Four Years Jail For Bredolab Botnet Author

angry tapir writes "The creator of the Bredolab malware has received a four-year prison sentence in Armenia for using his botnet to launch DDoS attacks that damaged multiple computer systems owned by private individuals and organizations. G. Avanesov was sentenced by the Court of First Instance of Armenia's Arabkir and Kanaker-Zeytun administrative districts for offenses under Part 3 of the Article 253 of the country's Criminal Code — intentionally causing damage to a computer system with severe consequences."

Re:Always clean...

[Trilkin]

That's because it's a scam. That isn't the first time that story's been posted as a first post. Funny how a story about a botnet has a first post from someone probably using a botnet.

What were the consequences

[buchner.johannes]

for the staff in charge of security? (Since there was damage to multiple computer systems, not just unavailability)

Re:What were the consequences

[gweihir]

Nothing. After all, even if you have glass windows, if somebody throws a stone at them you do not share responsibility. Vandalism (and that is what was effectively done) is always 100% the fault of the vandal.

Now, having inadequate security is something else. But the respective laws are still in their infancy.

Re:What were the consequences

Let me give you a more valid window glass analogy. If you had invested in better glass, the kids rock would not have smashed your window.

Plus we're talking about DDoS here. That is not trivial to protect against. Your jab at Microsoft is silly.

Re:What were the consequences

[flonker]

How would you "secure" a system against a DDoS? The only solution is to throw money at the problem. Yes, you can mitigate to some degree, but the numbers get very big very fast regardless.

Quick google turns up "DDoS attack size broke 100 Gbps for first time" from Feb 2011. The only way to prevent 100 Gbps of traffic from drowning your site is to have *significantly* more than 100 Gbps of bandwidth available to you, or to hire someone who does. And even then, someone must pay for that bandwidth.

Another hurdle to overcome is if someone is attacking your application layer, you have to throw CPU cycles (and possibly RAM) at the problem to solve it. If you assume a typical HTTP request of 1k, handling or filtering 100M (or even 1M @ 1Gbps) http requests per second is going to require some hefty hardware. A quick google gives the number 3k requests per second for a typical apache server serving blank pages. You would need 300 web servers to handle 1M requests, and 30,000 to handle 100M requests. Numbers are just ballpark figures, and may be off by an order of magnitude or two, but you get the idea.

In short, protecting against a DDoS is hardly professional neglect. It's a financial decision. Even if you hire someone else to handle it for you, someone eventually pays the price.

Re:What were the consequences

[gweihir]

Indeed. Easy DDoS is a consequence of the design of the Internet. Defense is expensive, but entirely possible. Just talk to Akamai, they can tolerate basically anything that can be thrown at them with only local outages.

That said, even if the target could easily tolerate the DDoS done, the criminal doing it should still be punished.

Re:What were the consequences

[Joce640k]

How do you damage a server merely by sending it too many requests? Surely it should just shut down if it overheats?

People set up servers for a reason - because they want visitors. Shutting them down isn't really a 'cure'.

Re:What were the consequences

[serialband]

And the command and control IRC servers are typically running on linux.

Spam Flood

[MRe_nl]

"Never in the history of Slashdot have so many spam posts been posted by so few in such a short time".

Winston Smith.

(Perhaps triggered by "botnet author" in the articles title?)

damaged multiple computer systems ?

[nurb432]

How does one *damage* a system via a DoS?

Sure, it's uncool and he needs to be in jail, but propagation of false concepts is just as dangerous, if not more...

( reminds me of the 'copyright infringement is theft' propaganda )

Interesting note from the article

[Zontar_Thing_From_Ve]

I am not claiming to personally be the greatest expert on Slashdot of the ex-USSR. However, I do speak Russian reasonably well and I have traveled in the ex-USSR so I do think it's fair to say that I'm more familiar with the CIS countries and the people that live there than most people. I admit to being a bit puzzled to read that Armenia jailed someone. Armenia is seemingly uninterested in joining NATO and the EU and as far as I know they get along pretty well with Mother Russia. Outside of the Baltic Countries (Estonia, Lithuania, Latvia) who are fully integrated into the EU and NATO, laws are weak and corruption is high. I was wondering "Why would Armenia bother to prosecute this guy and jail him, given that in the past the entire CIS has basically never been interested in such?". There doesn't seem to be any political reason (ie. no sucking up to the EU or NATO) at work here. Surely this guy would have been smart enough to just bribe his way out of trouble. Then I noticed this in the article:

One of the attacks that Avanesov was found guilty of instrumenting took place on Oct. 1, 2010, and targeted a Russian telecommunication company called Macomnet.

Ah. He foolishly attacked Mother Russia. Now I understand why he was convicted.