take more than the time to restore a daily backup...
If you don't have one, then it's high time you started.
Trolling using another account since 2005.
They should be eaten, with maybe a glass of wine and a slice of cheese on top.
Coming from a person who has both an interest in network security (me) and graffiti (again, me), I have to point out that graffiti and network intrusion don't really overlap and here is why:
When a person writes on a wall (or a "reach"), the owner of the shop might show up and go, "oh crap" and they might very well pay someone a few bucks to cover it up or perhaps do it themselves. The artists' intention is clear -- to throw up some paint and that's it. The paint isn't going to seep into the wall and ruin everything inside, however. It isn't going to pick up the cash register and run off. It isn't going to take every customer's credit information.
When someone breaks into a system -- regardless of their motivations -- the breakee does not know what the intruder has in mind. Maybe it is benign, maybe it isn't, but there is no room to "let it slide." It must be treated as a malicious attack and thus computers must be shut down, customers/students lose services, huge costs in time and effort can and will be expended to purge the system of the problem which often involves what might very well be overkill -- like reinstalling a system or a number of systems because you Don't Know and you can't afford to leave loose ends.
Graffiti and network intrusion would be analagous if and only if graffiti caused the same sort of response. It doesn't.
And in case you're curious as to why I'd be into graf, check out these sites.
My
Limekiller
Not all of these crimes are the same level of maliciousness, or harm. I'm sure the people who hacked the RIAA's web site didn't do a lot of harm, since the RIAA don't trade via that site, and it's easily restored.
If I was to hack Amazon, then I would cost them money where they have lost orders, and could onconvenience their customers since they have no idea what the cracker did.
It's a matter of context. Why do they try to lump all these into a single crime.
If you read the "without a trial, charges, or legal representation" link, it is about an illegal immigrant who has been in this country on a tourist visa for many years running a charity. Whatever the reasons are, I think he should've been sent packing from this country the day his 6-months tourist visa expired. I don't think he really has any rights to complain about things now when he's been breaking immigration laws for a few years!
http://www.andrews.af.mil/89cg/89cs/scbsi/images/p oster8.jpg
Ignoring for the moment the practicalities of killing somebody over the Internet(!?), doesn't the USA already have murder/manslaughter laws? Why does there need to be special legislation depending on the method employed? Do you have special laws for murder with a knife; with a gun; with a mango?
I'm sure I'll never understand this. In the UK recently, there was a big hoo-ha in the tabloids about the need for "special laws" governing journalistic integrity for material published on the Internet. Why? There are already defamation laws.
Looking at non cyber-crime punishments they are all out of whack in the first place. Petty thieves going to jail longer than drunk drivers and such. So of course when you throw cracking into the mix the punishments aren't going to make sense either. Presently they are set way to high, but for a reason. The law enforcement isn't very capable of catching anyone. Seriously, how many police stations actually hire IT guys? Well, they should, so they dont' mess up when say using a search warrant against a l33t h4x0r. So because the enforcement is poor the penalty is high, to scare people away from doing crimes they will get away with.
The GeekNights podcast is going strong. Listen!
Having the punishment be the same as in the physical world will eliminate a lot of "Waah, it's not fair, look what they did to the poor 15 year old kid." It will take a lot of people to convince me that breaking into a computer and stealing personnel records is somehow less of a crime than different from breaking into a building and stealing the paper equivalents. By the same token, if a kid thinks it's not ok to spray-paint an office building, but it is ok to deface a website, well, then, that's a pretty stupid kid.
Of course, this is not a black and white issue. In the real world, spray painting a building can be done without breaking and entering. In the electronic world, that's usually not the case - the cracker must break into the system to deface the web page. (Unless, of course, the site has some sort of CGI-based web page update feature with no password set, but that's not too common I bet). Maybe we could make them do something useful, like 200 hours of community service. Or maybe we could have them write the following 1000 times: "L33t haxx0rs are actually dateless retards who, despite their bragging, don't actually drink beer or get pussy."
Short of the defacement of a website, everything else is analagous to real life. Whether you smash a window and steal a file cabinet, or use a root exploit and tar up some data, you're doing the same thing. And since you'll get the same punishment, you'll get (hopefully) thrown in jail for 2-3 years for breaking and entering. This means you'll have a big biker dude named Ripper for your roomate, and they find out that you did your "breaking and entering" not by using a baseball bat, but rather by sitting in front of a computer drinking Mountain Dew and eating day-old pizza, what they'll do to you will be much more punishment than what the government could ever do to you.
There is no sig, there is only Zuul.
Well, they should have to suffer just one day of the 200 years of the discrimination that our...
Oh...nevermind...
---"What did I say that sounded like 'Tell me about your day?'"---
The Amnesty "illegally imprisoned" link reguards a pare-military group as common burgulars, the Rense.com link invents another class. Both have been addressed by the US courts and neither is addressed in Kevin Poulsen's article.
All that aside, hell no a non-violent criminal should not be locked up. Some other punishment is much more appropriate, like restitution of *real* losses (no making the defendant buy a new security team) and community service, etc.
Jail *should* be for the people that are a physical threat to society, not a theoretical or financial one.
Before the thread runs off the topic, see my website for my position on the death penalty before assigning one to me.
Eve Fairbanks says I drive a hybrid!LOL
Make them do 1st level phone support for an AOL for a few hundred hours, that will teach them ...
Here's a story about a man who kidnapped, tortured and abused a girl then tried to kill her by injecting her with bleach. His sentence? 10 years - he'll be out in half that time.
Sure, give crackers jail time but make it appropriate for the crime. Maybe 3 months in jail, or probation. When I see someone like Kevin Mitnick get 7 years, and violent criminals who, in my opinion, should never be allowed out of prison get the same sentences, it pisses me off.
What is considered "cracking" under these laws though. As far as I understand, cracking your own cd/dvd/playstation etc... disks falls under this. Now, besides that issue, you have a various degree of things going on out there. Is doing a DDoS against the webs rootservers considered cracking? How about a host of other, non cracking related hacks and script kiddie things that would never EVER fall under the heading of pure cracking? With the laws as broadly written for cyber crimes if i accidenty ftp into the wrong ftp site because of a typo (ftp.netger.com) I could get slammed with all kinds of illegal activity charges that will now be legal to trump up to these unseen levels. I don't mind a law that actually helps to procute known crackers and black hats but we all KNOW that this will be used, like every other law lately, to pretty much put anyone who even thinks of doing something on the gray side of the internet into jail.
I think the subject line says it all.
They should be put in the stocks for a day or too, so that all the village peasants can throw eggs and rotten tomatoes at them. That'll learn 'em.
Stick Men
Then make them translate one day's worth of /. into intellegible human language.
That'll put 'em off...
Seriously, though - it's not the 15 year old who should be punished - it's the well paid but idle sysadmin who allows his web server to be graffitised. 15 year old skiddies almost never have access to unfixed security holes, so it's not their fault that some fat idle webmaster can't keep his patching up to date.
oh brave new world, that has such people in it!
Boy, Hemos, you think you incorporated enough of your attitude in your post? Hint: Do not consider a career in journalism.
If a person commits a crime then they should pay. If someone -- even a kid -- causes me to have to spend $1,000 of my money because of a crime they commit, then they should compensate me for it -- above and beyond whatever punishment the legal system assesses. It makes no difference if the crime was committed with a can of paint, baseball bat, or computer keyboard.
Punishment for crime must be consistant or it is unfair and, clearly, wrong.
Somehow, for some reason, some people seem to believe computer crimes and white collar crimes are somehow less wrong.
The thing is with the widespread of software and the internet and technology in general always brings in a high punishment. I think it comes down to you doing whats right. Now I am guessing if most of you see a car with the keys in the ignition you aren't going to hop in and steal it, but if you saw a website with a big vunrability more of you may be inclined to take advantage of the situation. I think the point that doesn't come home to a lot of people is computers are a part of everyone's lives now, and if we don't respect them, we will be punished.
But in general, technologists have always been risky with the law. If I created a nuclear device for the sake of doing it, even though I have good intentions and no feelings of using it, I would probably be jailed for a LONG time.
Hack Microsoft? Rewards and adulation...
Hack me? Nail the fucker to a tree...
This sig left unintentionally blank.
Congress seems to have asked a reasonable question, are there situations in which hacking sentences should be based on on other things? Are cases possible where it is closer to murder? There many obvious examples of this, such as hacking into a water dam's control system and flooding towns downstream. Congress asking whether the current guidelines are relevant to these other scenarios is pretty good question.
Why not put them in jail and improve the US world record in imprisonment statistics?
The Internet's Achilie's heel is it's awesome complexity and size. The result is that it's very east for a group to appear, do damage, and then disappear, and never be traced. Worse still, the ease with which this can be done is itself an incentive - a downtime of DNS, or of a Microsoft server, or of Yahoo, is seen as unimportant, easy, and untracable, and people - for whatever reasons, be they sociopathic, vengeful, curious, or egocentric - are attracted to perform these kinds of acts.
It's difficult for any reasonable person to know where to begin solving these issues. Traditionally, nailing down machines and networks so they are more secure has been seen as the best approach, but there's little anyone can do about having bandwidth used up by unaccountable "hacked" machines, as is seemingly more and more the modus-operandi.
Attempts to trace crackers are frequently wastes of time, and stiffer penalties for hackers are compromised by the fact that it's hard to actually catch the hackers in the first place. The situation is made worse that many of the most destructive hackers do not, themselves, set up anything beyond sets of scripts distributed to and run by suckers - so-called "script kiddies".
Given that hackers usually work by taking over other machines and coopting them into damaging clusters that can cause all manner of problems, less focus than you'd expect is put onto making machines secure in the first place. The responsibility for putting a computer on the Internet is that of a system administrator, but frequently system administrators are incompetent, and will happily leave computers hooked up to the Internet without ensuring that they're "good Internet citizens". Bugs are left unpatched, if the system administrators have even taken the trouble to discover if there are any problems in the first place. This is, in some ways, the equivalent of leaving an open gun in the middle of a street - even the most pro-gun advocates would argue that such an act would be dangerously incompetent. But putting a farm of servers on the Internet, and ignoring security issues completely, has become a widespread disease.
There is a solution, and that's to make system adminstrators responsible for their own computers. An administrator should be assumed, by default, to be responsible for any damage caused by hardware under his or her control unless it can be shown that there's little the admin could reasonably have done to prevent their machine from being hijacked. Clearly, a server unpatched a few days after a bug report, or a compromise unpatched that has never been publically documented, is not the fault of an admin, but leaving a server unpatched years after a compromise has been documented and patches have been available certainly is. Unlike hackers, it is easy to discover who is responsible for a compromised computer system. So issues of accountability are not a problem here.
Couple this with suitably harsh punishments, and not only will system administrators think twice before, say, leaving IIS 4 out in the wild vulnerable to NIMDA, but hackers too - for the same reasons as they avoid attacking hospital systems, etc - will think twice about compromising someone else's system. Fines for first offenses and very minor breaches can be followed by bigger deterents. If you were going to release a DoS attack into the wild, but knew that the result would be that many, many, system administrators would be physically castrated because of your actions, would you still do it?
Of course not. But even if you were, the fact that someone has been willing to allow their system to be used to close the DNS system, or take Yahoo offline, ought to be reason enough to be willing to consider such drastic remedies. Castration may sound harsh, but compared to modern American prison conditions, it's a relatively minor penalty for the system administrator to pay, and will merely result in discomfort combined with removal from the gene-pool. At the same time, such an experience will ensure that they take better care of their systems in future, without removing someone who might have skills critical to their employer's well being from being taken out of the job market.
The assumption has always been made that incompetent system administrators deserve no blame when their systems are hijacked and used for evil. This assumption has to change, and we must be willing to force this epidemic of bad administration to be resolved. Only by securing the systems of the Internet can we achieve a secure Internet. Only by making the consequences of hacking real and brutal can we create an adequate response to the notion that hacking, per-se, is not wrong, that it causes no damage.
