Slashdot Mirror

← Back to Stories (view on slashdot.org)

Appropriate Punishment For Crackers?

Posted by Hemos on from the what-are-the-consequences dept.

Cally writes "There's a Kevin Poulson article on SecurityFocus reporting that the US Sentencing Commission is seeking opinions about the appropriate punishment for convicted system crackers and other black-hat types. On one hand, it seems absurd to ruin the entire life of a foolish 15 year-old for committing the equivalent of graffiti. Then again, perhaps these people are cyber-terrorists who should be illegally imprisoned, indefinitely, without a trial, charges, or legal representation? You choose."

18 of 633 comments (clear)

  1. graffiti? by Lord+Ender · · Score: 5, Insightful

    Hacking a website is much more than graffiti. If you spraypaint the outside of wal-mart, people can still go in and shop. If you hack walmart.com and replace it with "shout outz" then wal-mart will probably lose hundreds of sales per hour to their competitors. That is very real money to these businesses. Hacking (cracking is breaking copy-protection) a website should not have the same punishment as violent crime, but it is definitely a more severe crime than graffiti, and deserves a much harsher punishment.

    --
    A slashdotter who didn't build his own computer is like a Jedi who didn't build his own lightsaber.
    1. Re:graffiti? by adamofgreyskull · · Score: 5, Insightful

      Of course most kids wouldn't break into the store and graffiti the inside of the doors, which is more to the point if you're going to make that comparison...

    2. Re:graffiti? by sedmonds · · Score: 5, Insightful

      This is the same moronic argument rapists used to use in court. 'She was dressed provacatively.' 'She didn't fight back, she must have wanted it.'

      It didn't wash for them, it shouldn't wash for punks that feel compelled to commit computer crimes.

    3. Re:graffiti? by EvlOvrLrd · · Score: 5, Insightful

      The wall has nothing to do with it. Nor does the graffiti.

      If someone circumvents your wall to get inside to do anything (regardless of the activity) it is breaking and entering. If someone does not have a legal means (hold the keys or expressed permission to 'jump the fence') then they have no right being there. Regardless of 'how high' and 'how wide' the wall may or may not be.

      If you were to erect a wall and someone uses a bulldozer or stick of dynamite to circumvent the structure, then they have in fact damaged your property. No matter how strong (or week)your wall was.

      The fact of the matter is that, the digital domain is being viewed upon as property. That is protected by the laws that protect real property.

      Hmmmmm, I wonder if I catch a hacker on my site/server, that I cannot effectively 'kill' him (say by disabling his computer OS from loading again. Even if only for a short while.) just as I could if I caught him in my house, after he climbed through a window in the middle of the night....

      --


      Light travels faster than sound. This is why some people appear to be bright. Until you hear them speak.
    4. Re:graffiti? by GauteL · · Score: 5, Insightful

      This seems like the standard response of people trying to justify cracking.

      The correct smart-ass statement would be:
      "Ah, I get it. So if someone puts up a lock that can be broken by using a simple credit card, I can prosecute the punks for breaking and entering?"

      Of course you can. Just because something is easy to break into does not justify breaking in.

      If you break into a computer system, that system HAS to be taken down. It has to be ritually cleansed so that you are sure there are no backdoors inserted somewhere, and that the data is actually correct, which often involves restoring from backups. It might be the administrators fault that you actually succeeded in breaking in, it is NOT his fault that all this cleanup has to be done on a successful breakin.

      If you break into a bank to take a leak, it is still a crime. The bank has to go over all of their routines, and they have to make sure all you did was take a leak. They surely cannot just take your word for it.

      The bank should have improved their security, but what you did is still a crime.

  2. Cracking in self defense? by Jeppe+Salvesen · · Score: 5, Insightful

    I wanna know something. If someone (attempts to) breaks into your home (in the USA), you are allowed to shoot that person in self defense. Are you likewise allowed to take out anyone attacking your network?

