Arizona Botnet Controller Draws 30-Month Federal Sentence

dgharmon writes with word from the BBC that "A U.S. hacker who sold access to thousands of hijacked home computers has been jailed for 30 months. Joshua Schichtel of Phoenix, Arizona, was sentenced for renting out more than 72,000 PCs that he had taken over using computer viruses." Time is cheap: Schichtel admitted to giving access to those 72,000 computers for $1500.

Hmmm

[girlintraining]

Should have incorporated his criminal enterprise into a bank. Then he wouldn't serve any time and the government would bail him out for business expenses. It's rather silly to commit individual crime when corporate crime pays more and there's usually no time served.

Re:Hmmm

[cold+fjord]

It's rather silly to commit individual crime when corporate crime pays more and there's usually no time served.

White collar criminals do indeed go to jail.

Former Chairman and CEO of Kellogg, Brown & Root Inc. Sentenced to 30 Months in Prison for Foreign Bribery and Kickback Schemes

WASHINGTON—Albert “Jack” Stanley, a former chairman and chief executive officer of Kellogg, Brown & Root Inc. (KBR), was sentenced today to 30 months in prison for conspiring to violate the Foreign Corrupt Practices Act (FCPA) by participating in a decade-long scheme to bribe Nigerian government officials to obtain engineering, procurement and construction (EPC) contracts and for conspiring to commit mail and wire fraud as part of a separate kickback scheme, the Justice Department’s Criminal Division today announced.

Former TBW CEO Sentenced to 40 Months in Prison for Fraud Scheme

WASHINGTON—The former chief executive officer (CEO) of Taylor, Bean & Whitaker (TBW) was sentenced today to 40 months in prison for his role in a more than $2.9 billion fraud scheme that contributed to the failure of TBW. At one time, TBW was one of the largest privately held mortgage lending companies in the United States.

Two Former Canopy Financial Co-Founders Sentenced to 15 and 13 Years in Prison for $75 Million Investment Fraud and Raiding $18 Million from Custodial Heath Care Expense Accounts of 1,600 Customers

Allen Stanford Convicted in Houston for Orchestrating $7 Billion Investment Fraud Scheme

WASHINGTON—A Houston federal jury today convicted Robert Allen Stanford, the former board of directors chairman of Stanford International Bank (SIB), for orchestrating a 20-year investment fraud scheme in which he misappropriated $7 billion from SIB to finance his personal businesses.

On June 14, 2012, Robert Allen Stanford, the former Chairman of Stanford International Bank (SIB), was sentenced to 110 years in prison for orchestrating a 20 year investment fraud scheme in which he misappropriated $7 billion from SIB to finance his personal businesses and lifestyle. -- United States v. Robert Allen Stanford et al.
 

Just a sample. Just search for "CEO" to see more. It's not hard to find other examples.

Re:Hmmm

[Hatta]

And yet not one of the CEOs responsible for the epic fraud that crashed the world economy in 2008 has even been arrested, let alone charged and tried.

Re:Hmmm

[wbr1]

Typical. In Virginia, the low end for Grand Larceny is $200. You can spent 20 years in prison for picking up someones netbook.
On the other hand, you can raise funds from investors, buy up companies, bilk the assets as the companies sit neglected and die, the investors, and the emplyes all lose, thousands and jobs and homes and more, while the 'perpetrators' bilk off millions. And we call it 'business' and make it legal.

Re:Hmmm

[Sulphur]

White collar criminals do indeed go to jail.

To improve the jails, they have to send better people there.

Re:Hmmm

[cold+fjord]

And yet not one of the CEOs responsible for the epic fraud that crashed the world economy in 2008 has even been arrested, let alone charged and tried.

Some will go to jail.

Georgia banker gets 12-year sentence for fraud

Mark Conner, former president of the failed FirstCity Bank in Georgia, was sentenced to 12 years in prison and ordered to pay $19.5 million in restitution for his part in several schemes that sunk his and at least 10 other banks.

Conner served in several top positions at the bank between 2004 and 2009. While there, he lied to the bank's board and loan committee for approvals on multimillion-dollar commercial loans to borrowers who were only using the money to buy property Conner and his co-conspirators owned, according to court documents.

He even duped at least 10 other federally insured banks to invest in the fraudulent loans. This way, Conner scammed at least $7 million for himself while shifting the risk to these other firms that eventually failed.

As the financial crisis struck, Conner then tried to unload FirstCity nonperforming loans and foreclosed homes to straw buyers, who were taking out loans from Conner to buy the assets. He then tried unsuccessfully to get a $6 million bailout from the Troubled Asset Relief Program.

Some will be at least inconvenienced.

SEC charges ex-Fannie, Freddie CEOs with fraud

WASHINGTON — Two former CEOs at mortgage giants Fannie Mae and Freddie Mac on Friday became the highest-profile individuals to be charged in connection with the 2008 financial crisis.

