Microsoft Drops Blaster Author's Fine

bevo noted that Microsoft has dropped their fine against the author of the Blaster worm that DDoS'd Microsoft's web sites and hijaacked 50,000 computers. 225 hours instead of a 500k fine. $2200/hour seems like a good deal to me ;)

Could've been worse

[fembots]

Luckily the community service cannot involve computers, otherwise this guy will get away lightly by cleaning up roughly 50 spyware/virus-infected Windows machines to clock up 225 hours.

Re:Could've been worse

[ZephyrXero]

In Bill Gate's eyes, 225 hours of service worth alot more than $500,000...that's pocket change ;)

Re:Could've been worse

[mankey+wanker]

Try cleaning a 7 year old Win98 machine.

A windows machine that is also a weak hardware performer can take hours to clean. A lot of the processes can be automated, but it depends on how you bill your hours. So hours and hours of constant attention to clean a machine, not probably - but automated processes can still take a lot of time. And some system infections are really a pain in the ass and do require hours and hours. Just count yourself luck if you don't deal with those kinds of machines with any regularity.

Now, a properly administrated machine should take mere minutes to recover from a good backup and backup protocol. That I agree with.

Re:Could've been worse

It's been said Bill Gates makes over $1,000 every ten seconds. So it's more like $81 million for 225 hours.

Re:Could've been worse

[Ced_Ex]

Not all new computers are "fully backwards compatible" with the POS that they currently use.

For instance, they have a network of computers here that are still using FoxPro for DOS and some other old old DOS programs. Replacing the slow ass computer with a fast one presents a whole wack of problems that include the fast computer not being able to slow down to stay in sync with the other POSs.

So if you count all the support and maintenance to tie the new with the old, it's actually cheaper to spend the dough to rebuild the old crap.

I only wish life was that simple.

Re:Could've been worse

[spagetti_code]

MS would never have seen a bean of that money. First there's the jail time. Then you've got an unemployed teenager with a criminal record and no tertiary education who will, if he finds someone to employ him, probably make minimum wage.

It certainly is a PR move. Remember, almost everything MS does is a PR move because they are now first and foremost a great marketing company.

So its a good move on their behalf - chase some loser for 500K and never see a bean, or offer 'foregiveness' out of the bottom of their hearts.

A "Get Out of Jail Free" card!

[plover]

From the article:

U.S. District Judge Marsha Pechman said the sentence reflected that although he was 18 at the time of the attack, his maturity level was much younger than that. She also said his home life contributed to the problem.

Damn, that precedent means virtually everyone here on /. is immune from prosecution. For anything. Especially since "mom's basement" probably qualifies as a "home life".

Re:A "Get Out of Jail Free" card!

[plover]

Shit, do I actually have to type the damn smileys in here for you people?

Here: :-)

That means "it was a JOKE."

Re:A "Get Out of Jail Free" card!

Here: :-)

That means "it was a JOKE."

Here: ^$/

That means "no it wasn't!"

Re:A "Get Out of Jail Free" card!

[northcat]

This was "Tee kid". This guy didn't write the original Blaster worm that "wreaked havoc". He took the original one, modified it and spreaded it. IIRC, he got caught by leaving references to his nick of various sites "Tee kid" and leaving the URL to his website in the worm (I can't remember well). This guy was really stupid.

Drops the fine?

[nolife]

How can MS "fine" someone? Are they really that close to the government now that they can hand out their own judgement and punishment?

Re:Drops the fine?

[Eradicator2k3]

That was *probably* a poor word choice. I would imagine that the $500K "fine" actually was damages awarded to MS. MS does have the option to recommend that the court replace the awarded damages (of which they would only see a fraction) with community service. IANAL, however and this is mere speculation on my part.

Re:Drops the fine?

[Hollins]

If you look at the power wielded by the BSA, of which Microsoft seems the biggest beneficiary, it's clear that for all practical purposes, Microsoft is the government.

Re:Drops the fine?

[Fjornir]

MS didn't fine the kid, the court ordered him to pay 500k in restition. MS offered to let the kid sweat it off instead of paying cash. This is just a typical shitty slashdot writeup.

Re:Drops the fine?

[tomhudson]

Ok stupid, if you had a brain you'd realize this was damaged awarded to MS due to downtime and such.

