Slashdot Mirror

← Back to Stories (view on slashdot.org)

Man Gets 3 Years for Botnet Attack

Posted by ryuzaki0 on from the nice-job-macgruff dept.

Vobbo writes "Weeks after NANOG subscribers argued whether or not mitigating botnet command and control systems was a worthwhile endeavor, the LA Times reports that the old fashioned method of arresting and prosecuting criminals still works. Prosecutors successfully prosecuted a 21 year old who had conspired to create botnets that attacked the Department of Defense, a California school district, and a Seattle hospital before being arrested. He plead guilty and was sentenced to 3 years of 'supervised release.'"

12 of 89 comments (clear)

  1. Remind me again, why do we need all these new laws by the_leander · · Score: 4, Insightful

    Because it seems to me, that the new legislation isn't worth spit, what is needed, is more manpower available to track, prosecute and breakup such nets.

    --
    regards, the_leander
  2. Re:More sensationalism by Anonymous Coward · · Score: 4, Informative

    "Man Gets 3 Years' Probation for Botnet Attack

    "Editors", feel free to cut and paste."

    FTA: "A man was sentenced to three years in prison Friday for launching a computer attack that hit tens of thousands of computers, including some belonging to the Department of Defense, a Seattle hospital and a California school district.

    Christopher Maxwell, 21, of Vacaville, Calif., was also sentenced to three years of supervised release. "

    I would say the 3 years in prison is more significant than the probation afterwards. Perhaps you should be informed before you start criticizing.

  3. I wonder... by ZeroExistenZ · · Score: 3, Insightful

    ... how this new type (spammers, mailflooders, scriptkiddies, 'hackers', scammers, ...) of jail-citizen are welcomed and threated.

    I often read these kindof things and wonder wherever punishment isn't tooo hard on cybercrime, if you compare the crimes committed to equal the sentence time. It appears out of proportion to me.

    In this case one can argue it's a "conspiracy against the government" or a plot to "attack the US infrastructure". However, I doubt the guy ever planned to start some sortof war with the government, other then showing his discontent or something like that.

    It doesn't really matter how I think about this specific case, but it makes me wonder to what computer crime (and the definition thereof) compares to other crimes? I can see the scammers being up there with fraud, no argue. But I'm sure about the others.

    --
    I think we can keep recursing like this until someone returns 1
    1. Re:I wonder... by legoburner · · Score: 4, Interesting

      I would imagine that since most people dont understand the full effect of the crimes, that they are more influenced by fictional events and representations. In a trial by a Jury or Judge who is not familiar with the exact scope of the technology, perhaps they err on the side of (what they see as) caution and give stricter penalties in comparison to something that is easily understood like burglary.

      --
      Warhammer forums
    2. Re:I wonder... by Konster · · Score: 5, Insightful

      If anything, punishment for IT related crimes are far behind where they should be. In a lot of ways, the internet is the modern equivalent of the lawless west where there are far too many criminals and far too few deputies and effective laws put into place to deal with criminals.

      Same thing in IT right now, lots of easy crimes to commit with few real repurcussions for illegal actions.

    3. Re:I wonder... by tomstdenis · · Score: 4, Insightful

      That's true in a certain sense, but also keep in mind the govt wants to make examples of these people. They may have only DoS'ed the government, but that's a small step to an extortion ring. Let me know when your company is going bankrupt because you have no net presence and thus no customers. See if you feel so liberal about it then.

      That and frankly little script kiddies are not harmless, they're ignorant and there is a difference. The net really depends on the netizens actually playing nice [or at least fair] with one another. When people like this take it upon themselves to affect so many, they deserve an appropriate punishment.

      Tom

      --
      Someday, I'll have a real sig.
    4. Re:I wonder... by PeeAitchPee · · Score: 4, Insightful

      I was gonna mod you down, but I'll be constructive and reply instead.

      Before anyone screams conspiracy or defends this person, RTFA. This guy and his two buddies made over $100,000 from advertisements displayed by their little botnet. His motivation was simple . . . money, which last time I checked is no different that that of the spammers that almost every single Slashdotter would like to see ruthlessly executed and buried in an unmarked grave somewhere. The fact that he attacked (probably because of the indiscriminate nature of his botnet) public infrastructure is somewhat irrelevant other than it means it's easier for them to nail him to the wall 'cuz he got too lazy to look after all of the domains he was targeting. I think if we started vigorously prosecuting MORE of these people, and punishing them with jail times such as these, (US-based) botnet attacks would dramatically decline (as would spam). GO AFTER THE MONEY.

    5. Re:I wonder... by div_2n · · Score: 3, Insightful

      the internet is the modern equivalent of the lawless west where there are . . . far too few . . . effective laws put into place to deal with criminals.

      This argument is exactly what causes new cyber laws to be needlessly written. It's pure balderdash. Theft is still theft, extortion is still extortion, etc. Just because the behavior is done over the wire doesn't make it any less or more of a crime. The only part of the law that might be lacking is extradition where someone in country A launches an attack of some sort on someone in Country B.

      The only thing the internet does is make crime less risky in terms of immediate repercussions. If you rob a bank in person with a gun, all sorts of things can go wrong. If you do it over the wire, you can have your money and be sitting on the beach of a country with no extradition treaties (see above argument) sipping on a cool drink before the authorities even know your name. Even better than that, you can do it from the beach while sipping on a cool drink.

      The internet melts international borders. The law hasn't cought up with that yet. Focus on that and getting better trained law enforcement to deal with cyber crime more quickly. If the law needs to be changed, the only thing I suggest is to make cyber crime default to maximum penalties. You don't need to reinvent the wheel to deal with the same crime that has been around since laws began.

  4. Re:Remind me again, why do we need all these new l by MarkByers · · Score: 3, Insightful

    what is needed, is more manpower available to track, prosecute and breakup such nets.

    Perhaps if the police spent less time investigating fraudulent copyright infringement claims and confiscating a political party's servers they would have more time to chase real criminals. Or was it only in Sweden that the police ignore the criminals and try to hunt down political activists instead?

    --
    I'll probably be modded down for this...
  5. 100k for Installing Spyware? by Elvis77 · · Score: 5, Funny

    My teenagers have managed to install spyware on ALL my computers... little did I know that they could earn a living at it...

    --

    The man in black fled across the desert, and the gunslinger followed (SK)
  6. Re:Remind me again, why do we need all these new l by tomstdenis · · Score: 3, Insightful

    Disabling raw sockets and making people more accountable for their machines may help too.

    I don't care if you get exploited. You should know enough to figure out when it has happened [e.g. your modem goes crazy] and do something about it [e.g. turn computer off]. And why ISPs still let people transmit IP packets with forged src addresses I'll never know. Sure it's technically valid [as far as IP datagrams goes] but the only legitimate use is to DoS something.

    Oh, and a public flogging wouldn't hurt either.

    Tom

    --
    Someday, I'll have a real sig.
  7. Re:Remind me again, why do we need all these new l by Bert64 · · Score: 4, Informative

    Disabling raw sockets in the OS won't get you anywhere, not so long as users are running with full privileges.
    If you disable raw sockets, the backdoors will just start re-enabling them, sending raw ethernet frame instead of raw tcp, or even installing a replacement tcp stack which supports raw sockets properly.

    --
    http://spamdecoy.net - free throwaway anonymous email - avoid spam!