Slashdot Mirror
Creator of Sasser Worm Goes on Trial
Cobb writes "Creator of the Sasser worm Sven Jaschan begins his trial today in Verden, Germany. Arrested in May 2004, Jaschan faces charges for his crimes as a juvenile. A reward from Microsoft partially led to the capture of the virus creator. From the article: 'The charges, which also include disrupting public services and illegally altering data, carry a maximum sentence of five years in prison. However, court spokeswoman Katharina Kruetzfeld said that, as a minor, he faces a lesser penalty.'"
Interesting conundrum for the legal system - do you let him off easy and give him a job at a security company - or hit him hard, and ruin a promising (although mischevious) programmer?
Physics is nothing like religion. If it was, we'd have an easier time trying to raise money!
They evidently saw his skills in identifying and essentially publicising weaknesses in the operating system in a positive light.
Perhaps he ought to be congratulated to some extent for this - Windows is now (barely) more secure.
I, for one, find no need in this world for worm writers, virus writers, phishers, Nigerian scammers, adware/spyware secret installers, keyboard loggers, and the rest of the trash that pollutes the otherwise exceptionally useful and wonderful Internet. Locking them away, and away from computers, for the rest of either their lives or my own -- which ever is shorter -- wouldn't bother me a bit.
"It's the height of ridiculousness to say for those 9 lines you get hundreds of millions."
Not really, because he didn't take anything. He caused trouble for people, sure, but not for personal gain. I'd say it's more like "I was only curious about how big the air force base was, and how close I could get to the nuclear missiles before I got caught". Not good, and shouldn't go unpunished, but not something to get a prison sentence for.
I am trolling
Sorry, fry the kid. Use this as YET ANOTHER wake up call that your computer is NOT a VCR. If parents cannot keep tabs on their kids computer use then they should take away the computer. If the parents cannot understand how to do this, then maybe they shouldn't have a computer till they learn. Responsibility is with the individual and/or mentors.
Sentence the kid to a computer science school.
These kids hack, because they are at the age of destructiveness. They don't have the vision and maturity to reach the creativity stage, because they have no role models to do so. This kid's skills are good enough to make him a skilled security professional, and he didn't know enough to hand Sasser over to a Secunia and make himself well known in the process and probably have job offers. I'd like to hear his rationale for releasing it into the wild before deciding on how to treat him, butmost of these kids do it for the kicks and respect of disfunctional peer groups (i.e. other hacking clans). Need to show them a better way.
Worms are a two-sided problem. In order for them to happen, it takes a software writer (far too often that software writer being named "Microsoft"...) to create software that has a ready-to-exploit flaw in it, and then it just takes one evil-minded programmer to kick a worm through that hole and make a mess that makes all of us wearing white hats have to do some serious cleanup and deal with downtimes .
While I'm glad the kid is going to get taken to justice, I'm still a little troubled by the fact that all Microsoft did for their part of it was to release a "you shoulda run Windows Update" patch and kicking in a quarter-million US dollar reward... both of which they're doing out of the kindness of Bill Gates' heart because there's no law requiring either of them.
I know small time programmers need liability protection from the abuse of their software... but shouldn't a large company like Microsoft be liable for the cleanup costs associated with their own security bugs?
I think if a kid is capable of commiting a crime knowingly, then he should face the same punishment as an adult.
I think a lot of kids commit crimes with the "knowledge" that if they get caught, it would be a slap on the wrist and go away when they turn 18.
.. at least according to the BBC:
http://news.bbc.co.uk/1/hi/technology/4649361.stm
Watch the Teaser Trailer for "The Lightning Thief" Her
I, for one, don't want to have my taxes used to incarcerate someone who doesn't pose a life or death threat to anyone else in society. Fine him up the ass, make him do community service for a decade, but there's no reason why we should throw essentially a social criminal who harmed no one but business into prison.
/. crowd, some super smart folks, who will quickly resort to violence over someone fucking with their geekdom.
I'm amazed by the
No sig for you!!
To go down the garden path of increasing awareness, try this analogy.
Sasser boy is riding a rollercoaster.
He notices a loose screw.
Does he
A. Inform the rollercoaster operator of the problem
B. Attempt to repair it himself
C. Unscrew it to demonstrate the safety risk of the initial poor design/maintenance?
Yes, there is only one right answer here - and it sure ain't C. If Sasserboy wanted to do something noble, he could have programmed a workaround to patch the hole until M$ could release their patch.
Instead, he took the screw out.
Idiot. We don't need people like this in IT. Common sense is slightly more important than technical savvy - remember, most hacks are social engineered ones.
Crack dealers are often very good businessmen, and have to work hard to keep the supply chains running, salesmen on the streets, etc. We don't normally see them working for the DEA afterwards, or getting jobs on Wall Street with their acquired skills. Instead we lock them up for 20 years.
Crack dealers may be great businessmen on the streets, but often there are a different set of skills required to make it in legitimate businesses. Respect for social structure, having "cultural capital" (the ability to maneuver in these structures) and deal with gov't beuracracy, ect are things one working in underground markets doesn't have to deal with as much. For an example of an drug dealer trying to make it in legal business, I would suggest reading Philippe Bourgois's In Search of Respect : Selling Crack in El Barrio. A text common in many Sociology classes.
Well I do see your point, but I still disagree.
:)
Letting your kid play in the playground is not irresponsible. However, letting your kid play on a playground during a thunderstorm is irresponsible.
It is still not right to kidnap your kids!
The way i would work your analogy into the microsoft thing is if you were encouraging parents all over the world to encourage them to let their kids play in the playgrounds during thunderstorms, it would be beneficial if an accident proved you wrong, so you could recommend better child care policy.
I do not justify any criminal mischief, but I think in this case this criminal mischief did serve to expose Microsoft's gross negligence and was a net benefit to Microsoft and the computing community.
As to whether or not to put the guy in prison, I do not know what should be done. If he was just trying to create problems and not teach us all a valuable security lesson, then I am less sympathetic. Then again, I did stupid things when I was 17 too