This quagmire of people considering system administrators the innocents in computer security when they are themselves the most responsible for problems and holes will not disappear by itself. Unless people are prepared to actually act, not just talk about it on Slashdot, nothing will ever get done. Apathy is not an option.
You can help by getting off your rear and writing to your congressman or senator. Write also to Jack Valenti [mpaa.org], the CEO and chair of the MPAA, whose address and telephone number can be found at the About the MPAA page. Write too to Bill Gates, Chief of Technologies and thus in overall charge of security systems built into operating systems like Windows NT, at Microsoft. Tell them security is an important issue, and is being compromised by a failure to make those responsible for security accountable for their failures. Tell them that only by real, brutal, justice meted out to those who are irresponsible on the Internet will hacking be dealt with. Tell them that you believe it is a reasonable response to hacking to ensure that administrators who fail time and time again are castrated, and that castration is a reasonable punishment that will ensure a minimal impact on an administrator's employer while serving as a huge deterent against hackers and against incompetence. Tell them that you appreciate the work being done to patch servers by competent administrators but that if incompetent admins are not kept accountable, you will be forced to use less and less secure and intelligently designed alternatives. Let them know that SMP may make or break whether you can efficiently deploy OpenBSD on your workstations and servers. Explain the concerns you have about freedom, openness, and choice, and how poor security harms all three. Let your legislators know that this is an issue that effects YOU directly, that YOU vote, and that your vote will be influenced, indeed dependent, on their policies concerning maladministration of computer systems connected to the public Internet.
You CAN make a difference. Don't treat voting as a right, treat it as a duty. Keep informed, keep your political representatives informed on how you feel. And, most importantly of all, vote.
KMSMA (WWBD?)
My eyes! The goggles do nothing!
If you Break into a website and vandalize it you already have laws to deal with that... if you break into a website and STEAL confidential information we already have theft laws for that.
why we have to treat it any different than in the real world I dont understand...
if a bunch of no-brain-punks smash in the front doors of saxs 5th ave. and spraypainted all over the interior... there are a nice set of laws in place to nail the little idiot bastards.. the same happens when you B&E a website and put your no-skills drivel in place of index.html.. and the same laws need to apply.
the hard part is when the punk is in Guana and the website that was vandalized is in Alaska.. how do you prosecute the little turd without acting like a global government enforcer?
if it happens in your state with a victim and victimizer in the same state... it's easy to prosecute... but 90% of these cases are never that way.
Do not look at laser with remaining good eye.
Us honkies don't want any punishments.
The same sentencing should be both for these crackers and RIAA/MPAA and their minions..
If we are goign to send these crackers to jail then the firm hired by RIAA to crack into file sharing syste4ms shoudl also go to jail..
The real issue is destruciton of property in that how much is that property worth and the damage to said property..
If you dmage a One million dollar car it would seem reasonable to supsect that the eistmate is going to be over 10% the value to that item..
But like the word that has been passed out at defcon if you don't have the money to pay for damages than don't do the crime!
Don't Tread on OpenSource
I suppose the 'detainees' are not US citizens. Just guessing, because the article does not say they are.
Time tells me - What you have is what they let you have - Freedom is what you have while not getting caught. Metaphorically you live an illusion.
Illegal imprisonment? Nay, for they did pass laws allowing indefinite detainment. It is merely unconstitutional
So what kind of punishment are we talkin here? Have the Keebler elves smear you with peanut butter and spank you with Hi Ho crackers?
"cyber-terrorists who should be illegally imprisoned, indefinitely, without a trial, charges, or legal representation? You choose."
Why has this site become a quasi-political action group that doesn't have anything to do with technology? (considering those at guantanamo are NOT cyber-terrorists, they are the REAL kind). The above statement sends a clear political message about the author's leanings. That is the last thing I need on a tech site, not that I necessarily disagree with his point of view...but isn't this a tech site?
I say, throw the book (COBOL manual) at them ... make them sit in cubicles and code legacy mainframe apps over a dial-up connection.
Each case must be weighed to determine the proper sentencing. In many of these cases the companies who are the victim provide inflated estimates of potential loss of revenue. In actuality, there is no way to validate if the company actually lost any money at all.
Sending someone to jail for 20 years for doing the equivalent of petty larceny is a crime in itself. However, if someone brings a major network down and the loss is quantifiable - then they absolutely should pay the price - both in restitution and jail time if appropriate.
Each case has different circumstances, and each punishment should be allocated accordingly.
Lodragan Draoidh
The more you explain it, the more I don't understand it. - Mark Twain
I still don't understand why we need some kind of special legislation for the so called "cyber crime." Don't the states already have laws punishing crimes of trespassing and/or fraud?
Bush Lies Watch
The *real* problem of the little guy having a global reach is that very quickly, it's possible to create costs to others that *far* outstrip a single person's ability to compensate everyone involved (given reasonable, non-Gatesian amounts of personal wealth). The Radicati Group estimates that "malicious code" will cost more than $54 billion in economic damage by 2006: this is not inconsequential activity.
Of course, graffiti isn't, either. The US costs are around $15 billion a year, which doesn't count things like lowered property values for folks in graffiti-filled neighborhoods. Both forms of expression are anti-democratic and exploitive, much as those of pseudo-anarchist bent would like to think otherwise.
Give them a job dealing with your network security. As they say, set a deep hole with spring-loaded sides, tripwires, whirling knife blades driven by water power, broken glass and scorpions, to catch a thief.
Given that he's demonstrated that he knows a damn sight more about the securty of your networks than the admins you already employ, he should have their job....
"Concentration camps"??? Do you are saying that the US is going to be putting the hacker race to death by gassing them and then burning them. Is there actually a race of hackers that can be genectically defined? The Patriot act deals with "killing people" due to hacking... i.e. mucking with municipalities (power grid, etc), air traffic control, hospital, etc. where there is a *loss of life*.
Idiots like you need to be beaten.
Nothing. Let the punishment fit the crime. If you commit a virtual crime, you should get a virtual punishment. Maybe a ban from the internet for several years, at the worst.
On your state. In my state, NC, you can use deadly force on someone breaking in to your home. Once they get in your home you can't use deadly force unless they try to harm you or commit sexual assault. They can pack up your AV gear and walk out, but you can't shoot them.
Let them debug the linux kernel!
Oh wait ... that's already past.
A crime is a crime is a crime. Aren't there plenty of existing standards to base this on? Tie it to the harm done. Some will be misdemeanors, some will be felonies. If some 'graffiitti' splattered over a commercial site causes a relatively small financial loss, call it a misdemeanor and sentence accordingly. If the financial loss is large enough, call it a felony and give an appropriate sentence. E.g., defacing the brochure page of your local shoe store might cause them little or no measurable loss of revenue and be repairable within a single work day. Doing the same thing to Amazon or Yahoo is a different matter and calls for a much stronger sentence.
The important thing is to prevent and punish people who act criminally, and to counter the popular impression that many "geeks" don't take the issue seriously.
-- Slashdot: When Public Access TV Says "No"
Cracking refers breaking copyright protection, hacking refers to breaking into computer systems, as well as coding, using a computer in an advanced way. At least, that's the way it's always was until ESR began his ridiculous, orwelian redenotation campaign.
I mean, really. Does anyone remember hearing a Hacker referred to as a "Cracker" before a few years ago when ESR began his attempt to change the meaning of the words?
Reality isn't defined by what you would like it to be, people, and words are defined by their usage.
autopr0n is like, down and stuff.
They should be forced to work for a huge corporate bureaucracy.
- chrish
Let me start out by saying that from either point of view, the "Cracker" or "Law Enforcement/Prosecution", no standard sentencing is going to be fair. But any punishment handed down by a court needs to be realistic. Punishment should fit the crime as best as possible. Life imprisonment for defacing "www.yourmomma.com" with the possible death penalty is a way bit stiff for a fourteen year old using Dad's old K6-2, a copy of Red Hat he bought with his allowance last week from COMPUSA, and a 14.4 modem for dialup, and some "zero-day sploit" is ridiculous. Banning Junior from using a computer connected to the Internet except for school work with supervision, community service, probation until his 18th birthday and maybe even a year in a correctional facility, and a stiff fine for the parents (i.e. $50,000). That sounds a bit more reasonable. Now some asshole war driving Wi-Fi getting some operational information about some military operation in a foreign country and then selling the information to no good Joe-Terrorist who then kills some American's for his so-called Jihad to rid the East of Western Capitalist Infidels.....lets just say life imprisoned or the death penalty will never replace the people who died for this guy's stupid belief system/religion. So there it is folks, anyway you look at it, no sentencing standard is ever going to agree with everyone's platter, and in some cases it may never be enough for the actual crime. Thats my ten cents.
And let him benefit from his deeds? In the future people having some command line skills could be very hard to find. Letting him get familliar with DOS or any other command line tool will make his future a rich and famous one. I thought they wanted to punish them?
/(bb|[^b]{2})/
Bring charges appropriately. Note that you might need to legislate to clarify the scale of the offense in the new setting. As others have already pointed out, defacing a web site in a way that stops it being usable is not just graffiti, it's (probably) nearer breaking and entering followed by deliberate (albeit relatively easily repaired) vandalism.
This can affect charges and sentencing.
If yes, charge those people, too.
Since when did Anal Sex become an appropriate punihsment for crimes in this country?
autopr0n is like, down and stuff.
The only possible appropriate punishment for crackers is being kicked out of bed.
A hacker shouldn't be responsible for costs incurred in getting a new security system. I mean, it's something they needed before they were broken into, but just weren't aware of it.
Like, if someone broke into a car and stole a CD, they shouldn't need to pay for a new Car Alarm (or something)
autopr0n is like, down and stuff.
take from them which is most precious... destroy their data from their personal computer and cd's.
I'm sure most of the crackers (script kiddies) don't have the faintest idea of the consequences of their actions. To them, the remote system is just another system, another command processor that they can control.
Also, the idea that what they're doing is illegal doesn't sink in; it's only recognised superficially.
I'd say, find alternative sentences that shows the consequences of breaking in. Four weeks of miscellaneous chores in a backup tape factory, reinstalling systems that were broken in to, or something.
Also, make sure beforehand that everyone knows that cracking a system means downtime, a lot of work to reinstall, and consequential damages. All that, even if nothing was broken, because the sysadmin has to reinstall anyway just to be safe.
That being said, I think some responsible cracking should be permissible under some strict conditions (don't break anything, report the security hole, inform the victim), maybe to prove that there actually is a hole. My ISP (XS4ALL) have some rules (Dutch, sorry) on this.
If you have something valuable, it's your responsibility to take adequate measures to protect it, "adequate" being defined here as whatever it takes, under the circumstances.
On one hand, it seems absurd to ruin the entire life of a foolish 15 year-old for committing the equivalent of graffiti
More like breaking into your office to erase every whiteboard in the place and replace them with poorly spelled tags, changing the locks, or jus took the door off it's hinges, smashing the alarm system, and taking/destroying the gods know what else in the process.
Hacking a website doesn't just mean that the site was changed. Anyone with a lick of sense after an intrusion needs to take a hell of a lot of time and take stock of what they still have, what they might have copied or deleted, and if they left any backdoors so they could get back in and have their little fun. Calling is "just graffiti" shows a complete lack of understanding of information security. There is real damage done when someone "just" defaces a website. It can't just be painted over.
Are you saying being analy raped by huge, AIDS infested thugs is an apropriate punishment for someone who breaks into a computer system?
autopr0n is like, down and stuff.
Hemos didn't write that, 'Cally' did! Thus the "Cally Writes" at the begining of the artical.
How can people be so blind?!
autopr0n is like, down and stuff.