So the kid should have included an MS-style EULA with his worm variant, and his liability would have been limited to the lesser of $5 or the price paid for the software ($0).

What's good for the goose is good for the gander - when is Microsoft going to pay for all the downtime their crap causes?

Re:Drops the fine?

[Hollins]

Based on anonymous tips, typically from disgruntled employees, the BSA can force a company to allow the BSA to perform an on-site software audit on behalf of its members. Audits usually result in the BSA demanding large payments for unlicensed software, plus penalties. Companies have found that losing receipts, packaging, etc. is no defense.

These tactics are firmly established in a number of court precedents, to such an extent that fighting the BSA in court is usually futile and only adds expense.

Even if a company is diligent in paying for software licenses, the cost of compiling documentation and escorting auditors can be expensive.

About once a year here in Chicago, the BSA runs radio ads against software piracy, along with encouragements to employees to call their anonymous tip line.

Now it may be completely ethical and legitimate for the BSA to act in this way, but it basically affords them governmental enforcement authority.

Re:Drops the fine?

[tomhudson]

When are administrators going to patch their machines?

- probably whenever a new distro comes out that looks interesting. Oh, you meant Windows "administrators". Sorry. Here's your 10-step plan.

Instructions for "Windows Administrators"

If you really MUST continue to administer Windows boxen, why not make your life a little easier with these simple steps:

1. AutoPatcher is your friend. (autopatcher.com)
2. Remove outlook, outlook express, and the whole Microsoft Office suite.
3. Hide the Internet Exploder icon.
4. Install Firefox, OpenOffice.
5. Replace the Firefox icon with the Exploder icon
6. Get everyone to use a centrally-administered web-mail client.
7. Remove all floppies, cd-rom and dvd drives, etc.
8. Force everyone to save their data to a central location, backed up every night. Re-image their drives automatically overnight so any spyware, adware, viruses, etc., that they installed yesterday are simply gone, baby, gone.
9. For really recalcitrant cases, re-install the cd-rom INSIDE the case (so they can't open the drive door) and set their machine to boot from cd-rom, then leave a bootable linux distro in the drive
10. Use your new-found free spare time for constructive tasks, like surfing slashdot.

Can he reduce the worktime ...

[Tribbin]

... by replacing himself by a shell script?

Re:Can he reduce the worktime ...

[bonch]

He's a script kiddie, so don't you mean "replacing himself with someone else's modified Visual Basic 6 project file he got from IRC?"

Re:$2200/Hr a good deal?

[oddsends]

Thats not such a great TCO

This wasn't the Blaster author

[r_glen]

This was the guy who modified the Blaster worm. The original author never got caught.

And in the meantime...

[The+Ultimate+Fartkno]

...50,000 people with pwn3d boxes get absolutely nothing. I can't decide if that's complete injustice or exactly what they deserve.

Re:And in the meantime...

[Fjornir]

If you had a box that caught blaster there is nothing preventing you from taking this kid to civil court for damages.

Re:And in the meantime...

[itistoday]

If you had a box that caught blaster there is nothing preventing you from taking this kid to civil court for damages.

Other than any sense of empathy for the kid.

The real reason...

[Sebilrazen]

Billy boy dropped the fine was that he saw some of himself in the boy, totally ripping off someone elses work, rebranding it and sending out the door. It was just a variant, wasn't it?

But will he get respect from the other criminals?

[CitznFish]

Life just ins't fair....

Community Service

[datafr0g]

The article also contained this:
Jeffrey Lee Parson, of Minnesota, was sentenced this year to 18 months in prison and 10 hours of community service.

What the hell is the point of a day's worth of community service when you are also serving 18 months in prison!?

225 hours of...

[Nevtje(hr]

...gardening! getting to know the REAL bugs out there!

These were damages owed MS

[the_rev_matt]

To all the people screaming "What, MS is part of the government now?":

The judge determined that the convicted owed MS damages of about $500,000. MS at their own discretion opted to allow him to to do community service in lieu of cash. As long as the agreement is acceptable to both parties, the judge will generally go with it.

Microsofts Judicial Powers

So MS has been given judicial powers to grant clemency now?

Yes. They first used it for this case.

