Slashdot Mirror
Creators of Massive Botnet Arrested
DigitumDei writes "Dutch police has nabbed 3 men (aged 19,22, & 27) who alledgedly used the toxbot trojan to create a botnet of over 100000 machines. The trio conducted a DDOS attack against an unnamed US company in an extortion attempt, as well as using phishing tactics to hijack PayPal and eBay accounts.
From the article: 'Police seized computers, cash, a sports car, and bank accounts at the three men's residences, and additional arrests are expected. The three were to be taken before a magistrate in Breda, a city approximately 25 miles south of Rotterdam, on Friday.
The botnet was dismantled, prosecutors said, with help from the Dutch National High Tech Crime Center; GOVCERT.NL, the Netherlands' Computer Emergency Response Team; and several Internet service providers, including the Amsterdam-based XS4ALL.'"
/Godfather music in background
I hereby declare a new metric for measuring the size of botnets: The MegaBot. 1 MegaBot==10E6 Bots.
Best Slashdot Co
Id never lose another ebay auction. 100k snipes every nanosec!
A city-wide Thieves Guild is understandable, but a National Crime Center is just going too far.
Sheesh, evil *and* a jerk. -- Jade
the creators of the slashdot network are still at large tho :)
This will also give them pause when hiring former hackers. They might think "Is this guy going to give extortionists inside info?"
On the other hand, security folks may have a budget windfall thrown their way. Considering '"Each time the Trojan was stopped by anti-virus defenses, they made a new version," he said. "This was not just a one-off. The sheer number of variants shows this wasn't a crime they committed just once."' Those security people better get to it.
"MY APOCALYPTIC TENOR HAS NOT BEEN DISPELLED!" - T-Rex, qwantz.com
I get so many of these zombie machines trying things everyday and never hear about anyone getting caught. Hope they get sentenced to ten years of Windows XP.
It is close to Jabbeke -- the city where I live. HA! Sais it all.
...who alledgedly used the toxbot trojan to create a botnet of over 100000 machines.
It seems a little harsh to get arrested for only infecting 32 machines.....
"For Great Justice."
This article has recently been linked from Slashdot. Please keep an eye on the page history for errors or vandalism.
My hat's off to them that they nabbed 3 guys, but there must be other botnets out there. And I think an effective way to stop it would be at the user level. It would be like taking away all the soil and water from coca farmers. Sure, have your plants, but can you grow them?
Disclaimer: I am not equating botnets to drugs.
I don't get it.
Surely those computers are still vulnerable to the toxbot trojan at best, or just waiting for somebody to give the right commands at worst.
Unless you use the trojan to patch the system of course, but that would be illegal.
When I was in uni, we had a guy from the Belgian Computer Crime Unit (CCU) come and talk to us about computer criminality. We asked a load of questions, including whether they actually actively went after casual downloaders. Basically they said they were so swamped going after child pornography sites, they did not have any resources at all for those kind of activities.
Most police "cybercrime" units are still very underfunded.
Coca-Cola, sometimes War.
I wonder what it would take to convince the world that these unsecured machines are an actual security threat, rather than an annoyance?
Since the last A in both those abbreviations stands for 'America', it's probably not a heck of a lot... We've got Stichting Brein here who claims to represent copyright holders, but aside from the occasional high-profile bust that is intended to show they're still at it, they aren't doing that much. If they are, they're managing to keep their activities well hidden.
That's 'cos cops like helping kids. Very few cops are shot by 8-year-olds who can't find their mommy.
The botnet was dismantled, prosecutors said, with help from...
Why didn't I think of that! That's 100,000 lusers that won't be getting infected again soon, unless they learn enough to reassemble their boxen, by which point...*sigh* What am I thinking? They'll probably just buy new systems and throw the piles of parts out. They'll be back on bot nets by this weekend.
What they need to do is dismantal the owners!
--MarkusQ
who don't update, don't use antivirus software ...or don't use linux encourage these kind of activities
Siropel
and bank accounts at the three men's residences
Ahaha, who keeps bank accounts at their residence, of all places?!
Police seized computers, cash, a sports car, and bank accounts at the three men's residences, and additional arrests are expected. The three were to be taken before a magistrate in Breda, a city approximately 25 miles south of Rotterdam, on Friday.