It's amazing how the corporate security professionals see lazy, bureaucratic server administrators as the problem. With budget cuts, and corporate layoffs becoming a daily occurrence, Directors and Executives are quick to "axe" expensive security solutions, and lax their security posture.
Asking the government to solve our security
problems doesn't seem to be the right solution. It
will only provide a false sense of security, and will cause lazy administrators to get lazier. I think that educating admins, and making them *responsible* would be more effective. Site Administrators should be punished, and punished hard. If an admin chooses to accept the responsibility of maintaining a web server/SQL server/etc., they should be held accountable if the server gets compromised.
As far as dealing with the individuals who compromised the system, I think that punishment/lawsuits from the individual's ISP would be the better solution. "Nothing hits harder than when it hits the pocketbook". Restitution for the time spent resolving the situation should be thrown in as well.
That's my $0.02.
Make them all read Slashdot at -1.
Liberty uber alles.
Nothing bugs me quite like crackers. Skanky caucasion folks hanging around in overalls, doing meth. Always makin' the cops visit our trailer park...
What?? I've misunderstood the meaning of "crackers" in this context? Oh.
Nevermind!
(PS - I like cheese crackers with peanut butter.)
Why do all the lawyers insist on creating new versions of every law and crime just because they happen to occur in the "digital" realm?
Let's see... hax0r kid defaces web-site.
1. Trespassing.
2. Breaking-and-Entering.
3. (possible) malicious destruction of private property.
If someone logs into your (wide-open, no password root shell) server without your permission, that's trespass.
If someone hacks your server to get in, that's trespass and breaking-and-entering.
If someone changes your web-site, etc., while they're there... that's destruction of property.
There are already well-established laws to deal with these crimes, and those laws have ranges of punishments appropriate for the severity of the offense. Why should special "digital" versions be created when existing laws already work?
This country needs fewer laws, and better enforcement of the ones it already has. More laws simply make more money for lawyers, and more loopholes for the rich and powerful.
Take care of them Taliban-style!
1 system cracked = 1 finger chopped off
2 systems cracked = 2 fingers chopped off etc.
This would make the kiddies think twice before building their huge DDoS-nets.
(hmm..run out of fingers, where should we continue)
Well I think white folks should get the same sentences as minorities commiting the same crime. What makes you think that honkeys have the-
Wait... what are we talking about again?
What is music when you despise all sound?
If they tell the other inmates about their adventures on goatse, they won't have to worry about dropping the soap!
I'd say the only punishment appropriate for crackers, is to eat them.
If you don't get it, just move along.
Slashdot gets worse every day... Pipedot: News for nerds, without the corporate slant
The problem is that unlike computer code you can't write a blanket "on criminal event X goto Y."
I would have to say that what you get punished would depend on what you broke into. Walking in a unlocked employee only door at the mall is technically a crime but I doubt you could be arrested for it. Walking into the open vault at a bank is also technically a crime but you almost certainly would be arrested for that.
Both events might cost the owner money. The mall might decide that in needs to upgrade to an autolocking door lock. The Bank would probably do a full and expensive security revue to correct its problems. In both cases you caused them to spend money.
In both cases you might argue that you got lost or was simply curious. It is up to a Judge and Jury to evaluate you and decide what is the correct punishment.
Slashdot, home of supporters of free software, free music, and free speech.Except for Moderators that disagree with you.
A crime is a crime is a crime. Aren't there plenty of existing standards to base this on? Tie it to the harm done. Some will be misdemeanors, some will be felonies.
Except that just is not the case. Take a look at drunk driving cases - you know the ones where the guy does it ten times or more? It was a felony around number three (I think, long time since driver's test) yet these guys just do not spend quality jail time.
Even better? Way back in college, I worked at a home shopping network and did some of their security work. Set up the cameras, figured out how and where they were getting the loot out, and confronted them. It was well over 5K, so it was a felony at that point. They confessed, we called in the cops, they confessed and signed a statement there too. So how much 'time' did they do for the felony? None, zero, nada. The prosecuting attorney did not bother to do anything. This happened a couple times in my short career.
I'd say, lets make sure the crime fits the punishment... because whenever I hear these cases, the 'damage' is usually the entire retail price of Solaris, the development time for the entire site, or something along that line of thought. You know that is not what Amazon from their SLA's for hardware or net servivce...
I wish there were standards too...
+++ UGUCAUCGUAUUUCU
I know some of the laws are unballanced, but let's look it from a different side. You don't punish someone only for the fun of punishing. The background of punishing someone is:
1. To isolate the person so he cannot do any more harm (if there is suspicion that the person could do). Most times this thing is not really quntifiable and definitely cannot be generalized, so it is the least probable factor in deciding the punishment.
2. Give them a punishment harsh enough that they will remember for all their life. This way you'll make sure the chances of him breaking the law (even if under strong temptation pressure) are pretty low (in acceptable statistical values).
3. Give an example for the other ones which might be inclined to break the law in a similar way. And this example must be harsh enough so even if he is not dealing with the punishment himself, he will still be able to imagine it as harsh enough not to be worth even trying to break the law (unless he is some sort of a nutcase or adrenaline addictive).
4. Also it must also not be too harsh as to break human rights or be incarcerated with criminals which could lessen the chances of rehabilitating the individual.
The 2 and 3 are the decisive factors in deciding a punishment for a crime. You want to make sure the crime is not commited anymore by anyone and not really that you have a very nicely balance of punishments.
For example, in a country where there was no homicide commited (or in very low numbers), you might find that laws which specify the punishment for such a case are missing altogether or have such small punishment that it would make anyone laugh.
For me it looks like it is similar to the Offer/Demand thing from economy. The more crimes you have to deal with, the higher penalty needed to make the numbers go down.
And let's face it. In IT crimes (hacking and the kind) each one hacker feels pretty safe behind his keyboard and anonymous. Therefore the number of people hacking something in one way or the other is almost higher than stealing. Only harsher laws will have any chance of making this thing slow down in pace.
Make them use the software they broke into for X amount of time.
:)
Break into a Windows NT server? Use it for a year.....that'll teach'em
How about a nice, swift beating?
The mildest is the person who breaks into a system, just because he can. He (or she, after all) breaks in, looks around, and leaves before doing any damage, changing anything, or "taking" anything. It doesn't impact any services that the target is providing. True, after any break-in that is discovered, the admins of the site will spend time cleaning it up and making it more secure. And I wouldn't like it if someone broke into my house just to look around. But I don't think that the punishment should be too harsh in this case, perhaps on the same scale as graffiti, maybe a little harsher because of the more expensive "cleanup".
The worst case is the cracker who breaks into a system to destroy or deface it. He changes the way external sites look and destroys information that is vital to those systems and may not be able to be rebuilt. Even a DoS could fall into this category if it leaves the site offline long enough, and is clearly deliberate. These guys should get harsher sentences, both for the public nature of their crime and the potential for data to be lost without hope of recovery.
The middle case is the cracker who breaks into a site and doesn't change anything, but just copies information from the site. In this case, the nature of the information itself and the mindset of the cracker must be taken into account. If the information was something that the cracker would have no way of using, and doesn't pass it on, then that would fall under the "curiosity" end of the spectrum. If the information was something that the hacker could directly use or sell, like credit card numbers or confidential documents sold to competitors, that would fall under the "malicious" end of the spectrum and be punished more harshly. I don't think the cracker should have to actually use the data to qualify for harsher punishment, as long as he had plans to use it. Notice that in this case, it is not necessarily the object that is copied that dictates the severity, it is the cracker's intentions.
The main problem with the way computer crime is punished right now is that whenever an item is copied/stolen, there is the tendency to assign the highest possible value to that item, without taking what the cracker plans on doing with it into account. After all, a confidential document could be worth lots of money to the company it is taken from. But nobody takes the capabilities and intent of the cracker into question; if he doesn't know how to capitalize on the value of the document, how could he be liable for "stealing" that much value?
Yes, I know that someone who steals jewelery in real life and then hocks it for a tenth of its value still stole the jewelery, not 1/10th of it. But when physical objects are stolen, the victim doesn't possess it anymore. When documents are "stolen" but not deleted, the victim still has access to it. Therefore, I think it is proper to assign the "value" of the theft to be how much the value of the document is reduced, not the value of the document itself. And if the cracker doesn't know how to use the document or who to sell it to, how can its value be reduced?
Your entire argument seems to depend on legally defining computers as dangerous weapons as opposed to tools.
Tools are unregulated and the owner is not responsible if someone steals their tool and uses it in a crime. If I leave a shovel leaning against the side of my house and someone takes it and uses it to kill someone, I am not legally responsible. Even if I knew that risk existed when I failed to secure the tool.
Guns are regulated and the owners are (somewhat) responsible for the actions taken with them, even by others and even without the owner's permission or knowledge. However, the owner is never held fully responsible for the actions of the person who took and used their gun. And the level of responsibility is negligible unless bodily injury results and there was a minor who has legitimate access to the premises involved.
Somehow, I don't think anyone is going to agree to classify computers as deadly weapons and make the penalties for their unauthorized use greater than those for the unauthorized use of firearms.
How can we afford to ever sleep
So sound again
--ebtg
Yes, cheese should be the punishment for crackers. For some reason they just go well together.
I may be a little offtopic and negative about this, but it seems odd to debate the punishment of these crimes before seeing any real concerted effort to catching these people.
I admin a few servers, one of which had accounts comprimised through a fault in the network it was sitting on. Although the cracker/hacker/whatever couldn't escalate their privileges to root (at least the head admin and myself had set up the actual machine correct, shame about the network of the colocator) until we caught on they potentially had another stop-off point they could SSH from and maybe root another box or play with one.
After checking the server out and seeing to it that everything was ok, we checked where the attacker had connected from - a machine owned by CNET. Despite our best efforts we haven't got a word out of them (you think they would be bothered) OR Rackspace who they colocate from, so the buck stops here for the moment. We can't warn any other potential targets, or trace the attacker. Law enforcement probably won't help as there was no financial loss and we are based in the UK, so laws only apply to a few very high-profile attacks. I'm sure many other admins have suffered the same problems too.
This is the same moronic argument rapists used to use in court. 'She was dressed provacatively.' 'She didn't fight back, she must have wanted it.'
If a man wearing the colours of one football team walks into a pub full of supporters of a rival team after his team's just beaten them, then should he get into a fight? No, but in reality, if he did most people would say he should have been more careful. Why does society think it's OK for a man to be assaulted for what he's wearing but not a woman?
Obviously the usual method of law should be used, but they shouldn't be merely slapped on wrist, nor are they anything like graffiti artists.
Everytime some idiot joyrider breaks into one of our systems, we end up reinstalling, which takes a lot of time - and even that isn't really enough to definitely prevent reentry. You may think they just log in and start up an irc program, but how are the white hats supposed to know that? There's no way of telling if there was more to it or not, so you have to treat it seriously - reinstall, maybe even change all the passwords, inspect all the
Personally, I believe they should be put on trial, and the potential punishments should be severe. Nothing like graffiti, this is more like stealing a car for some joyriding and leaving a note saying you've planted explosives and drugs somewhere in the car, and "just try to find it, nyah, nyah", and also that they've had a duplicate key to the car made (they may not have, but the note says they did, maybe just to freak out the owner, or maybe they really did...).
Because all of these things can potentially be done to a system, once it's been broken into.
If the media hadn't decided to misuse the word hacker so egregiously, we probably wouldn't have nearly the problems we do with stupid kids trying to prove "how smart they are". Face it, breaking into computers is stone stupid. But somehow the media likes to call people who do it "too smart for their own good" which is a horribly positively spun way of saying "kind of a little bit tech smart, but incredibly lacking in overall perspective".
I share, respect and applaud your assertion that the vast majority of cyber-legislature should be unnecessary, and that existing laws should be sufficiently robust that an inconsequential change. For example, interacting using computers as opposed to, say, over the phone should not require grotesque swathes of ill-defined additional laws, however I must oppose your view about "lesser punishments" where consequences are small.