    --

    Stop the brainwash

  3. Talk about flame-bait lead-ins by MyNameIsFred · · Score: 5, Insightful
    The article summary is obvious flame-bait. While there is room for legitimate discussion of U.S. actions in Guantánamo, it has ABSOLUTELY nothing to do with appropriate prison sentences for black-hatters.

    How about referencing recent hacker cases, and the sentences that were imposed. How about some information on the ages of the black-hatters. No, that would be relevant to the discussion...

    1. Re:Talk about flame-bait lead-ins by kevin+lyda · · Score: 5, Insightful

      there is no room for legitimate discussion about those cases. they are bad men. the bush administration has identified them as evildoers. questioning their imprisonment is not ony wrong it is unpatriotic and hurts america's national security.

      in fact, i'd like a little more detail about you mynameisfred. just post up your name and where we can contact you.

      (btw, in case anyone was confused the above wasn't sarcasm. it was "your likely future.")

      --
      US Citizen living abroad? Register to vote!
  4. Cyber Crime and other crime by salesgeek · · Score: 5, Insightful

    I'm not sure why you need new sentencing guidelines for old crimes (theft, extortion, fraud, embezelment, etc...) committed using new technology. Why is a crime different because a computer is involved?

    $G

    --
    -- $G
  5. Interesting choice in misleading links. by GMontag · · Score: 5, Insightful

    The Amnesty "illegally imprisoned" link reguards a pare-military group as common burgulars, the Rense.com link invents another class. Both have been addressed by the US courts and neither is addressed in Kevin Poulsen's article.

    All that aside, hell no a non-violent criminal should not be locked up. Some other punishment is much more appropriate, like restitution of *real* losses (no making the defendant buy a new security team) and community service, etc.

    Jail *should* be for the people that are a physical threat to society, not a theoretical or financial one.

    Before the thread runs off the topic, see my website for my position on the death penalty before assigning one to me.

    --
    Eve Fairbanks says I drive a hybrid!LOL
  6. Give them a fitting sentence. by jerrytcow · · Score: 5, Insightful
    I don't have a problem with locking them up, but it seems that non-violent offenders are often getting the same or more jail time than violent offenders.

    Here's a story about a man who kidnapped, tortured and abused a girl then tried to kill her by injecting her with bleach. His sentence? 10 years - he'll be out in half that time.

    Sure, give crackers jail time but make it appropriate for the crime. Maybe 3 months in jail, or probation. When I see someone like Kevin Mitnick get 7 years, and violent criminals who, in my opinion, should never be allowed out of prison get the same sentences, it pisses me off.

  7. Re:OF course by tacocat · · Score: 5, Insightful

    He's old enough to know better.

    He should be held responsible for the real consequences of his actions.

    Anything less simply permits the activities to go further. The amount of work involved in recovering from a Cracker is far more extensive than physical graffiti.

  8. Why do we need special laws for "cyber crime?" by Ivan+Raikov · · Score: 5, Insightful

    I still don't understand why we need some kind of special legislation for the so called "cyber crime." Don't the states already have laws punishing crimes of trespassing and/or fraud?

    --
    Bush Lies Watch
  9. Web Changes Nothing: Follow Existing Standards by reallocate · · Score: 5, Insightful

    A crime is a crime is a crime. Aren't there plenty of existing standards to base this on? Tie it to the harm done. Some will be misdemeanors, some will be felonies. If some 'graffiitti' splattered over a commercial site causes a relatively small financial loss, call it a misdemeanor and sentence accordingly. If the financial loss is large enough, call it a felony and give an appropriate sentence. E.g., defacing the brochure page of your local shoe store might cause them little or no measurable loss of revenue and be repairable within a single work day. Doing the same thing to Amazon or Yahoo is a different matter and calls for a much stronger sentence.

    The important thing is to prevent and punish people who act criminally, and to counter the popular impression that many "geeks" don't take the issue seriously.