What kind of computers? How much cash? What kind of car? What were the residences like?
Come on, we need better details for the upcoming movie & tv special.
These guys had to know they were going to get busted, someone probably was bragging about how many PCs they zombified.
He who knows best knows how little he knows. - Thomas Jefferson
Comment removed based on user account deletion
The government said themselves that making file sharing a criminal offence just turns a large portion of the population into criminals for no real benefit. This is similar to the drugs policy. From Wikipedia:
So no, the government tends to go after real criminals, rather than waste time on teenagers with too much free time.Comment removed based on user account deletion
Yeah, de_rotterdam is a fun one.
After all, I am strangely colored.
I saw that as 1000,000 machines, but it's only 100,000 machines. So it's a 0.1 megabot botnet, not a full megabot botnet.
Best Slashdot Co
How do criminals think they'll get away with something like this? I just don't get it really. Even if you successfully set up the botnet and the company decides they do want to pay you off, how do they think they're going to remain anonymous, collect the money, and fade into oblivion (or fade into bolivian if you're Mike Tyson). Perhaps I just don't have the cunning mind of a criminal but the logic really escapes me.
Finance tutorials and more! Understandfinance
It seems to me that unpatched Windows boxes are becoming an environmental problem ;-)
http://www.dieblinkenlights.com
I forsee the day when bot nets are a thing of the past. While I admit that currently most police forces couldn't catch a virus by opening infected email things seem to be changing.
The scale of setting up a useful botnet is such that there are thousands of tiny ways that you could screw up and leave a drity great big flag pointing out your location / identity. Even the most carefully created botnet will contain some useful information to track down it's owner. In fact the very nature of the beast means that at some point you will have to contact it which potentially gives away your location. Ok you can run through proxies and use other methods to hide you identity but it only takes one slip up which someone technical is watching. Of course you also have the problem of collecting you payments. While you might be able to hide in the online world hiding from the banking world is much harder. At some point you have to collect you money.
All in all I think it would be easier to just go into kidnapping or drug dealing. The profit margin has got to be higher.
I used to have a better sig but it broke.
I always thought that Americans were just plain ignorant about European geography. Now I know it's because you've been going round telling them that Madrid is close to London.
Zombie Master
(SCARY PIC HERE)
Creature - Lord
All Zombies gain "(1b): Regenerate this creature" and swampwalk. (They're unblockable if defending player controls a swamp.
He controlled the zombies even before his own death; now nothing can make them betray him.
2/3
Ah, I see you have never visited Detroit.
You can only drink 30 or 40 glasses of beer a day, no matter how rich you are.
-- Colonel Adolphus Busch
REJUVENATE!
Eloi are stupid, throw morlocks at them!
Does this info really help? How many Americans know Rotterdam?
Rotterdamn....that sounds vaguely familar.. Oh yeah now I remember it was one of my options for music in Ridge Racer for Play Station.
As to not be marked off-topic, the question really becomes not what to do with those behind the botnet, but what to do with the botnet itself. One could patch the entire network via the use of the very trojan that created it (which we know is illegal), but I think this might be a good change to get some extra cycles for SETI. I can just see Team Dutch National High Tech Crime Center moving up the rankings now.
Because real studies have shown that stiff sentences do wonders besides making the pitchfork carying mob happy?
Secure messaging: http://quickmsg.vreeken.net/
Unfortunately I am not.
Blushing profusly right now; amazing how previewing twice just meant I read "has" as "have" in my mind twice.
East Coast Brewers
Heh. From what I know of the Dutch, I'd be more likely to believe the submitter was Dutch if there wasn't a grammatical error. I hear they make fun of school kids over there who only speak three languages.
That being said, you're probably right. The most common mistake people make in foreign languages is subject/verb agreement.
ad logicam Claiming a proposition is false because it was presented as the conclusion of a fallacious argument.
Precedent
3 [C] LEGAL a decision about a particular law case which makes it likely that other similar cases will be decided in the same way:
The judgment on pension rights has established/set a precedent.
Therefore; in this case setting a precendence of a heavy sentence may discourage others from similar activities.
How do you dismantle a botnet?