Should the man who drove off at high speed after driving into my car be let-off because he hit a cheaper production car? His obligations to stop and exchange insurance details would be enforced if I had a specialist sports car particularly expensive to fix? That is silly. What should be the cut-off? Should we allow people to steal as long as they don't take more than $10 at a time, £100, $1000? Ridiculous -encourage criminals to commit a much larger number of small crimes... which in turn are likely to be far more difficult to police. Are we trying to launch a modern Fagin who can escape the long arm of the law hiding behind juveniles committing frequent but individually petty crime?
I admit that it is most difficult to address vandalism-like crimes - particularly in a virtual environment, but see too many distinctions between graffiti and ego-hacking. Would it be too much of a stretch to compare web-site defacement to placing an "I'm a bit twit who doesn't want my SUV" poster placed on the seat of an unlocked truck left with the keys in the ignition? Each of these causes anxiety (what else might have been done to the vehicle) - but only when it comes to hacking is it seen as valid to persecute someone based upon what the victim feels might have done. When the consequences of an electronic attack are so severe, surely it should be seen as necessary, responsible behaviour to ensure effective security against such juvenile behaviour?
This shirt has to be visable all the time. On this shirt would have the text.
"I though I was a Cracker but I was to stupid to do it correctly. So I Really suck."
Nothing is more hurtful to a cracker is to make them feel really dumb.
If something is so important that you feel the need to post it on the internet... It probably isn't that important.
But what is even more frequent is users with broadband access who lack the technical expertise and time to secure their Windows 9x/ME machines against the local hacker element. I don't mean to flame, but every time I've seen a DDOS attack on my servers, they've come from machines on the local class C running Windows 9x or ME. These aren't businesses - they are average users with broadband access. There are far more naive Windows users than incompetent admins, which gives hackers a never ending supply of zombie machines.
The society for a thought-free internet welcomes you.
>>Murder ... life in prison or death (by state)
... 10 years
... 5 years
... 3 years ( -1 year for good behavior)
... 6 months - 2 years
... 20 years?????
... Priceless
>>Grand theft auto
>>Assult and battery
>>Theft
>>Throwing eggs or spray painting a building
>>Hacking a computer a defacing a web site
Getting mad hot chicks by being able to say you are a 133t h04x0r
It seems that this is going too far. Well I may agree that certains activities related to cracking should be punished. People and comapnies not only loose money but also precious information and reputation. Some cracks may lead to more serious situations when we may have not only material but also personal losses.
But creating an environment where cracking itself is utterly ilegal is the most stupid thing one can think of. First because it will create a situation similar to America in the 20's-30's where nearly all alcohol production was outlawed. By making cracking illegal, one will not stop it but feed the criminal hordes with experienced people and tool experts. What will come out of that is unpredictable. The future cyber-Scarface will not only stop by Chicago and not only restrict his doings in the waters of the Great Lakes.
Besides, making cracking wholly illegal will not give ground to capitalism. It will be the best show of feudalism in modern times, as all "good-netizens" will be utterly dependent of the wills and whishes of a bunch of corporations who will care or discare for the their security and/or privacy.
Also it will be a violation of our freedom. I can check up the engine of my car. I can try to fix my washing machine. I have the right to change a light bulb in my living room. But I have to go to jail because some jerk locked up any interactivity of his program with any other system and I need that for my everyday's needs?
the best way to punish crackers is with cream cheese... :D
-judging another only defines yourself
These criteria should be used when deciding what the punishment should be:
See the Pictures of the Flood of '08
The exist for you to look around for certain, specific information -- not EVERYthing that's behind the scenes.
You do believe this is a logical argument?
It's the same with websites. They exist for you to enter and look around. In many sites you must download software from third parties in order to examine their contents. What's the difference between downloading macromedia flash to look at a blinking gizmo and downloading a cracker tool to look at a list of credit card numbers?
``What? You object to random stragners wanderring around your home...''
_O_
.|< The named which can be named is not the true named
Hmmm...amusing. This thread has now become legitimate discussion of the US actions regarding detainees. We have both sides claiming any discussion is illegitimate for the oppostie reasons. I happen to agree with Kevin Lyda, but, hey, that's discussion.
you're able to restore a backup, discover what hole was exploited, and patch said exploit in a matter of 10 minute!
Can I hire you? shit, can I hire 3 of you?
It ain't so simple, buddyboy. A page that's hacked means that nasty stuff might be on the server. You can't trust your last backup, because who's to say how long the nasty stuff has been there.
Which, if the proper measures are in place, should take 10min max.
What if the cracked site is a known spammer's site/network?
I think the successful party or parties should be granted some kind of reward or commendation?
"...the shortest distance between two points may be straight line, but it is by no means the most interesting."
Cubicle drones of the world unite, we are the new proletariat.
Think yourself lucky - you could be working in an
open-plan office.
O boo-hoo. Most 15 year olds don't make enough money to buy their own pc and pay for their own connection so send them up the river and hold their parents responsible for monetary damages as well.
Ok, that should have said "dam", not "damn" :)
It's not enough to bash in heads, you've got to bash in minds. - Captain Hammer
Give them a job with IBM or Red Hat. Or with the government. The hackers know more than most people who get hired for jobs.
-Scott
I see some posts so far about how these people are committing breaking and entering when they hack a site. I guess that floats, but what about deep linking? Am I trespassing? If I look at the source code on a site and learn from it, am I stealing intellectual property? Saving a picture to disk, theft? It's in my cache already, uh oh.
"I'm a leaf on the wind. Watch how I soar."
-Hoban Washburn
What about setting up a work program? After you are proven guilty and a short punishment (short jail, heavy fine, some sort of very strict probation, house arrest, etc) you enter into a "half-way" house with a mentor sysadmin who can put your cracking skills to good use, but also keep an eye on what you are doing. That way, you can crack legally (get your thrills) and positively affect society. Of course, this wouldn't work for every script kiddie, but for the few crackers that actually have and display true talent, it wouldn't be wasted in some jail cell. Do Poulsen and Mitnick do internships, or take volunteers? Maybe they should. They are heroes to a lot of people.
When I was a kid, my parents taught me what was right and what was wrong. I developed a conscience as a result. If I did something bad, I knew my dad was gonna punish me, either with a ruler over the butt, or by taking away something that I "couldn't live without". Nowadays, parents don't punish their kids, for fear that the kids will SUE them. So, the kids get away with everything. There are no CONSEQUENCES. This is REDICULOUS. These kids who are committing computer crimes are GUILTY OF A CRIME. They should be punished as adults, and no pity should be shed on them. Who is to blame? The criminals first and foremost, but also the parents. The moral decay of this country is tearing it apart. Why are single-parent families glorified? Each kid deserves two parents: a male FATHER and a female MOTHER. Then, these two people need to teach their children right from wrong. Don't wait for the teachers in school to do this - that's not their job. Their job is to teach your kid about history and math, not ethics. Parents have become lazy and self-centered and it's about time this changes. The politically-correct years of BILL CLINTON are over, my friends. Grab your kids, sit them down and tell them that if they use a computer to commit a crime, that they're on their own. Instill some fear in your kids. If they fear that Bubba will have his way with them in prison, then maybe they'll think twice about cracking into a site to impress their friends. So, fry 'em I say. They DESERVE IT.
The punishment should be in accordance to the damage they caused, and if they stole or hurt anyone.
I believe that the penalties for merely defacing a website, or cracking into a machine and not actually doing much damage or "stealing" anything should be light. Sure, it is annoying, but it isn't that major.
If someone cracks into a database server and steals credit card information, that is another thing altogether. They should be charged with theft of credit cards (or whatever the actual crime is).
If someone (hypothetically) manages to crack into a computer that controls air traffic radar, and planes end up crashing because of it, they should be locked away for mass murder.
Some of the proposed punishments for computer crimes are quite harsh, treating the perpetrator like a terrorist or violent criminal.
However, someone who simply defaces a web site and writes "I 0wn j00!" on it doesn't deserve to be given more time than a rapist.
"You spoony bard!" -Tellah
Sorry if I am trolling a bit here.
In society we all have an expectation of privacy. That right is supported in common law.
For example if your neighbor puts up 15 ft solid brick fence and then sunbathes nude behind it and you put up a tower with a camera on it you can be arrested/sued for being a "peeping tom". A local TV station had an employee get busted for using the "skycam" weather camera to do just that. The courts held that the woman had a reasonable expectation of privacy and that it was violated by the man using the TV towers camera.
When someone puts up website they have a reasonable expectation that the back office parts of the site are to be private. Just because you CAN peer into the site (on into the backyard) doesn't mean you are allowed too!
The amount of effort required to circumvent them is irrelevant. The expectations still exist and are legally protected.
I don't consider break-ins, especially to insecure machines or business computers (but maybe I just value individuals more than businesses?), to be a very high crime.
That was the most stupid of your statements. Well I don't consider your dead-bolted door to be adequate security for your home. So by that logic I am free to break in and clean out the house. By God, you should have had a steel vaulted door.
Slashdot, home of supporters of free software, free music, and free speech.Except for Moderators that disagree with you.
do it in Illinois! They're letting convicted murderers go with slaps on the wrist.
Like many people, I don't want to see new laws created to cover every time someone uses a computer for some $CRIMINAL_ACTIVITY which was already illegal by itself.
However, there's a real limit to how far analogies can take you. We can't just say "it's like vandalism / theft / graffiti / spying / workplace disruption / copyright infringment" and expect applying the equivalent punishments to produce the best results for our society. There are ways that internet-based activities are completely unlike anything that's come before.
Lets focus on just one of the most important differences between "cyber-crimes" and the old-fashioned physical variety: it's now possible (and easy) for the victim and perpetrator to be in different jurisdictions when the offense is committed.
During the early popularization of the internet, most users were in the US (or its servant-states like the UK), so often enough the vic & perp were under the same set of laws. The FBI was able to haul in domestic hackers like of Cpt. Crunch, Bob Morris, Mitnick, and later Mafiaboy. (I think Jaegar was a notable exception)
But is arresting those guys really the best way to protect the US economy? The US government is using guns and handcuffs to protect US businesses' computers from tampering- can we expect that defense to remain viable in the future?
Physical force is not a lasting solution to an electronic threat
(It's like "security through obscurity"- it will work at first, and is easy to implement. But someday the enemies become experienced enough to circumvent that defense, and by then you need real protection)
Threat of arrest only works on perpetrators inside your jurisdiction. "Cyber-Crimes" can be performed by anyone with a PPP stack- which is everyplace with reliable electricity. The US has a powerful law-enforcement/military presence, and with extradition treaties can bump up their effective jurisdiction to cover a majority of the earth's landmass. (Although with reduced precision in the less-friendly or less-developed nations, or where local cops are too busy with violent crimes to go hunting down script-kiddies)
What about nations that are downright non-friendly?
If a Canadian teen can inflict billions of dollars of economic damage in 3 days (and only be caught after public bragging), what about government-sponsored agents in "The Axis of Evil"? Suppose China takes offense at "US imperialists", and assigned 200 CS PhDs to build innovative DOS strategies for e-commerce sites?
Unless we can rely on forming a durable "Pax Americana", with a single organization enforcing a uniform law code across the entire planet, there will always be places for hackers to hide beyond your reach. (The Bush administration wants to create such an empire, but they will fail.)
I would argue that so-called "cyber-terrorism" hasn't happened yet, and will never be a major concern (the small number of computer-operated systems capable of producing enough violent damage to evoke "terror" will be heavily protected, with much redundancy and human oversight).
But "cyber-economic-warfare" is a real risk in next 20 years, and so far the US government has been allocating serious funds to make the problem worse when it starts to hit.