Re:$2200/Hr a good deal?

[saintp]

Um, I don't think you have to pay them. At all.

At least...

[d2_m_viant]

Well, at least this kid didn't get a JOB offer from Microsoft. Seems he wasn't quite as lucky as the kid who hacked into T-Mobile and monitored Secret Service messages, only to get a job offer from them once he was caught...

...maybe when he matures and is looking towards real work, he'll consider a lucrative career in hacking government agencies, seems like breaking the law is rewarded nowadays.

Microsoft can do this...

[dteichman2]

It's not time for the tinfoil hats- yet. Microsoft isn't so close to the government that they can choose his sentence, but they could, if they wanted, ask the judge to reduce the sentence to certain terms that they think are fair.

Remember though, IANAL

I think it'd be great for this guy to get out in the sun and clean up graffiti! Maybe it'll build his character enough that he'll realize that making worms to smash Microsoft PCs isn't a cool thing to do- or is it?

Re:$2200/Hr a good deal?

Yeah, the community service I got stuck with was sticking towels in a dryer at the YMCA. The people there were pretty cool - the guy who ran their whole community service program at this YMCA started working there after he did community service there. It wasn't quite as fun as the thing that got me there in the first place, but it wasn't a horrible way to spend my evenings for few weeks either.

Re:Microsoft, the good guy

[InfiniteWisdom]

I'm glad you think that way. Tell me where you live and break in to your home. Its your fault for have breakable glass windows or whatever other vulnerability I exploit to get in, so I shouldn't be punished if I get caught.

Re:$2200/Hr a good deal?

[The+Ultimate+Fartkno]

Oh, you still have to pay them. It's just that after it's all over you can easily get your money back.

Uh oh... I just described GTA.

RUN! IT'S THE GOVERNMENT!!

No way

[oGMo]

Are you kidding? This is perfect. 225 hours of migrating boxes to Linux sounds like a perfect solution for both Microsoft and their customers.

:-)

Re:he wouldn't have been able to pay

[InfiniteWisdom]

What happens anyway in the US legal system if someone is fined a $500,000 when they have a few hundred bucks to their name, and no or low income?
An oversimplified answer is they file for bankruptcy protection, lose virtually all their posessions besides their primary residence, means of transport to work and other essentials and personal effects of no monetary value, need to have all significant expenses in the future approved by a judge and so on till they emerge from bankruptcy. Then they spend about 10 years unable to get a credit card or bank loan because their credit rating is so low.

Nice move, nice PR.

[kosmosik]

Really. They just got some good press. And it is better to have good press worldwide that to have some teen own you $0,5M which he probably would never pay to them at all...

Make him spend the 225 hours

[Anonymous+Luddite]

Helping Bill Gates with his first Gentoo install..

Re:Clemency

[Shalda]

RTFA. Parsons was to have paid the $500,000 as restitution to Microsoft because the worm launched a rather feeble DDOS attack on Microsoft's websites. As such, Microsoft has the authority to waive that, or to make arrangements. Also, with no job, assets, or future, Parsons would have had no means to make the restitution payment, and would likely have had it dismissed in bankruptcy proceedings. Microsoft would never have seen a dime. Instead, Microsoft gets to look charitable and magnanimous while the kid gets to avoid bankruptcy. Sounds like a win-win deal to me.

Re:Strange

[InfiniteWisdom]

Trying to extract $500k from a 19yo kid would probably fetch them more bad press than any actual compensation they would receive. Instead they come across as being compassionate and understanding. Nothing strange about it... just a good PR move (which we all know has always been their primary strength)

Re:MICROSOFT MAKES SUPERIOR SOFTWARE

Not superior software, superior service plans formerly but now only the market presence created by its history and effective monopoly status in the US keep the firm gaining income with any advantage over other PC software firms.

Get away lightly?

[caryw]

This kid still has to do 18 months in prison! 18 months! 13,128 hours! (linked from the same site)
18 months is almost 10% of the time this kid has even been on the planet!
Microsoft just helped him out by letting him live his life once he gets out of prison instead of being in debt for the next 40 years.
I bet it's extremely hard for a convicted felon to work off a $500,000 debt.
--
Fairfax Underground: For residents of Fairfax County and Northern Virginia

Re:Get away lightly?