That's exactly why this article is bulloney. We are supposed to believe that the Dutch police went around to 100,000 machines in bedrooms around the world and dutifully used Norton to clean off this nasty little trojan and turn on firewwalls. The reality of it is that they have shut down one server that may have been being used to control the botnet. They don't really have a clue if there are other servers or not. Regardless, there are still 100,000 bots sitting out there eagerly waiting for instructions.
I suspect that, if the botnet was actually shutdown, the botnet will be operational again within a week.
Are Linux boxes invulnerable? Is the gauntlet being thrown at our feet? (lol)
I'm happy they did get nabbed though. There are plenty of fun things to do in life instead of extortion.
Cogito Ergo Sum
I guess the government will go after these network abusers when they smell cash and unpaid taxes.
I suspect the poster made the errors on purpose to highlight a certain dutch accent in TFA...
I know the ideas and reasoning behind stiff sentences, that doesn't mean it works.
Like amputating a hand after stealing, very scary but does it actually make crime rates go down?
If one isn't afraid of getting caught the sentence doesn't matter.
Secure messaging: http://quickmsg.vreeken.net/
I don't think any government actively goes after drug users, they go after the distributors. The only people who get charged with using drugs are the ones who are dumb enough to do it publically or get high and get in an accident.
"Action without philosophy is a lethal weapon; philosophy without action is worthless."
Rotterdam - > Breda Total Est. Distance: 30.09 miles (roughly 51.15 Km)
"If it's true that our species is alone in the universe, then I'd have to say that the universe aimed rather low
I agree. Let's take away the users. That'll teach those mean botnet people. Did you have any specific method in mind?
If you are going to punish, punish properly. A lot of effort went into catching these criminals without proper punishment all that effort will be wasted.
PS. Whilst I don't agree with cutting people's hands off. It IS a very effect way of reducing crime, that has been proven to work.
If you look at it on the scale of things then for them thats probably true.. Holland fits 144 thousand times into a country the size like Canada (which is a bit bigger then the states), with distances like that their mindset towards them is different. so that distance would probably be close for their standards.. It's one thing to bitch about their lack of geographical knowledge (which we all know is pretty bad when it comes to overseas knowdledge), but you have to see the other side of the coin as well. How much do you know about the states?, your knowledge about that is probably just as bad as theirs is of europe;)
"If it's true that our species is alone in the universe, then I'd have to say that the universe aimed rather low
Why is it that these arrests always seem to be made in Europe? Is it because the legal climate is different, or is the incidence of criminal extortion over the internet higher there? Is Europe the locus of the crime? I always thought Eastern Europe (e.g. Russia, baltic states) and the east were worse. Is it that they don't enforce in those places so you never hear about it?
---
tjc
...how many extortion attempts such as this are successful? We (obviously) wouldn't hear about them as a company wouldn't want to air their dirty laundry. I would imagine that any small Internet company without the resources to fight something like this would either have to pay up or close shop. Scary.
Not complying to standards is futile. Prepare to be assimilated.
Whew, I thought they were taking Nick at Nite off the air!
Some settling may occur during posting.
heh, and those disgusting B.I.G. commercials? The dutch geeks among us will know what I mean.
People replying to my sig annoy me. That's why I change it all the time.
Ha! I'd wager the average European knows more US geography than the average American. The constant barrage of US TV/Movies and US biased Internet sites means I know more areas of New York than I do London (I'm British)
It is possible that they notified the users, since they had the cooperation of the ISPs. Even normal users can understand a letter telling them that criminals have been using their computers to perform illegal activities, and here are some guidelines for preventing it from happening in the future. Sure, it doesn't get everyone, but it can be enough to weaken the network for sure.
interesting stats there. [ 144 thousand times * holland = canada ]. hello dont believe this.
and china doesn't have crime because they get shot easily on the market square in mass.
hmm. if there's a masses of those criminals and continue to be.. hmm.. hmmm.. what's wrong with the picture?
It is, Madrid is only 786 miles from London. That's less than the distance between New York and Chicago.
interesting stats there. [ 144 thousand times * holland = canada ]. hello dont believe this.