All of the FBI efforts to strongarm and incarcerate computer pranksters is just reducing our resisitance to the eventual onslaught. The government subsidizes insecure software by arresting people who break it, relieving the developers from fixing their own products. Microsoft might not publish such dangerously insecure systems if they faced the traditional punishments that the free market unleases on inferior products.
Let's privatize computer security! Save tax dollars, and increase effectiveness at the same time. We could reduce the penalty for "hacking" type crimes (or DOS) to the magnitude of a traffic ticket. (Teens cannot commit them with impunity, but companies can't rely on arresting offenders as their sole defense).
(Naturally, using "hacking" perform any real crime- unauthorized fund transfer for instance, or copyright infringment- should be punishable just like that crime by itself)
We had that problem. We solved it by mounting a 2 inch diameter pipe to a square foot base that was 2 feet under the ground. The mailbox can still be knocked off, but the pipe has been hit by a car twice and is still standing. Both cars took much more damage than the mailbox. Stupid drunk neighbors. By the way, if you do reinforce your mailbox, be sure to set up us a webcam to watch the mailbox bashers get theirs. ha ha ha ha.
because I have been enjoined by this Holy Office to abandon the false opinion which maintains that the Sun is the centre
The law in Texas is that you can shoot someone for burglary at night. That is, if someone is running down the street with your TV during the day, you cannot do a thing. However, if they are running down the street with your TV at night you can shoot them yes, in the back if you wish.
You will be "no billed", which means that you will not be charged with a crime. However, the criminal can sue you in civil court if he wishes (stranger things can and have occured)!
As my CHL instructor put it, "How much is a good TV? $300. How much is a good lawyer? $300 an hour."
You know what? If this is a technology forum, let's stick to the subject... OK? We don't need to add our $.02 about amnesty international this-and-that to make your point about technology issues.
You don't post everyone's stories so you continually post only one side of any argument..... and that is becoming rapidly unacceptable.
If I had my way, the prisoners in Gitmo would be tortured horribly until we got the information out of them and then we would execute them publicly then send their genreetalia back to their families with a not that said, "Know the wrath of waking a sleeping Giant"
I think we should spank a country back into the stone age every 5 years until world peace is accomplished. If we did, we wouldn't have issues with North Korea, Iraq, Syria or have Saudi Arabia stabbing us in the back every 5 seconds. At the very least, even if a country wanted to wage war, they would be unable.... and peace is peace.
Let's keep slashdot a technology forum or at least present both sides of the argument.
If he/she is a minor, however, I think state of mind should have some sway over the consequences. You'd be surprised just how effective a simple visit by law enforcement personnel can be in "adjusting" the cracker's attitude.
In 1997 I was caught dorking around in school district systems. In my adolescent mind I thought it was all fun and games. Until I was hauled into a room by several very serious looking detectives and interrogated. Bad-cop-good-cop games, the whole works. This was quite possibly the fastest attitude readjustment I've ever experienced.
The detectives, I think, had some sympathy for my plight. His boss wanted to bust me hard and basically ruin my life. I was hauled before the head honcho (don't know exactly who he was or what his title was) and was given a stern lecture. I was asked if I'd ever used drugs or done anything violent. In the end, I was let go with 40 hours of community service to the school district and a warning to not get caught "so much as pinging" the district machines.
When my computer was returned to me from evidence, an entire year later, I found that the detective had upgraded the CPU and put 16 megs of RAM into it. I guess I made an impact on him, as well.
Now, on the other hand, if you've got a script kiddie, and he's whining and bitching and making life hard for investigators, and basically has a "fuck you copper" attitude, then I say... Bust him, throw him in the lockup, and let him think about how much of an asshole he is for a few months. Let him out, and if he does it again, hit him with the full force of adult penalties. Breaking-and-entering, defacement of property, theft of property, the whole works. Fuck up his life and let him figure out why it happened.
I was given a wonderful second chance, and I haven't wasted it. I was just being a stupid kid. People who scoff at the opportunities that law enforcement is trying to give them deserve prison.
Have to say it.
So the crackers go to jail? Does their sentence depend on how white they are? If so, I'm screwed!
Do you blind polar bears? I do, I do!
What you meant to say is "Both events will cost he owner the money he should have spent in the first but didn't because he was cutting corners and trying to maximize profits."
No I meant exactly what I said. There is no LEGAL requirement that either the mall or the bank have proper doors. There is a legal requirement that you stay out of them!
Now from a practical point of view you are correct but this isn't about that. It is about what is legal and what is not. Just because you can break in to a computer or a bank doesn't mean that you shouldn't be punished for it. It also doesn't mean that you are not responsible for the damage done even if the only "damage" is forcing them to increase security.
Slashdot, home of supporters of free software, free music, and free speech.Except for Moderators that disagree with you.
The courts should send them home, put them on probation, take away their broadband access and force them to use a 300 bps modem.
Hmm. My stomach just sank because there was a time when I actually used a 300bps modem. That sucks.
...they just don't like it when the average consumer knows more than they do.
Your sentiment is pleasantly honest and common to most people, though maybe not consciously or quite as extreme (for example, to be drawn and quartered after hanging is unnecessary :).
"The punishment should fit the crime." Equally important, someone neutral (not indifferent) should pick the punishment.
*
However, few are aware that the federal judge actually has extremely little discretion in sentencing. In a nonviolent crime against strangers such as destructive hacking, setting aside criminal history, the amount of the losses essentially determines the sentence. Said damages are notoriously difficult to estimate and easy to inflate, as in the cases of Kevin Mitnick or Robert Morris, who were clearly culpable, but for what? State courts remain more flexible, but with the growth of federal law and the wire fraud aspect of computer crime, more cases are swept into federal court where the sentences are typically heavier.
Current federal sentencing guidelines, dating from Reagan era reforms designed to crack down on crime by constraining "soft" judges, and created by the Sentencing Commission, are purposefully wooden and mathematical in their determination of sentences. You literally add and subtract points based on different factors, then consult a chart to find the mandatory sentencing range. (In some cases, I think a minority, defendants do benefit from protection from excessively harsh sentences.) In certain drug cases, mere grams of a substance such as crack can add years to your sentence
At sentencing, the judge is given a presentencing report recommending a sentence plus or minus, say, 5% of a given fine or imprisonment or probation, a range from which it is very difficult to depart without breaking the law. What effectively happens -- and I hope this was foreseen -- is that sentencing authority is passed to prosecutor, whose decisions as to which offenses to charge or to drop, and amenability to plea agreements, set the outcome. If you believe the sentence unfair, it is the prosecutor or Congress, author of the ill-conceived guidelines, that needs influencing. The Guidelines long ago survived constitutional challenege.
I can tell you firsthand that many federal judges don't like the Guidelines, but if they depart from the prescribed sentences they are reversed on appeal.
I just had similar discussion over the weekend regarding virus writers and spammers. Truly, infecting somebody who doesn't understand the nature of virii/social-engineering, or doesn't adequately protect their system. Same with those who leave their servers to spamaholics, or easily cracked websites.
But the point is, these people are destroying the industry. When people get 15+ spams a day, and 3+ virii a day, email becomes a lot less productive. When companies to some extent depend on email to communicate with clients, it's costing a lot of money. When a company gets a quickly spreading virus, it can mean even more money down the tubes.
Not everyone is smart enough to use PGP-signed email, an intelligent spamfilter, etc. Virus writers are the worst of all, and frankly - whether it's a 15-yr-old kid in Canada or a 35-yr-old Russian guy with a 2 foot beard, I don't care. These people need to be caught, and punished to the extent that they become examples for all. If big companies stopped sueing those who aren't causing intentional damage (frivolous lawsuits, patent claims, etc), then everybody would do better in the long run.
Instead of building spamblockers and firewalls, we should be building tools to track these buggers down, and then either hand them in for justice, or formulate our own solution (not necessarily vigilante, but enough to get a message acecss) if the state/country isn't willing to properly take up decent action.
If you teach a group of people how to hack/crack (whatever you prefer to call it) then this does not mean all of them are going to start defacing websites. The ones of a criminal nature will indeed go out and disrupt, destroy, or deface websites and should be punished accordingly as criminals. If the other few in the group decide to start poking around out of interest, then at least they are not intending to do any damage or show any trace they are there.
if you have malicious intent then your should be punished like any other criminal.
if you don't intend to cause any damage or show off that j00 0Wn3d a site then at this point they should get a more lenient sentance.
even though this would not happen in the first place if admins got a clue about security but thats another rant all together.
"I disapprove of what you say, but I will defend to the death your right to say it." - Voltaire
There are, I think, at least two things at play here. First, the use of plea bargaining and related devices to clear the docket, rather than serve justice, contributes to the perception that sentences are often out of whack with the crime committed. Second, courts are probably less able to judge the veracity of a damage claim brought in by a cracking victim than from a victim of a more traditional crime.
However, we can't avoid giving fair sentences to IT criminals simply because other criminals get unreasonably lenient sentences. My sympathy for convicted criminals is limited.
-- Slashdot: When Public Access TV Says "No"
That's unfortunate, because there already are examples of laws where the consequences have some effect on the punishment, or even the crime.
Should the man who drove off at high speed after driving into my car be let-off
This is a straw-man because the other poster was not proposing that someone be "let-off".
because he hit a cheaper production car?
In both cases, the crime is the same -- fleeing the scene of an accident. Driving into your car is not in itself a criminal act.
What should be the cut-off? Should we allow people to steal as long as they donï½t take more than $10 at a time, ï½
No, but stealing a candy-bar should not be (and isn't) treated the same way as stealing a car, or going into a place with a "shoppiong list" and stealing thousands of dollars worth of goods.
encourage criminals to commit a much larger number of small crimesï½
That increases the chances of catching any given criminal, since they have to commit crimes more frequently.
Are we trying to launch a modern Fagin who can escape the long arm of the law hiding behind juveniles committing frequent but individually petty crime?
Aren't there already offences that specifically address the issue of soliciting minors to commit crime ? Why not just hit this Fagin guy with multiple counts of this offence ?
Don't forget the German and Italian Americans were also interred in camps. However, in your orgy of hating American, try not to equate the illegal and regretful detainment of American citizens and the systematic seperation from the population and murder of 14 million people.
I don't hate America. The distinction you make is exactly the one I was trying to make. Read the parent to my post and you'll understand. That AC was confusing concentration camps with death camps. I simply tried to clear up the confusion while providing support to the parent of the parent of my post.
Grandparent: It's not a big stretch to see that [the U.S. Patriot Act] could be used to put hackers in concentration camps.
Parent: Do you are saying that the US is going to be putting the hacker race to death by gassing them and then burning them.
My Post: Concentration camps are for mass detainment -- such as what the U.S. did to American citizens of Japanese decent durring WWII. Death camps involve the killing, etc.
Your post: However, in your orgy of hating American, try not to equate the illegal and regretful detainment of American citizens and the systematic seperation from the population and murder of 14 million people.
t'nera semordnilap
Some crimes cause more suffering and damage than others, and we treat them differerently. The use of categories like "felony" and "misdemeanor" don't, however, imply that some crimes don't merit punishment. If you're driving a junker, the guy that hits you and leaves has committed the same crime as he would if you had been driving a top-end model. A hit-and-run is a hit-and-run; the value of your car shouldn't come into it.
In the Internet arena, though, I think some way has to be found to keep punishment in line with the severity of the offense. Defacing a web site that consists of a single static page on a vanity server should not draw the same kind of punishment that taking down the home page of a major online retailer for days on end, or for mounting a successful DoS attack on important government sites. (Certainly, the differences would be brought out in the damages sought in any civil action.)
I'm not suggesting that a web page defacer merits no punishment, or is the equivalent of urban graffiti.
-- Slashdot: When Public Access TV Says "No"
Publish naked pictures of convicted crackers on the web with handle and real name.
If that doesn't act as a deterrent I don't know what will...
Graffiti is vandalism, picking someone's pocket is theft. But, the last thing we want is an internet security force. Damn.
