Slashdot Mirror

← Back to Stories (view on slashdot.org)

Mariposa Botnet Authors Unlikely To See Jail Time

Posted by kdawson on from the laughing-all-the-way-to-the-bank dept.

krebsonsecurity writes "Three Spanish men were arrested last month for allegedly building an international network of more than 12 million hacked PCs that were used for everything from identity theft to spamming. But according to Spanish authorities and security experts who helped unravel the crime ring, the accused may very well never see the inside of a jail cell even if they are ultimately found guilty, due to insufficient cyber-crime legislation in Spain. 'It is almost impossible to be sent to prison for these kinds of crimes in Spain, where prison is mainly for serious crime cases,' said Captain Cesar Lorenzana, deputy head technology crime division of the Spanish Civil Guard. ... Spain is one of nearly three dozen countries that is a signatory to the Council of Europe's cybercrime treaty, but Spanish legislators have not yet ratified the treaty by passing anti-cybercrime laws that would bring its judicial system in line with the treaty's goals."

11 of 163 comments (clear)

  1. And prison SHOULDN'T be used for non-violent crime by cbreaker · · Score: 3, Insightful

    Yes, these people should be punished. But I agree with Spain's prison/court system when they say that prison is for violent crime.

    There's other ways to punish people and have them be productive to society, instead of rotting in prison. Sure, there may be special cases, but for the most part if you're not a physical danger to people then there's no need to keep you separated from the population.

    --
    - It's not the Macs I hate. It's Digg users. -
  2. Beats the RIAA lawsuits by Anonymous Coward · · Score: 5, Insightful

    Not going to jail over cybercrime isn't ideal, but I'd take this any day over people being fined millions for downloading a few songs off the Internet. Ridiculous penalties for trivial acts are a lot worse than a few cybercrooks being let go with some large fines instead of jail time.

    (Note: downloading music and videos via p2p is legal in Spain)

  3. Serious crime? by NewWorldDan · · Score: 3, Insightful

    'It is almost impossible to be sent to prison for these kinds of crimes in Spain, where prison is mainly for serious crime cases,'

    Do they grasp the economic impact of these botnets? There may not be any physical violence, but the spam hassels, system cleanup, and DDOS attacks create hundreads of millions of dollars in economic damages. Sure, that's distributed over millions of people, but this sort of macroscopic vandalism is, in fact, a major crime. Throw the book at 'em.

    1. Re:Serious crime? by JSBiff · · Score: 3, Insightful

      "It's stopped now, isn't it?"

      Is it, though?

      How long will it stay 'stopped' if these guys are let out with a slap on the wrist? You don't think they'll just go right back to 'work'? What about deterrence of other 'would-be' identity thieves?

      If someone is offered a 'gamble' with two possible outcomes, one of which is gaining something, and the other of which is just remaining at the same point (that is, no net gain or loss), then it is *irrational* not to participate in the gamble. Now, of course, we have this concept in human society called 'ethics' where we say that you shouldn't do something which hurts someone else, even if it profits you, but these guys have already shown that *they have no ethics*.

      Some number of people will always ignore ethical 'rules', and for those people, you must fall back to simple, rational, economics. In this case, economics doesn't translate directly to money, but rather to the idea of incentives/disincentives.

      Of course, some of those people will still gamble - even if their is a substantial risk of loss, because with online identity theft, fraud, etc, there is always the possibility of a very large payout, just like with drug dealing - you might wind up in jail, or full of bullets, or you might wind up rich. But, at least there is enough possibility of very negative consequences to put most people off from drug dealing.

      Seems to me it's the same with cyber-fraud. Make sure there is the possibility of *very* negative consequences, to make it rational for people to avoid the gamble, even though they do have the possibility of becoming rich.

      Plus, there is plain, simple justice - even if there is no deterrent effect, most of us feel that when someone decides to throw ethics by the wayside, and hurt others, there should be some kind of price to pay.