[aztektum]

he could write a book about it

Re:Get away lightly?

[norfolkboy]

"I bet it's extremely hard for a convicted felon to work off a $500,000 debt."

Since the fine is a civil issue, and not a criminal issue, if the criminal has any sense, he'll petition for his own bankruptcy before he goes into jail, and be debt-free by the time he leaves. ... or is that not how it works in USA?

Re:Microsoft, the good guy

[Smidge204]

A better analogy would be if I made locks which, because of poor design choices, could all be easily opened with a screwdriver.

Then somebody breaks into 50,000 houses because they all used my inadequate locks.

The only fault of the homeowner would be trusting my product too much... but you can't really blame them for that either, since a lock manufacturer should know a thing to two about security!
=Smidge=

Re:Microsoft, the good guy

[InfiniteWisdom]

Show me where Microsoft makes the claim that their software is impregnable

It was surely not a fine

[EmbeddedJanitor]

My understanding of "fine" is that of a penalty imposed by the state in a criminal case. In the case of a civil action I think the term "damages" is used.

Microsoft is getting pretty big and powerful and can push the DOJ around, but I don't think they're yet in the position to fine people.

Re:he wouldn't have been able to pay

[The+Bungi]

besides their primary residence

Only in some states like Florida, I think. In others they can still repo your house and auction it.

I was hearing something on the OJ Simpson trial the other day which was being rehashed now that the lawyer died. AFAICT OJ "Magic Gloves" Simpson moved to Florida after the $30M civil suit he lost to avoid having his NFL pension garnished to pay for the judgement, and I think that Florida law also forbids your "primary residence" from being r00ted.

I might be wrong though.

Not a good deal -- to me.

[Nom+du+Keyboard]

seems like a good deal to me

It may be a good deal to the criminal in this case, but not to the rest of us computer users who have to put up with this type of worthless scum on a daily basis. If all the worm/virus/adware/spyware/hijack/root kit etc. writers and those who use their products to infect the rest of us were to disappear tomorrow, I, for one, wouldn't miss them for a moment. Life is tough enough already without humans preying on other humans.

Re:Not a good deal -- to me.

[javajawa]

If all the worm/virus/adware/hijack/root kit etc. writers and those others were to disappear tomorrow, then we'd still be left with all the shoddy programming that was initially left in the programs. These exploits point out the tip of an iceberg which, unchecked, would allow unscrupulous people in power to abuse the users.

Instead of community service...

[SmokeHalo]

...they should make him apologize, in person, to everyone affected by the worm.

$2200/hour is a steal to many companies

[Douglas+Simmons]

The blaster virus must have been the single best thing to happen to the antivirus software industry. And not just the companies in that particular subsector either. Security from viruses, spyware, popups and hacking in general has become a fear around which many companies have started marketing themselves. Take AOL's latest ads, or even non Internet operations like credit card companies and their new gimmick innovations against identity theft.

Just like how Bush has been accurately criticized for capitalizing on fear to push his agenda, many companies are now benefiting from fear in this context. Hell yes it was a bitch to deal with Blaster and friends, but I got paid cash money to remove it from a lot of people's computers. One time got some ass from it. So to those of us who are fans of capitalism and consumerism, or ass maybe, this is a Good Thing, and the economy has been helped more than it has been hurt by crap like this.

Re:Could've been worse- elephant poo

[modernbob]

I always thought that a good community service activity was shoveling elephant poop at the zoo. 225 hours of poo shoveling would give this person some perspective as to the aguish they have caused! :-)

What a shock!

[TiggertheMad]

So, MS isn't going to try to extract several hundred thousand dollars from someone with no money or prospect of getting that sort of money, because it would cost more to hire a thug to shake down the punk than they would get. Hmmm.

See, MS can make a good decision on occasion...

Re:$2200/Hr a good deal?

[Paleomacus]

I could hire an actress for a snuff film for less than $2200/hr.

Ok...I've admittedly led a somewhat sheltered suburban life but, how in God's name do you know this?

Re:Microsoft, the good guy

[InfiniteWisdom]

Quite possibly. I'm not defending Microsoft. I'm arguing that just because Microsoft's software is buggy doesn't make mean that people who explot those bugs are any less culpable.

In other news....