--------
Free your mind.
"On one hand, it seems absurd to ruin the entire life of a foolish 15 year-old for committing the equivalent of graffiti."
Sound harmless until it happens to you. Try owning a building that is the target of graffiti taggers. It get old and expensive and kills property values when you have to constantly have to clean up graffiti. Same with so called harmless crackers. See a system has been compromised the only safe move is to rebuild. Taking time that could be better used else where.
What sounds innocent causes companies to have to spend money on more security staff, hardware, and time rebuilding compromised systems. That cost gets passed to all of us in higher prices for the companies products and services. It is a no-win situation.
"Beware of Gaius. He'll whisper honey-coated words into your ear, and one day, you'll wake up shouting, "Republic! Republic!""
:P
Democracy, in its true form, is nothing more than a gentler word for anarchy. Could you imagine if the general public was allowed to directly create and rescind laws?
Christ - We might end up with Gates I, Emperor of Rome v 2.0. Wouldn't be that hard, he'd just have to give a majority of people free X-boxxen.
I'm happy with our little (big?) Republic. Sure, for instant action and sweeping change, nothing beats a good dictator. The problem there is you get 40-60 years on average, and then a country goes down the toilet.
In a Republic, the collection of cruft is a much lengthier process, leaving more time of general peace and growth between necessary revolutions. Indeed, it may be possible to stop revolutions from happening at all - because a Republic cannot fuck up a country with all possible haste, it is more likely that those in power will see the discontentment of the people coming, and make subtle changes to avert general rebellion.
Determining any criminal's punnishment is quite an excercise. It involves far more than just what is appropriate. Before the law is written a committiee of some sort who offer's their input on the sentence that the law should allow, next the law-makers weigh in and consider things that range from costs and prison populations to how dangerous the criminal is and how much damage they have done to the victim and to society. Once the law is passed the judge listens to both the prosicution and the defense and then determines an appropriate sentence.
At every step of this process, politics plays almost as much importance as right and wrong. We can universally agree that someone who kills someone deserves to pay significantly but when it comes down to capital punnishment, we divide sharply. For many people who are against capital punnishment, it is not that they are against it per se but that they feel that the system is so broken that it can not be trusted to the point where it can deprive someone of their life. That is a political opinion more than it is an ethical stance against capital punnishment.
On one hand computer criminals can cause real damage and people who do real damage deserve real punnishment. On the other hand, most black hat hackers are more like tresspassers who go someplace where they don't belong. Is someone who steals (and uses or sells) credit card numbers the same kind of criminal as someone who deletes data as an act of vandalisim? Should the be prosicuted under the same law? If someone downloads code for some product in development, and uses it as their own "beta copy" the same kind of criminal as someone who downloads the same code and packages it in their own product? Is an "explorer" the same as any of these people?
There are many laws that already exist that should be used as templates for computer crime laws. Tresspassing in the virtual world isn't really much different from tresspassing in the real world so why shouldn't the punnishment be about the same? Just because someone used a computer to steal credit cards, why should they be punnished differently than someone who stole them out of the dumpster?
Until we as a society have gained significant experience with computer crime, I think that judges should be given wide lattitude to deal with the criminals and should be encouraged to use similar sentences for non-computer related crimes (and perhaps prohibit some access to computers).
--there's no national law that exactly addresses your question beyond we have the born with "right" of life liberty and the pursuit of happiness. It gets incredibly complex after that of course.
Each of the 50 seperate states has laws that address self defense of life and protection of property, and there are significant differences. Some places you have little to no "rights", you are actually required to retreat from your home, not interfere, and call some "authority person" to "assist you". Other places it's not a good idea to break in as it's a tad saner in what the victim can do. Usually it revolves around if the victim has a "reasonable expectation of bodily harm" from the attacker, so it's a case by case deal. Example, someone breaks in, they have a weapon, threaten you, bang he's history. The perp is in the house, the weapon is there,most likely you won't be charged with anything-but it's still a variable. That's the hard part without getting into a state by state breakdown of the laws. If on the other hand someone breaks in, you surprise them, they flee out the door and you pop them in the back as they are running away in the yard, nope, you'll most likely get charged at least with manslaughter if not murder. It also really makes a difference if you as the victim are a member of the "elite class" or not, chances are-say-you are a cop or judge or some other "priveleged one" that your buddies will cut you quite a bit of slack over say joe sixpack in the same exact situation. this is just "practical law reality" as opposed to "strict letter of the law".
The main basic differences are protecting property as opposed to protecting your (or someone else's) life. There's wildcards as well, here's an example. In a state that "allows" you your right to self defense by being armed, say you are carrying a handgun. If mr. badguy approaches you on the street in any mugging attempt, you may blast them, but you DANG well better be prepared to show that what you allege actually happened. If mr badguy doesn't have a weapon on him, and it doesn't look credible to the local prosecutor that you were threatened with harm and robbery and other bad stuff, you could very well be en-screwed. Same inside your home. Some states just the fact of the bad guy being inside your home is enough evidence that they were up to some serious "no good" and that's enough, other states it's nothing, the bad guys have most of the rights still. It (victims self defense and related issues) goes from very good and demonstrably effective-say vermont, to absurd and ineffective-NYC, for an example.
It's something that to me is really a huge gaping hole in the self defense and property rights areas, as supposedly our constitution in theory is supposed to insure across the board to everyone our basic born with "rights" as outlined in the constitution (article 4, section 2), in practice it's completely bastardized and obfuscated across all the states borders one state to the next, and even municipalities have differing laws/rules that might conflict with the state outlines.
A pretty good basic rule of thumb is, in areas of the country that are run and codified closer to the english language version of "gun rights" instead of commercial code lawyerese language version as per the original intent of your basic born-with right to be armed, the more likely you won't be seen as the badguy in a home invasion defense. The two parallel each other fairly well.
As to your network, no, I don't think so. With that said you are free to google for references to "louisville slugger" and "ski mask". Although that bios blasting trick (passwords.exe)outlined in another post seems like a pretty nifty trick to zap the badguy network intruder, at least the stoopider ones. It's too bad there isn't an anti-spam variant
Harrr-umph
note to anyone, not trying to sidetrack the thread or have this evolve into a "pro-anti" deal here with the self defense of property/home/person commentary.
They went after the publisher because that is where the money is. I would have going after the photog. Ruin one of them and maybe the rest would be less likely to take the risks. OTOH it is one down in a forest of 'em.
Slashdot, home of supporters of free software, free music, and free speech.Except for Moderators that disagree with you.
Sorry about that, guess I over-reacted. I did read the parent post, and pretty much every other post in this thread (I have a lot of time to burn).
The object of war is not to die for your country but to make the other bastard die for his. - Gen George S Patton
A sort of 'virtual pillory' for those lazy incompetents who fail to pay attention to their responsibilities?
If such a site gained currency, the incentives not to be listed on it might make even the most stupid of MCSEs sit up and take notice, secure their servers, and become good citizens.
Let's start with the fool responsible for the RIAA server - defaced IIRC 4 times in the last 6 months or so.
oh brave new world, that has such people in it!
No one in a supposedly free country should ever be imprisoned without due process and a trial by jury. In this country if the jury finds the law or circumstances absurd they have the right to acquit although most lawyers and judges won't tell you about that. The category of "cyber-terrorism" has been painted so broadly that I am sure at least one third of /. readers could be charged in one trumped up way or another. Before it can be called "terrorism" specific terrorist intent must be shown. Otherwise we are making excuses to rip off freedom. It is also cruel and unusual punishment to not only jail a cracker but prohibit them from using computers for some period *after* they have served their time. This should be patently illegal.
Haven't you guys heard? Graffiti is dead. You're going to have to do your hacking with a keyboard from here on out.
When a 15 year old sprays graffiti on a corporate building, a janitor is called on to remove the offending tag or paint over it. He curses those damn kids, and usually removes it fairly quickly. The kid may have to remove it himself if caught.
When a 15 year old puts graffiti on a corporate website, a 1500 dollar a day security consultant is brought in. He tells the company those "damn kids" are cyber-terrorists who threaten the very existence of the company, but for a nice retainer he and his compatriots will keep the company safe from the evil predators lurking outside their intranet. Thanks to the media hype --fearmongering=readership=advertising-- companies buy right into the FUD, and when the VP plays golf with Senator Whasisname they talk about giving Johnny Cracker the chair for his 16th birthday.
While there's still big money to be made, don't expect the law to go easy on hackers and crackers, even the altruistic ones, if there is such a thing.
"fuck all or a safari or something"
I can't think of how I'd react to seeing graffiti like that. How nihilistic/apathetic is it that a graffiti-er wouldn't even have a statement to make? Or maybe it's surrealist art? I mean, commit to "fuck all" if that's your statement, don't waffle on about safaris and whatnot.....
... wine, cold cuts, cheese, vegetables, and dip.
We dine at 6.
PlayStation 2 sold more than 6.5 million unitsworldwide during the month spanning Thanksgivingand Christmas, compared to five million unitsduring the same period the previous year, Sonysays. Once again Sony has rewritten the bookPlayStation 2 sold more than 6.5 million unitsworldwide during the month spanning Thanksgivingand Christmas, compared to five million unitsduring the same period the previous year, Sonysays. Once again Sony has rewritten the book on theconsole market, breaking nearly every recordassociated with hardware sales in Japan, NorthAmerica and Europe.
In the UK, PS2 sales advanced 12 per cent on2001, helping to make it the biggest year for SCE sincePlayStation kicked off in 1995.
According to SCE UK MD Ray Maguire, the launch oftwo new competitive formats in 2002 gave thesuccesPlayStation 2 sold more than 6.5 million unitsworldwide during the month spanning Thanksgivingand Christmas, compared to five million unitsduring the same period the previous year, Sonysays. Once again Sony has rewritten the book on theconsole market, breaking nearly every recordassociated with hardware sales in Japan, NorthAmerica and Europe.
In the UK, PS2 sales advanced 12 per cent on2001, helping to make it the biggest year for SCE sincePlayStation kicked off in 1995.
According to SCE UK MD Ray Maguire, the launch oftwo new competitive formats in 2002 gave thesuccess special meaning, and he tipped his hattothe likes of GTA: Vice City and s special meaning, and he tipped his hattothe likes of GTA: Vice City and on theconsole market, breaking nearly every recordassociated with hardware sales in Japan, NorthAmerica and Europe.
In the UK, PS2 sales advanced 12 per cent on2001, helping to make it the biggest year for SCE sincePlayStation kicked off in 1995.
According to SCE UK MD Ray Maguire, the launch oftwo new competitive formats in 2002 gave thesuccess special meaning, and he tipped his hattothe likes of GTA: Vice City and TheGetaway. "ItiPlayStation 2 sold more than 6.5 million unitsworldwide during the month spanning Thanksgivingand Christmas, compared to five million unitsduring the same period the previous year, Sonysays. Once again Sony has rewritten the book on theconsole market, breaking nearly every recordassociated with hardware sales in Japan, NorthAmerica and Europe.
In the UK, PS2 sales advanced 12 per cent on2001, helping to make it the biggest year for SCE sincePlayStatPlayStation 2 sold more than 6.5 million unitsworldwide during the month spanning Thanksgivingand Christmas, compared to five million unitsduring the same period the previous year, Sonysays. Once again Sony has rewritten the book on theconsole market, breaking nearly every recordassociated with hardware sales in Japan, NorthAmerica and Europe.
In the UK, PS2 sales advanced 12 per cent on2001, helping to make it the biggest year for SCE sincePlayStation kicked off in 1995.
According to SCE UK MD Ray Maguire, the launch oftwo new competitive formats in 2002 gave thesuccess special meaning, and he tipped his hattothe likes of GTA: Vice City and ion kicked off in 1995.