  4. Gotta admit by zapakh · · Score: 5, Funny

    I was expecting the Spanish Inquisition.

  5. Comment removed by account_deleted · · Score: 3, Insightful

    Comment removed based on user account deletion

  6. Extradition by jbeaupre · · Score: 4, Insightful

    Unless all 12 million pcs were in Spain, they should qualify for extradition. Most likely another EU country, but also the US. Heck, Spain could just shop these guys around if they really want to maximize the pain to these guys.

    --
    The world is made by those who show up for the job.
  7. Re:There SHOULD be existing laws that cover this by MozeeToby · · Score: 4, Informative

    You didn't really undestand the summary. Prison's in Spain are for those who are a physical danger to society. Conning someone out of their money wouldn't land you in jail either, nor would pickpocketing or unnarmed theft. They are non-violent offenders, and there are certainly punishments for those kinds of offenders, it's just that they don't generally involve prison time.

  8. Re:And prison SHOULDN'T be used for non-violent cr by BitZtream · · Score: 5, Insightful

    You can strap tracking devices to them, you can restrict their movements

    Great, how does that help against spammers? They can compute from anywhere.

    you can force them to do community service,

    Unless you pile on so much community service that they can't do anything else than the punishment is far too lacking. You might as well put them in jail since you'll have to support them anyway in order to pile on enough community service to justify letting them off with only it based on their crime.

    you can enforce fines to be taken from their paychecks

    What paycheck? They are spammers, they don't work day jobs and they will just do something under the table if you garnish their wages.

    You seem to think that people should be locked up for behaving in a certain way - because that behavior is a "gateway" to other crimes? Such a tired argument..

    No, you seem to not realize that people need to be punished to deter future crime of this type. None of the things you listed would even slow a spammer down. What you propose is to slap them on the wrist and let them go to do it again.

    These people have taken advantage of millions of PCs, they have essentially burglerized millions of homes, not physically but electronically. They have cost hundreds of millions of dollars to others that they can't pay back in their life time. They've made and stuffed away in various places massive amounts of money for themselves that will never go back to who it was stolen from.

    And you want to 'fine them' ... great, lets treat spammers like we treat CEOs, brilliant fucking idea.

    --
    Persistent Volume manager for Kubernetes - https://github.com/dwimsey/openshift-pvmanager
  9. Not getting it, are we? by cdrguru · · Score: 3, Insightful

    The problem is that most of the world has a very simple disconnect between "stuff on computers" and "stuff that affects them". These folks did nothing to anyone that isn't using a computer. Therefore, for most of the population of the world there was zero impact. Nothing. No difference.

    Now, for a very small minority of people (a few millions out of 6 billion) these people caused trouble. In no way does this justify in the minds of the rest of the population of the world that there should be any laws against what they did.

    For example, if you go outside your house and step on some ants I am sure the ants being stepped on would like there to be a law against stepping on ants. The rest of the ant population wasn't affected and neither was the rest of the human population. So there are no laws against stepping on ants, even if to the ants being stepped on it is a huge life-ending tragedy.

    So for these guys they affected some computer users in a mysterious place outside of the real world. Good luck with convincing anyone that this is all that important.

    In the US you don't get any law enforcement attention until you cause provable damages in excess of $25,000. And if you participate in the "crime" by giving away your password through some trojan program the other person isn't going to be taking all the punishment for stealing from you.

    Face it, you live in a different world than most people. They don't understand your world and you don't understand why yours isn't important to them.

  10. Re:And prison SHOULDN'T be used for non-violent cr by moeinvt · · Score: 5, Insightful

    "And yet another person claiming prison is a deterant. It's NOT. No criminal thinks they are going to get caught. It doesn't deter anything."

    If a criminal is in prison, they are effectively prevented from committing further crimes, except maybe against their fellow convincts. Keeping habitual offenders away from the civilian population is a pretty good deterrant.