Slashdot Mirror
Creator of Sasser Worm Goes on Trial
Cobb writes "Creator of the Sasser worm Sven Jaschan begins his trial today in Verden, Germany. Arrested in May 2004, Jaschan faces charges for his crimes as a juvenile. A reward from Microsoft partially led to the capture of the virus creator. From the article: 'The charges, which also include disrupting public services and illegally altering data, carry a maximum sentence of five years in prison. However, court spokeswoman Katharina Kruetzfeld said that, as a minor, he faces a lesser penalty.'"
Interesting conundrum for the legal system - do you let him off easy and give him a job at a security company - or hit him hard, and ruin a promising (although mischevious) programmer?
Physics is nothing like religion. If it was, we'd have an easier time trying to raise money!
They evidently saw his skills in identifying and essentially publicising weaknesses in the operating system in a positive light.
Perhaps he ought to be congratulated to some extent for this - Windows is now (barely) more secure.
This, along with prosecution of spammers, is a good start to reducing annoying aspects of the internet, but how far will this go to prevent others from replacing convicted pests?
Is there a way to tackle the problem "from the source" that would prevent would be spammers and virus creators from WANTING to do these things?
I think if enough offenders are prosecuted, and prosecuted severely enough, there is the potential to ward off others from commiting the same acts. However, if only a few, say 1 in 20 or less, virus creators/spammers/etc are caught, I don't think there will be enough push to stop others from taking their place.
Just like anything else in the world, if there is a low risk of punishment and a good chance of some sort of reward (monetary, pride, whatever) for some act, then someone will commit that act.
Maybe the Hacker Mentality needs to be tempered with regard to the consequences of ones actions.
I'm sorry Officer - I only shot him to see what would happen. You don't understand the hacker mentality
init 11 - for when you need that edge.
It'd be nice if his punishment was to do the work of all the IT personnell who had to clean up after his mess. I'd love to sit at home and relax while that little dweeb does my job. I'd be the one getting paid of course.
Because of the profile in this case, I have to say toss the book at him. This will not scare the real hacker, but this will have a chilling effect on the casual script kiddies, and that is where the majority of worm/virus/junkware comed from.
" I wish I could put a bounty on people who made me look stupid." If you did then you'd be very rich. ;-)
Let's see him worm his way out of this!
If brevity is the soul of wit, then how does one explain Twitter?
Sorry, fry the kid. Use this as YET ANOTHER wake up call that your computer is NOT a VCR. If parents cannot keep tabs on their kids computer use then they should take away the computer. If the parents cannot understand how to do this, then maybe they shouldn't have a computer till they learn. Responsibility is with the individual and/or mentors.
Or, I just wanted to light a little fire and see what happened.
-- Slashdot: When Public Access TV Says "No"
I do have to say that just because M$ is a security hole doesn't mean that exploiting it in a milicious was is right, or even justified. There are correct ways to report the vulnerabilities, and those are the paths that this person should have taken.
Think of it this way, if you have a kid that is playing in a playground, and you look away for a minute or two, is it right/justified for a kidnapper to take your kid? Sure, it was your fault that you were not looking, but does that mean that since there was an opening to take your kid, someone is justified in taking your kid?
Sure, would-be kidnapper may come up to you and say "hey man/lady, your kid isn't being watched and could be taken easily". Even if the parent STILL keep an eye on their kid, does that make it right for the kidnapper to THEN take your kid just to proove a point and to let other know you were not looking?
This hacker deserves to be put in prision, they need to send a message saying that making virus's isn't right and it will not be tolerated.
I think if a kid is capable of commiting a crime knowingly, then he should face the same punishment as an adult.
I think a lot of kids commit crimes with the "knowledge" that if they get caught, it would be a slap on the wrist and go away when they turn 18.
Yes, but shouldn't Bill Gates go to jail for negligence, too?
Let me use this analogy: A kid throws a rock in a mountain, causing an avalanche. Turns out the guys who were warned about possible avalanches didn't do their work, like putting protective fences, blah blah.
So, when people die because of the rocks falling, suddenly a kid's the ONLY person guilty?
Give me a break.
Or dead.
Moreover, he is tried as a juvenile. In Germany, you are invariably tried as a juvenile up to 18 years of age, and more typically up to 21 years if the court determines that "your character is not completely formed". Sentences in a German juvenile court are not primarily for punishment, but to provide guidance and education. Very few juvenile offenders go to prison (and if yes, none goes to an adult prison). Typical sentences include mandatory social work or weekend arrests.
Finally, first time offenders always get much lower sentences, and prison sentences up to a year are nearly always suspended (for first-time offenders with reasonably behaviour and prognosis, so are some longer sentences).
So his risks of actually spending time in prison are rather low.
Stephan
Ah, but he was a minor. If you're going to fry someone, fry his parents. I'll bet you that will make a difference to the supervision levels of kids using computers.
You may not have been serious, but luckily for everyone concerned Germany is in the EU - where the prohibition of the death penalty is a condition of entry. Plus it would appear that the West German constitution of 1949 abolished it anyway.
I've never quite understood how supposedly civilised countries can put their citizens to death, for whatever reason. The no-death-penalty, no-extradition-to-face-execution clauses of EU membership make be inordinately proud of being European...
Tedious Bloggy Stuff - hooray?
Yeah, that makes sense. Kid breaks the law, so we punish him by sending him to computer science school. I assume the state is going to pay for this.
Meanwhile the kid down the street, who knows just as much about computers but somehow managed to resist the temptation to drop a worm on the internet, gets to work two jobs and apply for scholarships and financial aid and try to figure out how he'll afford a higher education.
That'll teach 'em.
It's the land of the brave, and the home of the free
Where the less you know, the better off you'll be.
Jaschan: You want answers?
Prosecutor: I think I'm entitled to them.
Jaschan: You want answers?
Prosecutor: I want the truth!
Jaschan: You can't handle the truth! Old man, we live in a world that has firewalls. And those firewalls have to be setup by men with MCSEs. Who's gonna do it? You? You, Mr. Ballmer?
I have a greater responsibility than you can possibly fathom. You weep for Windows XP and you curse Microsoft. You have that luxury. You have the luxury of not knowing what I know: that Windows XP has faults, while tragic, probably saved jobs. And my existence, while grotesque and incomprehensible to you, saves jobs...
You don't want the truth. Because deep down, in places you don't talk about at LAN parties, you want me on hacking that firewall. You need me finding exploits in that firewall. We use words like reboot, blue screen, exploits, Microsoft...we use these words as the backbone to a life spent hacking something. You use 'em as a punchline.
I have neither the time nor the inclination to explain myself to a man who rises and sleeps under the blanket of the very exploits I find, then questions the manner in which I exploit it!
I'd rather you just said thank you and went on your way. Otherwise, I suggest you pick up a real firewall and configure it. Either way, I don't give a damn what you think you're entitled to!
Prosecutor: Did you write the Sasser worm?
Jaschan: (quietly) I did the job you sent me to do.
Prosecutor: Did you write the Sasser worm?
Jaschan: You're goddamn right I did!!
Anything less is hypocrisy and posturing - "having our cake and eating it, too"...
Reason is the Path to God - Anon
I was saying goodnight to a friend/colleague who is a medical doctor the other night, and he was meeting a consultant after work. The consultant mentioned that the <insert name of large London hospital> was suffering a virus attack, and most of the computer systems were screwed.
Now, moan all you like about choice of OS in a hospital, but it seems to me that it's not just 'business' that gets harmed. There's no magic wand that means that non-profit organisations, charities or hospitals don't get pwn3d by viruses.