According to SCE UK MD Ray Maguire, the launch oftwo new competitive formats in 2002 gave thesuccess special meaning, and he tipped his hattothe likes of GTA: Vice City and s remarkable to think that injustover twoyearswe are half way to achievingwhatPlayStation didin seven years," he added.Meanwhile, Microsoft and Nintendo havebothclaimed the No.2 position, but thelatPlayStation 2 sold more than 6.5 million unitsworldwide during the month spanning Thanksgivingand Christmas, compared to five million unitsduring the same period the previous year, Sonysays. Once again Sony has rewritten the book on theconsole market, breaking nearly every recordassociated with hardware sales in Japan, NorthAmerica and Europe.
In the UK, PS2 sales advanced 12 per cent on2001, helping to make it the biggest year for SCE sincePlayStation kicked off in 1995.
According to SCE UK MD Ray MagPlayStation 2 sold more than 6.5 million unitsworldwide during the month spanning Thanksgivingand Christmas, compared to five million unitsduring the same period the previous year, Sonysays. Once again Sony has rewritten the book on theconsole market, breaking nearly every recordassociated with hardware sales in Japan, NorthAmerica and Europe.
In the UK, PS2 sales advanced 12 per cent on2001, helping to make it the biggest year for SCE sincePlayStation kicked off in 1995.
According to SCE UK MD Ray Maguire, the launch oftwo new competitive formats in 2002 gave thesuccess special meaning, and he tipped his hattothe likes of GTA: Vice City and uire, the launch oftwo new competitive formats in 2002 gave thesuccess special meaning, and he tipped his hattothe likes of GTA: Vice City and esPlayStation 2 sold more than 6.5 million unitsworldwide during the month spanning Thanksgivingand Christmas, compared to five million unitsduring the same period the previous year, Sonysays. Once again Sony has rewritten the book on theconsole market, breaking nearly every recordassociated with hardware sales in Japan, NorthAmerica and Europe.
In the UK, PS2 sales advanced 12 per cent on2001, helping to make it the biggest year for SCE sincePlayStation PlayStation 2 sold more than 6.5 million unitsworldwide during the month spanning Thanksgivingand Christmas, compared to five million unitsduring the same period the previous year, Sonysays. Once again Sony has rewritten the book on theconsole market, breaking nearly every recordassociated with hardware sales in Japan, NorthAmerica and Europe.
In the UK, PS2 sales advanced 12 per cent on2001, helping to make it the biggest year for SCE sincePlayStation kicked off in 1995.
AccPlayStation 2 sold more than 6.5 million unitsworldwide during the month spanning Thanksgivingand Christmas, compared to five million unitsduring the same period the previous year, Sonysays. Once again Sony has rewritten the book on theconsole market, breaking nearly every recordassociated with hardware sales in Japan, NorthAmerica and Europe.
In the UK, PS2 sales advanced 12 per cent on2001, helping to make it the biggest year for SCE sincePlayStation kicked off in 1995.
According to SCE UK MD Ray Maguire, the launch oftwo new competitive formats in 2002 gave thesuccess special meaning, and he tipped his hattothe likes of GTA: Vice City and ording to SCE UK MD Ray Maguire, the launch oftwo new competitive formats in 2002 gave thesuccess special meaning, and he tipped his hattothe likes of GTA: Vice City and kicked off in 1995.
According to SCE UK MD Ray Maguire, the launch oftwo new competitive formats in 2002 gave thesuccess special meaning, and he tipped his hattothe likes of GTA: Vice City and tworldwide data suggests that Nintendo hastheupper hand. In the UK though, figurePlayStation 2 sold more than 6.5 million unitsworldwide during the month spanning Thanksgivingand Christmas, compared to five million unitsduring the same period the previous year, Sonysays. Once again Sony has rewritten the book on theconsole market, breaking nearly every recordassociated with hardware sales in Japan, NorthAmerica and Europe.
In the UK, PS2 sales advanced 12 per cent on2001, helping to make it the biggest year for SCE sincePlayStation kicked off in 1995.
According to SCE UK MD Ray Maguire, the launch oftwo nePlayStation 2 sold more than 6.5 million unitsworldwide during the month spanning Thanksgivingand Christmas, compared to five million unitsduring the same period the previous year, Sonysays. Once again Sony has rewritten the book on theconsole market, breaking nearly every recordassociated with hardware sales in Japan, NorthAmerica and Europe.
In the UK, PS2 sales advanced 12 per cent on2001, helping to make it the biggest year for SCE sincePlayStatiPlayStation 2 sold more than 6.5 million unitsworldwide during the month spanning Thanksgivingand Christmas, compared to five million unitsduring the same period the previous year, Sonysays. Once again Sony has rewritten the book on theconsole market, breaking nearly every recordassociated with hardware sales in Japan, NorthAmerica and Europe.
In the UK, PS2 sales advanced 12 per cent on2001, helping to make it the biggest year for SCE sincePlayStation kicked off in 1995.
According to SCE UK MD Ray Maguire, the launch oftwo new competitive formats in 2002 gave thesuccess sPlayStation 2 sold more than 6.5 million unitsworldwide during the month spanning Thanksgivingand Christmas, compared to five million unitsduring the same period the previous year, Sonysays. Once again Sony has rewritten the book on theconsole market, breaking nearly every recordassociated with hardware sales in Japan, NorthAmerica and Europe.
In the UK, PS2 sales advanced 12 per cent on2001, helping to make it the biggest year for SCE sincePlayStation kicked off in 1995.
According to SCE UK MD Ray Maguire, the launch oftwo new cPlayStation 2 sold more than 6.5 million unitsworldwide during the month spanning Thanksgivingand Christmas, compared to five million unitsduring the same period the previous year, Sonysays. Once again Sony has rewritten the book on theconsole market, breaking nearly every recordassociated with hardware sales in Japan, NorthAmerica and Europe.
In the UK, PS2 sales advanced 12 per cent on2001, helping to make it the biggest year for SCE sincePlayStation kicked off in 1995.
According to SCE UK MD Ray Maguire, the launch oftwo new competitive formats in 2002 gave thesuccess speciPlayStation 2 sold more than 6.5 million unitsworldwide during the month spanning Thanksgivingand Christmas, compared to five million unitsduring the same period the previous year, Sonysays. Once again Sony has rewritten the book on theconsole market, breaking nearly every recordassociated with hardware sales in Japan, NorthAmerica and Europe.
In the UK, PS2 sales advanced 12 per cent on2001, helping to make it the biggest year for SCE sincePlayStation kicked off in 1995.
According to SCPlayStation 2 sold more than 6.5 million unitsworldwide during the month spanning Thanksgivingand Christmas, compared to five million unitsduring the same period the previous year, Sonysays. Once again Sony has rewritten the book on theconsole market, breaking nearly every recordassociated with hardware sales in Japan, NorthAmerica and Europe.
In the UK, PS2 sales advanced 12 per cent on2001, helping to make it the biggest year for SCE sincePlayStation kicked off in 1995.
According to PlayStation 2 sold more than 6.5 million unitsworldwide during the month spanning Thanksgivingand Christmas, compared to five million unitsduring the same period the previous year, Sonysays. Once again Sony has rewritten the book on theconsole market, breaking nearly every recordassociated with hardware sales in Japan, NorthAmerica and Europe.
In the UK, PS2 sales advanced 12 per cent on2001, helping to make it the biggest year for SCE sincePlayStation kicked off in 1995.
According to SCE UK MD Ray Maguire, the launch oftwo new competitive formats in 2002 gave thesuccess special meaning, and he tipped his hattothe likes of GTA: Vice City and SCE UK MD Ray Maguire, the launch oftwo new competitive formats in 2002 gave thesuccess special meaning, and he tipped his hattothe likes of GTA: Vice City and E UK MD Ray Maguire, the launch oftwo new competitive formats in 2002 gave thesuccess special meaning, and he tipped his hattothe likes of GTA: Vice City and al meaning, and he tipped his hattothe likes of GTA: Vice City and ompetitive formats in 2002 gave thesuccess special meaning, and he tipped his hattothe likes of GTA: Vice City and pecial meaning, and he tipped his hattothe likes of GTA: Vice City and on kicked off in 1995.
According to SCE UK MD Ray Maguire, the launch oftwo new competitive formats in 2002 gave thesuccess special meaning, and he tipped his hattothe likes of GTA: Vice City and w competitive formats in 2002 gave thesuccess special meaning, and he tipped his hattothe likes of GTA: Vice City and s seenbyGI.Biz put Xbox well ahead of GameCube.
The punishment should be no viewing of the next LOTR movie and Star Wars Episode 3 until the movies have been released for 5 years.
Please substitute East India Tea Company for Boston Tea Company. My lack of sleep is catching up with me. Sorry about that. The concept still holds true.
I actually have that type of mailbox setup. 2 inch diameter iron pipe, countersunk into the ground with about a square foot of concrete. Needless to say, not too many people run into it anymore.
Waiting would be heaven...
Has anybody read 1984, the novel by George Orwell? There was this ficticious character Goldstein, invented by the government. Reminds me a bit of Osama bin Ladin.
We just need a bad guy, someone we can blame when something goes wrong. And if we want to get rid of someone, we just say: "He was a terrorist, or, worse, a friend of Osama" and everybody agrees that must be imprisioned forever, no proof of guilt necessary. Someone who is friend of personified evil has no rights at all.
It's a war we have to fight. And if we have to torture people to get the truth out of them, who cares.
In 1984, the names were just great, like, "Ministery of Love" for the institution where people were tortured.
Just like Bush's "alliance of peace and freedom", a bunch of nations that obviously only want war (oh, yes, they claim to have proof, that Saddam Hussein possesses weapons of mass destruction, but, unfortunately, these proofs are so top-secret that we have to trust them. Germany trusted Hitler, so what can go wrong?)
Prisoners of war should have no rights, in the end, they fought against the US, which is bad. Don't believe this 14-year-old boy from Afghanistan who says the Taliban forced him to fight. Oh, never mind, he has no possibility to talk to a lawyer anyway.
http://web.amnesty.org/ai.nsf/Index/AMR511862002?
How long has poor US government to ship suspicious people to other countries, because it's *still* illegal in America? Come on, legalize torturing, remember how much more these criminal terrorists would tell if the CIA could do whatever they want! Everything would be so much safer!
http://vigilant.tv/article/1104
You can see how civilized a country is when you look in how it treats its enemies.
http://www.ummah.com/inewsletter/massacres/afghan
http://www.freejohnwalker.net/
I don't remember who said it, but I like this quote:
"Some people fight so hard for freedom until there's nothing left of it".
I don't need a signature.
Any culture that produces such evil mass murderers and then has the moral corruptness to publicly celebrate not only the murder itself but the anniversary of the murder too needs to eliminated from the planet. It took planning to celebrate that anniversary, and no culture in the history of humanity save one has ever publicly celebrated cold-blooded mass murder. Even Hitler and the Nazis tried to hide - and then denied - the existance of extermination camps. But Islamic cultures openly celebrate the events of 9/11.
That evil is unique in all human history. And if you don't think such celebration are evil just sit and watch some tapes of those who decided to jump from the WTC before they were burned alive.
Put that in your "everyone is equal, there is no evil except that from white males in the United States" pipe and smoke it.
1. Publish their email addresses on the Internet and let the spambots send them 3000 mails a day.
2. Publish their IP addresses and let script kiddies run Sub7 on them 24 hours a day.
You sure can. Those very folks who literally worked to kill us are alive while we debate how they should be treated when any fair assessment would agree that those being detained performed acts that are beyond international law.
You can also tell how civilized a country is by seeing how it openly allows inane and idiotic criticism of the government....
What if they die?
Lack of eloquence does not denote lack of intelligence, though they often coincide.
(quote)
"That evil is unique in all human history."
No, I don't think so. The british air force commander who ordered the attack on Dresden, killing about 200.000 people, mostly refugees, burning them alive, got a decoration and was made a knight by the queen, I believe.