It's more like 240 * Holland = Canada.
never mind a world crime league, like buckaroo banzai was supposed to go up against... :>
ed
Three enterprizing Security Guru's setup a Security Firm to help assist EU against virus attacks! :-)
Scott McNealy to Michael: "Suck my Sun!" Michael Dell to Scott : "Lick my Dell!"
>PS. Whilst I don't agree with cutting people's hands off. It IS a very effect way of reducing crime, that has been proven to work.
No it is not. Do you mean "proven", as in a mathematical proof? Cutting off a hand (or both hands) may be effective in preventing a specific criminal from stealing but it has no significant effect on "crime" whatsoever. There's more than enough statistical proof about that. (Although statistics - crime statistics in particular - of course lie)
If past history is anything to go by, they'll probably all end up getting highly paid security jobs.
Well, for us it IS close...
b =London
http://portcanal.co.uk/cgi-bin/diser.pl?a=Madrid&
That's like the distance from NYC to Chicago, not to far.
I 4 1 w3lcom3 our N3W B0tn3t ov3rlordZ
do the maths.. Canada is 9,984,670 Square KM Holland is 41,526 Square KM 9984670 / 41256 = (roughly)24044381883 (etc.) So your right i was wrong.. its more then 144..
"If it's true that our species is alone in the universe, then I'd have to say that the universe aimed rather low
slap on a howl from beyond (when you've confirmed that he is going to get through) and then he can get truly ugly...
Listen, here's a hot tip if you ever want to get on a cops good side ( such as when they are giving you a traffic ticket or whatever ). All you have to do is ask them loudly "Why aren't you out catching the real criminals eh ?" and they will instantly feel warm and friendly towards you and treat you with the deference, courtesy and respect you deserve.
You're fighting an uphill battle, as megabyte still means 2^20 bytes.
A witty saying proves you are wittier than the next guy.
Madrid is close to London; anything under 1000 miles is close by North American standards.
Here let me explain this joke to all the tard moderators that can't get it.
1) zombie = bot
2) The bolded quote refers to the master controlling from the grave (ie undead)
3) From TFA, the bot (zombie) controllers (masters) just got arrested (killed)
It may not be funny but it is on topic. Mod it as such dumbasses.
OK I'm a bit late on this story, but maybe some mods will be late too ;)
.ident ) or just on the channel, the PRIVMSG will be sent to every bot. Now 100k bots in a channel is a lot but I have seen 30k already.
;). Who would want to be part of the botnet ? :)
As an IRC admin for few years, I saw many botnet channels. The botnet masters enjoy putting their bots on IRC (on a secret channel) because it's a third party who provides the communication support, IRC is a good message demultiplexer, and they think it's safe since they only log on IRC with a proxy.
They can identify themselves with a given bot by going private (PRIVMSG
The bots had random nicks so we just put a bot of ours with a random nick in the channel, logged everything and then get the login/pass (I guess in this case Dutch police had the login/pass pair from the PCs they seized). Then we looked out for the bot version, looked on the web for commands (usually, the bot masters are script kiddies and just build the bot from an "automatic" builder they download on the web... they wouldn't even build from the sources).
All of the bots I encountered disposed of attacks commands et al, but also a clean removal command. That's what we used.
Now I don't know about the bot in this story, but most likely the botnet masters HAD a mean to contact them all (now is it IRC-like with a big channel, or distributed among the bots à la DNS, I don't know... But even if the removal command isn't here, there's still a way to tell the bot to execute a given binary they download from a given URL).
And I don't think that would really be illegal, remember, the PC owners rarely know they are infected or don't care. They won't know or won't care either if someone removes the bot for them. And if they say something, just sue them since it means they were part of the attack knowingly
Anyway I hope we could shut down more of these networks (and MS should pay for their dismantle since nearly all zombies networks are running Windows).
Comment removed based on user account deletion
Have you ever considered to work as career counselor in your nearest jail?
The correct unit to use when explaining the size of countries is the size of wales
Most police "cybercrime" units are still very underfunded.
I think this is due to the fact that cybercrime is still pretty new, compared to other criminal means.
Most people in charge of police departments and people (often politicians) in charge of budget allocations are older and aren't used to dealing with cybercrime.
Once cybercrime goes past the critical boiling point, I predict a huge swing of the enforcement pendulum.