[Trelane]

a new worm has emerged which targets Linux exclusively. Reverse-engineering has thus far only revealed the string "!seineew era sreenigne xunil zes rekcah retsalB".

Re:Microsoft, the good guy

[InfiniteWisdom]

Firstly that's not true, because nobody advertises their open ports... blaster and the other worms probe addresses, look through address books etc. and run scans and probes to find vulnerable computers. Secondly, even if you did that, nobody who stals stuff from your home can use that as a defense. Its unlikely that the cops would spend any effort to find the thief, since you acted so stupidly, but if the person were caught somehow they're still culpable.

That really depends...

[WebCowboy]

So are you some kind of hotshot that can get any computer up and going in a vew minutes to an hour? Well, any monkey can format and re-install or restore-from-ghost in very short order, but in my experience it is those technicians that people call "useless" when they get their "fixed" computers back without properly configured drivers and all their email and data since their last weekly backup wiped out (if the said user is swift enough to even do a weekly backup).

In the corporate world competent techies have made it easy for themselves. They probably deal with a fleet of identical Dells, each issues with a standard ghost image, scripts up the wazoo, something like Altris or other big brother software do roll out updates/config changes, etc etc etc.

OTOH, 4.5 hours to clean up a machine is actually a realistic high-range estimate when you are talking about some of the personal computers or PCs at mom-and-pop operations out there like "nerds on site" and the like must see. I imagine they see everything from PIIs to the latest screaming PIV from any number of builders out there, and some of them are probably slapped together with leftover components too. These users don't have an image to restore to--unless you count the "rescue CD" if they haven't managed to lose it...they might not have any OS install CD at all! And backups? HAH! I've found you're lucky to even have weekly backups. And no matter how trivial their files look, all these users want to save as much as possible. These users are also rather undisciplined in their own maintenance. The worms and viruses are one thing--prepare to spend some time getting rid of adware attached to weather bugs, comet cursors, chat smileys and "free" P2P programs.

In any case, if you average it out you might spend 2 hours per machine. I'd say that for how much damage Blaster-variants caused this guy got off lightly--even including the hours he will spend in jail. I suppose, though, that suing someone who is broke for a half-million is pretty pointless. I DO like the idea of making the guy shovel elephant poo for a month as a substitute.

I do try to be optimistic though--one good thing is that this whole Blaster debacle brought to light the security crisis in Microsoft products. To this day, an unpatched win2k or pre-sp2 winxp machine will become infected within minutes when hooked up directly to a typical high-speed internet connection. It seems unfortunate that some jackass had to pull a stunt like Blaster before anything serious was done about security at MS.

Yawn

[ad0gg]

Apple works closely with the Business Software Alliance (BSA) and the Software Information Industry Association (SIIA) to combat software piracy worldwide.

Or you can take it straight from the horses mouth [search for apple]. Sure looks like they do a lot of work for Apple. If we compared Apples 622 documents to Microsofts 670 documents, they are pretty equal. And thats not a fair since Apple only has 3% market share.

Good analogy. Wrong conclusion.

[mangu]

Try this: leave the keys in your car parked during the night in a downtown street. Tell it to your insurance company and try to make them pay you.

To use the normal /. terminology, this is "orthogonal" to the punishment applied to the thief. He was wrong in stealing your car, yes, but you are also wrong in being so careless. By being careless, you are creating an incentive to crime and should also be punished. You are an accessory to the crime, an accomplice.

Remember this, "property rights" exist only because of our social conventions. Have you ever seen two dogs sharing a bone? Among animals, property always goes to the stronger one that wants it. So, to have any rights to your property, you should follow social conventions. One of these conventions is that you should take reasonable steps to protect your property when the circumstances make it necessary.

You may sleep with open doors if you live in a farm somewhere, but not in a poor inner city neighborhood. Likewise, you must be sure to lock your system if you ever connect to the internet. If you don't do it, then you are guilty of the crime of creating an environment where cybercrime propagates.

Uhh... Re:Drops the fine?

[templest]

IANAL, but for an EULA to work, doesn't the user have to agree to it and run the program voluntarily?

Would you like to run this worm and agree with the Terms of Service? (Y/n): _"

Again, dunno. Maybe I'm wrong. Comments?