    --
    -- Slashdot: When Public Access TV Says "No"
  10. More than just graffiti by analog_line · · Score: 5, Insightful

    On one hand, it seems absurd to ruin the entire life of a foolish 15 year-old for committing the equivalent of graffiti

    More like breaking into your office to erase every whiteboard in the place and replace them with poorly spelled tags, changing the locks, or jus took the door off it's hinges, smashing the alarm system, and taking/destroying the gods know what else in the process.

    Hacking a website doesn't just mean that the site was changed. Anyone with a lick of sense after an intrusion needs to take a hell of a lot of time and take stock of what they still have, what they might have copied or deleted, and if they left any backdoors so they could get back in and have their little fun. Calling is "just graffiti" shows a complete lack of understanding of information security. There is real damage done when someone "just" defaces a website. It can't just be painted over.

  11. Re:Please, think better analogies by dillon_rinker · · Score: 5, Insightful

    Banks have safes and armored cars for pragmatic reasons, not legal ones. It is just as illegal to take $100,000 from a shopping cart as it is from an armored car. On a practical level, it is obviously safer in the armored car.

    The responsibility you indicate mention is real, but it is the responsibility to the shareholders. If a bank transports money in a shopping cart and it's stolen, the thieves will go to jail. The directors who authorized the insecure transport will probably be fired, and might be sued by shareholders.

    Crackers should go to jail. Incompetent admins should be fired. These are two separate problems.

  12. Digital != Different by Quixadhal · · Score: 5, Insightful

    Why do all the lawyers insist on creating new versions of every law and crime just because they happen to occur in the "digital" realm?

    Let's see... hax0r kid defaces web-site.

    1. Trespassing.
    2. Breaking-and-Entering.
    3. (possible) malicious destruction of private property.

    If someone logs into your (wide-open, no password root shell) server without your permission, that's trespass.

    If someone hacks your server to get in, that's trespass and breaking-and-entering.

    If someone changes your web-site, etc., while they're there... that's destruction of property.

    There are already well-established laws to deal with these crimes, and those laws have ranges of punishments appropriate for the severity of the offense. Why should special "digital" versions be created when existing laws already work?

    This country needs fewer laws, and better enforcement of the ones it already has. More laws simply make more money for lawyers, and more loopholes for the rich and powerful.

  13. Re:Depends... by composer777 · · Score: 5, Insightful

    Actually, we are a Democracy, only in reverse. Take the war on Iraq, for example. In a real Democracy, the people of the US give a mandate to it's government to go to war with Iraq, sign petitions, start grass roots movements, and the politicians listen to the people and go to war with Iraq.

    In the US version of democracy, the US government gives a mandate to the American people that they are going to war with Iraq. Over shouts of protest, the media begins the assault on the public mind to convince people that this is what they want to do and that the country of Iraq is of primary importance in their lives. After informing the American people, as well as Saddam Hussein, that he has weapons of mass destruction, a furious effort is made to find a pretext for invasion. Eventually, after months of campaigning, petitions start to circulate around the internet, so that the people of America can ratify the decision of their betters. So, it's a grass roots campaign, in reverse, of course.

    The government gives it's mandate to the American people, and the American people automatically start discussing this issue. Granted, before the president gave his mandate, nobody was really concerned about Iraq, outside of a few oil companies, but that doesn't matter, and doesn't raise any doubts in our un-biased media about the president's honesty, despite the fact that several of his advisors are ex oil company executives.

    The same thing happened with the War on Drugs that was increased by Bush I in 1989. Before the media campaign, the concern about drugs was only 4% in the gallup polls, and people were more concerned about the economy. Then Bush I gave a mandate to the American people, and immediately the "free" media started pumping out dramas about families being torn apart by drugs, despite the statiscally declining drug use in America. So, in spite of the fact that I nor anyone that I knew was on drugs, it was an important issue in my life because George Bush told me so. Another mandate by the government, and another assault on our freedoms. Yeh Bush!!