It wont be necessarily pleasant for everyone, especially people who enjoy their current relative anonymity online.
I know, right? Although I'm surprised sometimes how much some of my French friends here know about the US, if you think about it, Americans probably know about the same amount about Europe geographically. A French person probably knows roughly where New York, Miami, Chicago, Los Angeles, and San Francisco are, and it seems like a lot because it's all in one country. But even before I was living in Europe I knew roughly where Paris, London, Madrid, Berlin, and Rome were. Okay, maybe I didn't have a clear picture of where Switzerland was situated, but then again how many Europeans know where Ohio is? There will be some, just like there will be some Americans who know Switzerland. Now, they probably think people there speak "Swiss", but that's another story. :) (I consider myself
a fairly knowledgeable person, so it's somewhat embarrassing
that I didn't realize people spoke French in Geneva, Switzerland. Or maybe I did somewhere subconsciously, but I'd never really
thought about it.)
What is the real identity of this Dutch ISP XS4ALL? Fighting spammers (though losing appeal), defending the rights of clients to hyperlink and refusing to be bullied by court orders, and now taking down BotNets. Apparently the founders sold out for millions, but they seem to go well beyond the Google "do no evil" philosophy to pro-actively defending the rights of their customers at considerable risk to themselves. It's the kind of company the deserves to win an awful lot of business.
Phillip.
Property for sale in Nice, France
What are the capitals of California, New York and Illinois?
(no cheating)
You could send 100,000 pieces of snail mail, but that woudl be pretty expensive, and you'd have the problem of getting the right snail mail addresses to start with.
You could send email, but that would be dropped by white lists, spam filters, and human rejection of email from strangers.
You could pop up an alert, but most people would just close it as more spamming.
Infuriate left and right
Should have read :'potnet dismantled'. After all, it's Holland, right?
Do the Dutch really have a Justice system based on gobbledegook?
Computers are useless. They can only give you answers.
-- Pablo Picasso
GRAMMATICAL, damn it!
"Is this Winkhorst a nova criminal?" "No just a technical sergeant wanted for interrogation."
...is this a unit commonly used in Britain or Europe? Off hand, I have no idea how big Wales is... is there a US state approximately the same size of Wales?
:-)
OTOH, I've found comparing things with the size of France much more useful. For example, Texas is the size of France, and Bolivia is about twice the size of France. I guess we Americans like our measurements big?
Both of these must be high to see a significant reduction in crime. The problem is that a lot of people ignore the second factor. If one criminal is caught for every thousand, then there is next to no reason to stop committing the crime. This is why speeding tickets will never work - the laws are simply not enforced.
So hopefully this is the start of some real policework in tracking down these extortionists and brining them to justice. If a high enough percentage are caught, then you'll start seeing the difference between 6 months probation and 20 years in a FPMITA prison.
Last post!
If everybody would learn to bid properly there'd be no need for a sniping service.
we see things not as as they are, but as we are.
-- anais nin
** poopbot2 has joined #usa
** poopbot3 has joined #usa
** poopbot4 has joined #usa
** poopbot5 has joined #usa
[poopbot1] U SUX0RZ
[poopbot2] U SUX0RZ
[poopbot3] U SUX0RZ
[poopbot4] U SUX0RZ
[poopbot5] U SUX0RZ
** poopbot1 has left #usa
** poopbot2 has left #usa
** poopbot3 has left #usa
** poopbot4 has left #usa
** poopbot5 has left #usa
*plays the Apogee theme song music*
There's more than enough statistical proof about that. (Although statistics - crime statistics in particular - of course lie)
I.e. what you have just said has no basis.
Back in the real world, there are two types of criminals; those who believe they won't get caught, and the rest. Obviously, stiffer sentencing will deter those who don't believe 100% that they will get away with it.
We seem to have drifted away from the topic at hand. I merely suggested that those found guilty of the crime in question should receive a fairly stiff sentence as to deter other people out there with 'too much time, and busy fingers'.
Just as I was getting ready to use it to mailbomb Congress in opposition to the Broadcast Flag.
"It's the height of ridiculousness to say for those 9 lines you get hundreds of millions."
Well, if we're establishing precendence [sic] maybe we should just execute the bastards. Wouldn't that be more of a deterrent?
we see things not as as they are, but as we are.
