Slashdot Mirror
Man Gets 3 Years for Botnet Attack
Vobbo writes "Weeks after NANOG subscribers argued whether or not mitigating botnet command and control systems was a worthwhile endeavor, the LA Times reports that the old fashioned method of arresting and prosecuting criminals still works. Prosecutors successfully prosecuted a 21 year old who had conspired to create botnets that attacked the Department of Defense, a California school district, and a Seattle hospital before being arrested. He plead guilty and was sentenced to 3 years of 'supervised release.'"
Because it seems to me, that the new legislation isn't worth spit, what is needed, is more manpower available to track, prosecute and breakup such nets.
regards, the_leander
"Man Gets 3 Years' Probation for Botnet Attack
"Editors", feel free to cut and paste."
FTA: "A man was sentenced to three years in prison Friday for launching a computer attack that hit tens of thousands of computers, including some belonging to the Department of Defense, a Seattle hospital and a California school district.
Christopher Maxwell, 21, of Vacaville, Calif., was also sentenced to three years of supervised release. "
I would say the 3 years in prison is more significant than the probation afterwards. Perhaps you should be informed before you start criticizing.
... how this new type (spammers, mailflooders, scriptkiddies, 'hackers', scammers, ...) of jail-citizen are welcomed and threated.
I often read these kindof things and wonder wherever punishment isn't tooo hard on cybercrime, if you compare the crimes committed to equal the sentence time. It appears out of proportion to me.
In this case one can argue it's a "conspiracy against the government" or a plot to "attack the US infrastructure". However, I doubt the guy ever planned to start some sortof war with the government, other then showing his discontent or something like that.
It doesn't really matter how I think about this specific case, but it makes me wonder to what computer crime (and the definition thereof) compares to other crimes? I can see the scammers being up there with fraud, no argue. But I'm sure about the others.
I think we can keep recursing like this until someone returns 1
what is needed, is more manpower available to track, prosecute and breakup such nets.
Perhaps if the police spent less time investigating fraudulent copyright infringement claims and confiscating a political party's servers they would have more time to chase real criminals. Or was it only in Sweden that the police ignore the criminals and try to hunt down political activists instead?
I'll probably be modded down for this...
My teenagers have managed to install spyware on ALL my computers... little did I know that they could earn a living at it...
The man in black fled across the desert, and the gunslinger followed (SK)
Disabling raw sockets and making people more accountable for their machines may help too.
I don't care if you get exploited. You should know enough to figure out when it has happened [e.g. your modem goes crazy] and do something about it [e.g. turn computer off]. And why ISPs still let people transmit IP packets with forged src addresses I'll never know. Sure it's technically valid [as far as IP datagrams goes] but the only legitimate use is to DoS something.
Oh, and a public flogging wouldn't hurt either.
Tom
Someday, I'll have a real sig.
No, friend, it's not just in Europe. I've driven down streets on the West Side of Chicago, watching police give parking tickets while open-air crack cocaine markets operate in clear view not 100 feet away.
It's not about crime and safety, it's about power and revenue.
A reminder to Americans: there's an election in a few months.
You are welcome on my lawn.
I mean, that guy deserved that sentence, if he had been half clever he would have claimed he did that to collect evidence against pedophiles. And he would've gotten money from the FBI instead !
I have discovered a truly marvelous proof of killer sig, which this margin is too narrow to contain.
Disabling raw sockets in the OS won't get you anywhere, not so long as users are running with full privileges.
If you disable raw sockets, the backdoors will just start re-enabling them, sending raw ethernet frame instead of raw tcp, or even installing a replacement tcp stack which supports raw sockets properly.
http://spamdecoy.net - free throwaway anonymous email - avoid spam!
That's not what a raw socket is...
A raw socket is basically an IP socket where you get to form the IP header and payload however you want. You can then send things like ICMP packets with the incorrect src address. Or you can issue TCP connect requests with the wrong address, etc...
Running httpd on port 81 is still a TCP/IP socket. You'd be sending out a valid src address and the like.
Tom
Someday, I'll have a real sig.
No, ***ISP***es should disable raw sockets.
E.g. your address is 70.3.44.8, if your IP packets don't have that in the src address then null-route the sucker. Boom, no more anonymous DDoS as the zombies will be trackable and then can be held accountable.
Tom
Someday, I'll have a real sig.
ISP. It's actually a really simple iptables or PF filter. On the gateway that serves [say] 70.8.4.0/24, you just reject all packets where the src address doesn't match.