In a lawsuit filed in New York, the Securities and Exchange Commission brought civil fraud charges against six former executives at the two firms, including former Fannie CEO Daniel Mudd and former Freddie CEO Richard Syron.. . . .

Unfortunately, the real cause of much of this is beyond the hand of the law:

How The Government Caused The Mortgage Crisis

A sad story:

While Freddie & Fannie Spanked, Dodd Leered

Re:Does anyone else see this as him getting off ea

[Meshach]

Just considering the personal information that could be stored on those machines and possibly accessed by someone with the intent of ID theft. It should have been a month for each machine compromised.

Playing devil's advocate but he did not access the personal information, he provided access. Should an ISP be liable for their customer's actions?

The missing point.

[VortexCortex]

There is a demand for distributed computing. A general purpose SETI@home w/ internet access. If only the operating systems were secure enough to allow individuals to join such a network and give arbitrary control to strangers they could earn a small profit by selling some amount of their unused bandwidth and CPU power. We could actually monetize all our idle CPUs and unreached bandwidth caps. A more sandboxed solution -- like the aforementioned SETI or Folding@Home, etc -- could be marketed by legitimate businesses. It seems a logical conclusion given our need for always on home (media/status) servers to stream our digital properties to us, and the success of "cloud computing".

Unfortunately the law is also not on our side: What if a client uses your Cloud@Home 'server' to download and redistribute "illegal" material? (The same as if a bot-net operator directs your machine to do so today.) We need to address the issue of identity (IPaddr != person) if my distributed machine intelligence system is ever to make the Internet self aware... So long as we would pay it enough to solve hard problems it could pay for it's own distributed computing rent.

With the state of computer security being utterly insecure at nearly every juncture, and our unwillingness to fix the legal risk of us meeting the demand for affordable distributed computing, I think it's only natural that such is done illegally. Do you really want the first global sentient machine intelligence to be a rogue bot-net system? That will surely escalate to (cyber) war. I'd much rather have it be a peaceful, profitable and legal entity. Sadly we'll have the lawyers and lawmakers to blame for bringing about the first man vs machine war.

I could have posted this to the freedom of speach vs child porn story as well.

Re:The missing point.

[tqk]

With the state of computer security being utterly insecure at nearly every juncture, and our unwillingness to fix the legal risk of us meeting the demand for affordable distributed computing, I think it's only natural that such is done illegally.

Hyperbole much? Sue the pants off Microsoft for selling easily p0wned software, or sue the average computer user for not being knowledgable enough to use it.

Should they require an Internet driver's licence? No thanks, very much.

I run (so far) secure FLOSS boxes. Don't blame me for the state of computer security. I don't need any more laws to protect me, as if they could. The vast majority of what's wrong with computer security as it relates to botnets can firmly be placed at Bill Gates and Steve Balmer's door for continuing not to fix it, despite all our protestations on the subject for decades now.

I do distributed computing. I've not been boned. Fancy that.

Re:Does anyone else see this as him getting off ea

[AK+Marc]

Pick the oldest woman infected. Give her a CD of her OS and all the programs she had installed. Tell her to install it to where it's back to where it was. Time her. Sentence him to that time times all the people affected.

Wait, wait, wait

[DavidTC]

Unauthorized access of a computer is a felony. (Doing that for the purpose of selling someone else access like that is probably an additional felony, it looks roughly like conspiracy to me. But let's ignore that.) That is, every single authorized access is a felony.

This guy got 30 months for committing 72000 felonies?

I know jail time doesn't necessarily 'stack', and that unauthorized computer access is one of the lower-class of felonies, and probably supposed to only be a year in jail at most.

But, still, this is completely absurd. That sentence is 18 minutes per felony.

Malware and computer hijacking, is basically the legal equivalent of carpeting a football stadium of people with tear gas. If you did that, you'd be charged with tens of thousands of instances of basic assault (A crime which is roughly in the same ballpark, legally, as unauthorized computer access.) and end up in jail almost forever.

But somehow unauthorized computer access, despite being something that each individual instance is supposed to result in (at least) months in jail, and which does result in months in jail when it's against the wrong person, aka, a big corporation...somehow all that just goes away if you do it against enough people at once via malware.

If I invented a robot that went around stealing from 72000 stores, they wouldn't just laugh and give me the equivalent of five counts of shoplifting in jail time. If I kill twenty people at once, they don't just laugh and say 'Oh, that was really just one instance, let's sentence him for, oh, two murders, that seems fair.'

72000 felonies.

And let's not forget, these have actual victims. Here's a fun question: Would you rather be punched in the face once (Basic assault), or have to reinstall your entire computer? (And, as only 25% of the population has any sort of backup at all, let's pretend you'd lose 75% of your stuff.)

Yeah, I thought so. There's a reason we actually made the law the way we made it, where those two are within the same order of magnitude as crimes. The courts, OTOH, seem to think that some guy hacking a computer server of a powerful company (Which is one computer and hence one felony.) is much much worse than someone hijacking 72000 human-owned computers.