-- anais nin
I'm pretty sure that's near London, but I doubt I'll ever go there since I don't speak Italian.
/ducks
Why don't they arrest M$ directors for promoting the development of an insecure, vulnerable OS through unrealistic release deadlines and abusive market practices?
Because lets face it, its not the Windows developers' fault, because most developers would rather spend more time on a project and make it better, and the creaters of trojans would have a much harder time of it if there weren't such huge flaws in the market-dominating OS.
I swear we should be allowed to give mod points to sigs... "-1, Offtopic"
So there's been some effect. The spammers are becoming afraid. Not very afraid. Yet. But afraid. It's becoming hard to spam without committing multiple felonies. Those felonies are leading to a few arrests and jail sentences. Not many, but enough to scare off many spammers. The remaining spammers look more and more like traditional crooks.
There's plenty of stuff on SpecialHam for law enforcement to go after. "Special Hurricane Katrina Promotions". "Offshore bank accounts for sale". Anyone active against spam should be looking there.
I want to know whose bank accounts they seized.
This post expresses my opinion, not that of my employer. And yes, IAAL.
I make about 10 an hour opening boxes and taping them back up. Still, I could show everyone reading this how to create a botnet and gain at least 100 zombie machines apiece by the end of the day. We could then target and demand money from random companies and knock everyone we want offline. I can't even get a job at a printing store. Still, if I got bored I could hold any company offline indefinitely. I'm certainly not smarter then the people at Microsoft or Symantec, but I could tweak the code indefinitely to escape their detection. I'm not sure there is a moral to this story but like I said I open boxes and put tape on them... yet I can take down fortune 500 company servers and flaunt the fact that Nortons or nobody else could detect it.
Were these guys Germans who drive scooters and brandish weasels?
I just want my rug back.
Of course it was!
Er, wouldn't that involve uninstalling the bots from the computers of 100,000 clueless people?
Reminds me of the sequal-ready ending to a cheesy horror flick.
Evil is the money of root.
Wouldn't the high chance of getting caught be enough of a deterent?
Secure messaging: http://quickmsg.vreeken.net/
The T1 line at a place I admin got saturated once with upstream traffic. Took a bit of poking.
Turns out:
1) It was a script that infected a vulnerability in a well-known image manipulation system written in perl CGI.
2) User never got root, and didn't seem to care.
3) System was participating in a botnet of about 200 systems, (if I remember this correctly) all managed via an IRC chat.
4) All the exploits were downloaded from a web server located somewhere in Brazil. Telnets that happened were also from another IP address in Brazil. Home address? dunno. abuse@thebrazillianisp.com was notified of everything, but no reply was ever received.
Here's how it all happened:
1) The exploit used a vuln that allows the attacker to run wget, download a hacked telnetd, and then open a telnetd on a high port. Telnet to the port and get a shell account on the system as user "nobody".
2) This telnet shell was used to load in an IRC client, also written in perl. This was fairly easy to detect because the IRC client was very inefficient, and used almost 50% of the CPU resources, even when it wasn't doing much. "top" showed this thing like a flashing red light.
3) I logged into the IRC chatroom with a username similar to the machine-generated hostnames, and watched for a while. He'd issue a command (I think it was "lookat [ip address]" and then all the machines would ping flood whatever the address was.
I cleared everything out of the system, got rid of the scripts (after squirreling away a copy, just in case) and upgraded the CGI image manager with a newer version that wasn't vulnerable. I haven't seen/heard from "senior brasillia" ever since.
But, take 1.5 Mb*200=300 Mb, and that'd take out most small-mid sized servers handily. My best connection is about 70 Mb upstream!
I have no problem with your religion until you decide it's reason to deprive others of the truth.
About a billion dollars? That's what was spent promoting XP in the first place.
That or a little more time. People are figuring out that the insecure part of a PC is MS. They don't and won't hear similar stories from other OS. The "Linux will get owned if more people run it" line is falling flat.
Friends don't help friends install M$ junk.
The October 10 New Yorker magazine has a nice companion piece to this story, "The Zombie Hunters: On the trail of cyberextortionists" by Evan Ratliff. The article describes the tactics of the extortionists and those who track them down or thwart their attacks. Probably nothing new to the /. crowd, but a good read nonetheless. Here's a link.