How about the american pilots who dropped the nuclear bomb? Has the government tried to hide?
What's the difference between Dresden, Hiroshima and New York if you call it "home"?
Or Baghdad? Remember, a few years ago, CNN celebrating burning buildings there as "christmas trees" (it was christmas then)?
What would you think about this comparison if your parents had been in one of these buildings?
So "scum" or "hero" is often a matter of your point of view.
I don't need a signature.
These days, of course, 6000 machines is a drop in the bucket - some of the popular viruses have infected millions of machines, and even the ones that only used them to send love notes to other targets often tended to lose useful email access for a day or two; destructive viruses can be a lot worse, especially for the vast majority of people who don't have adequate backups of their data.
Bill Stewart
New Fast-Compression-only CPR http://preview.tinyurl.com/dy575ks
There's an old saying in Texas: Two witnesses is one too many in a self-defense lawsuit.
The only *APPROPRIATE* punisment for Crackers *SHOULD* be...
under regulation of Nabisco(R), dipped until they are soggy.
But I'm sure you already Gnu that.
i think one could argue that by virtue of ones own actions they can 'ruin their life'. if you are doing something that you shouldn't be doing, whatever your reasons, you have to accept the chance that you will get caught and you will be punished for those actions, whatever they may be. i guess i take exception to the way that is phrased (just like when people say 'the teacher failed me', when they really mean 'the teacher gave me an f because i'm a retard'.)
however, i must say for example, giving someone the death penalty say, for hacking into a hospital computer and crashing critical systems that resulted in the death of a patient would be a sticky issue, especially if they don't realize the importance of the system they are in.
Large print giveth, and the small print taketh away
Hypothetically, if my school uses WiFi for student laptops, can they legally stop me from listening to such traffic?
Physically, they are electromagnetically shaking me every minute I'm at that place and probably causing cancer at the same time.
Hypothetically, I can listen to everything that goes on in range (web traffic mostly, hypothetically). The system is mostly used for test-taking, hypothetically.
Hypothetically, how could suggest that they use SSL? My previous, non-hypothetical attempts at suggesting changes to their <sarcasm>security</sarcasm> measures were in vain. I was blackmailed and suspended as a result.
You can't judge a book by the way it wears its hair.
The US is a Representive Republic, which means that the goverment tries to figure what's best for the public and does it. Even tho the public has the right to say the goverment is wrong and change their thoughts on it. Demand public hearings, court challenge's, ect.
In Canada; we have a Socialist Dicatorship. This means that the goverment decides what's best for you and does it. And if you don't like it, you can go screw yourself. You can write all the letters, protest all you want but the goverment doesn't even have to entertain your point of view or even listen to you.
I know your probbly going to say but it's like that here. And my response is, do you have an easy way to remove political leaders from power? You say Yes. And I say, in Canada they are in power until the next election, unless they die or they leave.
You'll have to excuse me, I think that's CISIS knocking at my door. Oh you do know that we have a police force here that's not accountable to anyone and is compleatly above the law right?
Om, nomnomnom...
Countries have nuclear, biological, and chemical weapons.
Organizations exist that perform acts such as 9/11, and sovereign countries support them.
The "rule of law" and "innocent until proven guilty" don't work on folks that have armies. And NYPD squad car wasn't going to go to Afghanistan and arrest Bin Laden.
And that certainly sucks. The last think I want is my kids growing up subject to the whim of some warlord.
But the person I was speaking to claimed that America does not "deserve" democracy because in order to wield such self-determinative power effectively, one has to be capable of forming an informed opinion. This is something she apparently thought little of the American public's ability to do.
But is she right? She may actually have a point. How are we to form opinions regarding the direction of our communities, states and the country at large? By reading the newspapers? Well, that certainly helps more than watching the five o'clock news, but is that even as good as reading publications like the Foreign Affairs quarterly or watching the BBC World News? Personally speaking, I think these are a better source of information on the world scene than most newspapers that I am personally aware of. I also don't think these sources of information are quite on the scale of the five o'clock news. But even I don't have the will or wherewithal of time and energy to acquaint myself with all of the issues facing my own elected officials. I certainly consider myself no activist, but more aware than the average "USA Today" reader.
So, what she had to say made me think of Robert D. Kaplan's view that democracies require a few basic elements in order to function, and without them they fail as they have repeatedly in places like Africa and South America:
I would agree with all three of his requisite conditions, but how can we have it work and work really well if the all of the major news media organs of our culture are owned by fewer and fewer multinational corporations as author Ben Bagdikian pointed out with such ominous presciense? What company would allow one subsidiary openly criticize another subsidary, both of which are funneling money upwards? If you ask me, we are neither a true democracy nor a republic, but a coropate oligarchy.
Quod scripsi, scripsi.
Crackers should NEVER be jailed- that's just a waste of a good mind that could come in handy for our own cyberterrorism one day. Instead though, they should be faced to pay off, at whatever rate they can aford and for as long as it takes, the full cost of their crime. Deny service to a site, you may the hosting fee. Deface a website, you have to pay the salary of the guy who has to take the time to fix it. Erase a hard drive, pay the salary of the guy who restores from the backup or recreates the data from scratch.
SJW: a person who perceives an injustice, and while correcting it, commits a greater injustice.
If a hacker simply gains unathurized access to a system, and doesn't do anything harmful with it, anything more then probation is overkill, as someone doing that, is only doing it for sport or learning, and is harmless. Something like web defacing, probably whatever is given for grafitti, perhaps less, as it's easyier to reverse (assuming they left backups for the sdmin. Now.... Somthing like 'rm -rf /'ing a server, or otherwise causing serious downtime, perhaps a few years in jail. Spaming should be punishable by jail time
-- Attributed to William Randolph Hearst to a correspondent prior to the Spanish-American War
Thou hast damnable iteration, and art indeed able to corrupt a saint - Henry IV, Act I scene II
I believe you are confusing things. Americans did not vote for the war, but they did vote for politicians to protect the people. Citizens say, "We want you to gather intelligence, develop strategies to protect us, and tell us what we need to do so that we can go on living our little lives" and the government does what the people ask of them. It says "Hey folks there's this country developing biological and potentially nuclear weapons. Gee, it'd suck bad if Saudia Arabia ended up as a nuclear crater because then we'd lose 9% of our oil production supply. Gas prices would go up, the arms proliferation will exaberate the religious fighting in the middle east, more people will die, etc." It's not really an antidemocracy, although the citizens don't directly control the actions of the government.
IIRC it worked on terorists formerly based in Afganistan. And imagine, computer vandal/criminal living the rest of his life without computer, electricity, ... and the others fruits of civilzation.
The only problem we have with such solution is: Exactly how much bombs we need to bomb one criminal?
hany
OK - so maybe I was guilty of flame-bait tactics, but I remain convinced about at least the core of my argument. In the UK, at least, we have something called the "Computer misuse act" (1990 - updated 1998) and this covers the vast majority of malicious activities with computers. In very simple terms, "stealing" computer resources, like graffiti (criminal damage), is a criminal act - though I guess the burden of proof would be increased for web-server attacks - since the misused machine has an implicit invitation for some form of public use.
In essence, I believe that these malicious acts should be treated as criminal rather than civil violations. As such, I can see no valid reason for leniency merely because the victim was able to recover cheaply. Similarly, I see no reason that punishment should escalate merely because the victim was incompetent at security - in many cases this security is already a requirement in law of anyone who stores personal data.
Morally, I believe that punishments should relate to criminal intent rather than criminal success. I recognise that offences committed by children, juveniles and adults are best dealt with differently - however I can see no reason to adopt a victim-driven penal system where punishments are determined by the consequences of the criminal acts.
1) spank 'em. Like they do in Singapore. Sell tickets to the event. Guaranteed to work, if anyone was brave enough to suggest it.
2) make their legal guardians pay a fine say $200 per event. They shoulda been teaching their kids not to be vandals. Then they can provide the spanking (see 1) at their own leisure.
Nah, I didn't see any flamebait in your post. I think we're coming at a similar position from different directions. I'm not suggesting that punishments should be victim-driven, or determined by the impact of the crime. But, I am suggesting that, as in other areas, some cyber crimes will be more or less serious than others, and their punishment should reflect that. E.g., murder is more serious than attempted burglary. We just need to follow this same paradigm re: cyber crimes.
-- Slashdot: When Public Access TV Says "No"
1. Re: "lesser punishments"
> That's unfortunate, because there already are examples of laws where the
> consequences have some effect on the punishment, or even the crime.
My argument isn't that there is no precedent - rather that I oppose the motion...
2. Re: Reduced punishment when the actual damage is easily corrected.
> In both cases, the crime is the same -- fleeing the scene of an accident.
> Driving into your car is not in itself a criminal act.
I, and thankfully the authorities, agree here. I still feel, however, that the similarities are worthy of consideration.
3. Re: value of damage ("what cut off point")
> No, but stealing a candy-bar should not be (and isn't) treated the same way as
> stealing a car, or going into a place with a "shoppiong list" and stealing
> thousands of dollars worth of goods.
Maybe we should? I can see a distinction between taking food - which could be regarded as necessary "for survival" and stealing luxury goods. For any crime the punishment should take into account the circumstances under which the crime was committed, however I do not see why this should be tied to the value of the goods taken or damaged. I want any punishment to be based on circumstance and criminal intent - not estimated cost to the victim.
4. Re: encourage criminals to commit a much larger number of small crimes
> That increases the chances of catching any given criminal, since they
> have to commit crimes more frequently.
I don't know your background, but I'd like to suggest - from bitter experience - that the vast majority of petty crime is never appropriately dealt with. Vandalism and theft from cars is commonplace - often the culprits are known to the authorities yet these matters are seldom resolved. As criminal activity rises, it becomes more difficult to police - not least of all because criminal behaviour becomes normal and culprits no longer stand apart from the crowd.
5. Re: Fagin
> Aren't there already offences that specifically address the issue of soliciting
> minors to commit crime ? Why not just hit this Fagin guy with multiple
> counts of this offence ?
There are a few practical snags:
I strongly suspect that it would be very difficult to prove beyond reasonable doubt that Neo-Fagin had solicited the criminal activity.
The most likely source of evidence would be the juveniles encouraged to act on Neo-Fagin's behalf - and I see no reason for them to break Neo-Fagin's trust by offering evidence - especially if by denying his existence there are no significant consequences.
I guess you are assuming Neo-Fagin is a prosecutable adult... I see no reason he might not turn out to be under age too - which I suggest would throw another proverbial spanner in the works.
remove the words this sentence :
"Believe me, the complete lack of evidence when it comes to linking Iraq with Bin Laden isn't without extreme lack of effort on the part of our government."
should be:
"Believe me, the complete lack of evidence when it comes to linking Iraq with Bin Laden isn't without extreme effort on the part of our government."
Sorry about that.
Get rid of the first three words in the above post and it will make sense. Again, sorry, this is what happens when you revise sentences as you type them. I must need more caffeine.
Consensus then :-)
And you've confused military decoration with widespread and public celebration at the murder of non-combatants.
Even the Mongols didn't dance around their yurts when word came that Ghengis Khan had sacked a village and killed 3000 men, women, and children.
Do you realize that radical Islamic whackos consider your "scum" or "hero" is often a matter of your point of view evil? Just read what Bin Laden said about Clinton's inability to keep his pecker in his pants - it was listed as just about the best example of why he needed to destroy "Crusader civilization".
Why are you too fucking stupid to realize radical Islam wants you DEAD!
The younger is Robert Tappan Morris, and he's at MIT http://www.pdos.lcs.mit.edu/~rtm/. Among other things he's done some stuff on high-performance routing and computer security.
The elder is Robert H. Morris, not sure the middle name.
Bill Stewart
New Fast-Compression-only CPR http://preview.tinyurl.com/dy575ks