If you want to get more fancy you could make sure ip associates with the MAC address. But generally if you can track a DDoS participant to an ISP gateway you can narrow it down from there if it's still active [or if you keep stats].
Tom
Someday, I'll have a real sig.
Actually, this is a supervised release deal. He will have to report to his probation officer, submit financial information each month, possibly take random drug tests, and in general stay out of trouble. If he causes mayhem again, they can (but don't have to) impose that 3 year prison sentence.
So assuming that he stays out of trouble, then yes, the sentence is probation.
Forget this. In memorial.
"Supervised release"=="probation". They are assigned a probation officer to monitor the convicted to ensure they are living up to the conditions of their probation. One infraction of their probation sends them back to complete the full term of their sentence. Depending on the conditions, it can range from home confinement type (where they wear a tracking device and have frequent call-ins) to where they report in to the probation officer once a week or so. It depends on what the court orders. Another thing about probation...If the convicted breaks any law outside of their probation terms, the probation ends. This means that if this guy were to sell drugs, for example, while on probation for this then back to the slammer he goes.
It is a way to decrease the populations of already crowded prisons. Probation and parole are about the same thing with the exception that parole is granted by a parole board and probation is granted by the court. In short, parole isn't guaranteed to let them out early where probation is.
All in all, he got a light sentence compared to what he could have gotten for the DoD affair. He should count himself lucky he isn't in Gitmo with the rest of the "terrorists".
B.
This is a sig. This is only a sig. Had this been an actual sig you would have been informed where to tune for more sigs.
I violently agree with what essentially we are both saying! hahahaha.
...
Yeah, admitedly it would be ideal to do the PF matching in hardware to reduce latency. Hell, I'd be for just doing it in the modems themselves. Make the damn thing locked and most zombie'ed machines wouldn't be able to work around it.
But that's costly as millions of people have modems already. There are fewer gateways than there are modems so
This is just like the spam problem. A simple solution is hashcash but nobody seems to want to actually implement it. Oh well.
Tom
Someday, I'll have a real sig.
And good for it, too. The "war on drugs" is a sham, possession of crack is a victimless crime that the police should ignore whenever possible. People parking everywhere is a fucking nuisance.
Slashdot: providing anti-social weirdos a soapbox, since 1997.
Meanwhile he can do whatever the hell he wants, as he is likely to see his PO maybe once every three months.
I was in for armed bank robbery and rarely saw my PO. Fill out the form once a month and that's it. If you have no history of drugs, you won't even take drug tests. Oh, yeah, he might have to go to a bottom of the barrel shrink once a week for "therapy" - that's the biggest annoyance.
In essence, he got away with it. Supervised release is an annoyance, nothing more.
Richard Steven Hack - This sig is TOO GODDAMN SHORT TO DO ANYTHING USEFUL WITH! MORONS!
He messed up a lot of people's machines, and he did it for money. I don't have a lot of sympathy, beyond a certain awe at the degree to which he is fucked. His life is pretty much over.
His probation stipulations will probably include not using computers, which when coupled with a felony conviction means he's going to be pretty much fucked in the job market when he gets out. Unless he has a whole bunch of other talents, like, being a Master Chef or something. He is therefore saddled with an unpayable debt. Even if he does pay it off, that's the equivalent of one whole house he won't get to buy. And that has repercussions down the line - who's going to hook up with a jobless loser with insurmountable debt? Added on top of the usual computer geek dating handicap, that's crushing.
He didn't think about the consequences when he attacked 400,000 machines. He probably didn't know he was hitting DoD networks and a hospital. Well, I'm not sure that attacking 400,000 home users wouldn't have still qualified him for this massive pain. Doing evil to a lot of people just because you can and get paid for it merits this kind of response.
A cleanup like he forced is expensive.
Folks - if you are interested and curious about computer security, set up a lab and 0wn the boxen therein to heart's content. Don't fire lots of live ammo indescriminately in densely populated neighborhoods, you dig? You can probably get in on a Capture the Flag haxoring event at a con near you on a nicely isolated network set up for the game. Win a Defcon CTF and I'll have a lot of respect. Being just another botherder does not show any impressive skeelz.
I suggest you take a closer look at the facts in this situation. The police confiscated all the servers at the ISP. Pirate Bay, Pirate Party, and every other server hosted at the ISP. It was not an attempt to shut down the pirate party, it was a clear instance of attempting to intimidate ISP's into not hosting Pirate Bay. The Pirate Party and the Pirate Bay share several things, but servers is not one of them, nor is one a direct affiliate of the other.