1 010fa_fact
http://www.newyorker.com/fact/content/articles/05
To the making of books there is no end, so let's get started
I agree that the threat of stiff penalties (like the oft mentioned cutting off a thief's hand) doesn't reduce the crime rate, when so many criminals don't believe that they can be caught (If I am too smart to be caught, why should I worry about the penalty).
However, harsh penalties probably do reduce the recidivism rate, which would have some effect on the overall crime rate. A one-handed thief will probably not be as effective as a two handed thief. An excecuted murderer is not likely to kill anyone else again. (not that I'm advocating capital punishment)
---
"I can't complain, but sometimes still do..." Joe Walsh
10E6 bots? How puny. My botnet is amplified by one to the tenth power!
Another bad one is mandriva, mandriver with a New York accent. The guys who pitched that one were either making fools out of the geeks of that distro or gay proponents.
What are you going to say about yourself when your machine is zombied by someone that finds a hack that you and your antivirus company doesn't know about yet.
The sad thing is, this used to be just simple responsible net use. At the level of "make sure your breaks work before taking your car on the road, and always drive on the proper side of the road." Same deal as with firearms. Or airplanes. Or cranes, jack hammers, and x-ray machines. But somehow with computers (and thank god, only computers) we've drifted into the notion that it's permissible to operate much more complicated equipment with much less basic knowledge.
--MarkusQ
HOW is that comment a Troll?????
I.e. what you have just said has no basis.
That's a bit easy, isn't it? The support for my view is statistics, but you haven't (yet) presented a single point that relies on relevant empirical evidence. I just tried to point out that crime statistics should be taken with a grain of salt; that not to say there is no basis.
OK, back on topic. The problem is that in the division between "those who believe they won't get caught, and the rest", the majority of people beleive they don't get caught. This is not typical for criminals but for all people (consider that most criminals - especially internet related - don't even consider themselves a criminal until they get caught).
This is essentially the reason why higher punishments have limited effect. Even if a speeding ticket could bankrupt you for life, many people would break speeding laws. Primarily, because they think they won't get caught or cause an accident and second because most people don't get caught. A negative side effect of stiffer punishment would be that people will do *anything* not to get caught. It works the same for "real" criminals, hence the high number of deadly highspeed car chases in countries that still have a death penalty. That explains why your line is controversial:
Obviously, stiffer sentencing will deter those who don't believe 100% that they will get away with it
Conversely, if what you were saying is just a fact, all crime would have been solved eons ago. (I mean, our current societies are not the ones with highest punishments, historically.) As - apparently - crime still exists that would mean either that the only criminals left are the ones that think they don't get caught or that your phrase is just not true. In both cases stiffer punishment will not significantly influence crime.
As for you last paragraph: Yes, these people should be punished. Not to prevent others from doing it, but just because they did something immoral and incidentally broke a few laws (not really incidentally, its what the laws are designed for). So I hope that once convicted, they get a fair punishment. Fair does not mean it's just a joke and it does not mean chopping of heads or hands. By fair I just mean reasonable considering what has actually happened.
Nope. If I were offered $5 million to hack a rival company, and the chances of being caught were 50/50 (a very high chance for cybercrime), 6 months in jail wouldn't give me any pause (morals aside).
If I would be in jail for 20 years or life, I'd be a lot more likely to turn it down.
The chances of being caught will affect the amount of crime, but it works best in tandem with punishment that makes the crime not worthwhile.
Last post!
I think we disagree about who is the victim. It isn't the person who's computer is taken over (I would call them an accomplice by virtue of negligence), it's the people against who the bot net was used.
Look at it this way; if there was a sudden fad for leaving loaded guns on the roof of your car when you parked, and street gangs were using them to commit crimes, would you just consider the people who left the guns on their cars victims? Their guns were stolen, after all. Or would you say that they shared some of the responsibility for the crimes?
--MarkusQ
Errrr, wasn't that my whole point?
Yes, these people should be punished
Basically, as far as I can see you agree with me.
I don't understand why you are qualifying why they should be punished. That was never an issue.
Remember - think twice, type once.