Slashdot Mirror
Man Gets 3 Years for Botnet Attack
Vobbo writes "Weeks after NANOG subscribers argued whether or not mitigating botnet command and control systems was a worthwhile endeavor, the LA Times reports that the old fashioned method of arresting and prosecuting criminals still works. Prosecutors successfully prosecuted a 21 year old who had conspired to create botnets that attacked the Department of Defense, a California school district, and a Seattle hospital before being arrested. He plead guilty and was sentenced to 3 years of 'supervised release.'"
Because it seems to me, that the new legislation isn't worth spit, what is needed, is more manpower available to track, prosecute and breakup such nets.
regards, the_leander
"Man Gets 3 Years' Probation for Botnet Attack
"Editors", feel free to cut and paste."
FTA: "A man was sentenced to three years in prison Friday for launching a computer attack that hit tens of thousands of computers, including some belonging to the Department of Defense, a Seattle hospital and a California school district.
Christopher Maxwell, 21, of Vacaville, Calif., was also sentenced to three years of supervised release. "
I would say the 3 years in prison is more significant than the probation afterwards. Perhaps you should be informed before you start criticizing.
I would imagine that since most people dont understand the full effect of the crimes, that they are more influenced by fictional events and representations. In a trial by a Jury or Judge who is not familiar with the exact scope of the technology, perhaps they err on the side of (what they see as) caution and give stricter penalties in comparison to something that is easily understood like burglary.
Warhammer forums
My teenagers have managed to install spyware on ALL my computers... little did I know that they could earn a living at it...
The man in black fled across the desert, and the gunslinger followed (SK)
If anything, punishment for IT related crimes are far behind where they should be. In a lot of ways, the internet is the modern equivalent of the lawless west where there are far too many criminals and far too few deputies and effective laws put into place to deal with criminals.
Same thing in IT right now, lots of easy crimes to commit with few real repurcussions for illegal actions.
That's true in a certain sense, but also keep in mind the govt wants to make examples of these people. They may have only DoS'ed the government, but that's a small step to an extortion ring. Let me know when your company is going bankrupt because you have no net presence and thus no customers. See if you feel so liberal about it then.
That and frankly little script kiddies are not harmless, they're ignorant and there is a difference. The net really depends on the netizens actually playing nice [or at least fair] with one another. When people like this take it upon themselves to affect so many, they deserve an appropriate punishment.
Tom
Someday, I'll have a real sig.
I was gonna mod you down, but I'll be constructive and reply instead.
Before anyone screams conspiracy or defends this person, RTFA. This guy and his two buddies made over $100,000 from advertisements displayed by their little botnet. His motivation was simple . . . money, which last time I checked is no different that that of the spammers that almost every single Slashdotter would like to see ruthlessly executed and buried in an unmarked grave somewhere. The fact that he attacked (probably because of the indiscriminate nature of his botnet) public infrastructure is somewhat irrelevant other than it means it's easier for them to nail him to the wall 'cuz he got too lazy to look after all of the domains he was targeting. I think if we started vigorously prosecuting MORE of these people, and punishing them with jail times such as these, (US-based) botnet attacks would dramatically decline (as would spam). GO AFTER THE MONEY.
Disabling raw sockets in the OS won't get you anywhere, not so long as users are running with full privileges.
If you disable raw sockets, the backdoors will just start re-enabling them, sending raw ethernet frame instead of raw tcp, or even installing a replacement tcp stack which supports raw sockets properly.
http://spamdecoy.net - free throwaway anonymous email - avoid spam!