Slashdot Mirror
Anonymous Member Sentenced For Joining DDoS Attack For One Minute
jfruh writes "One of the most potent aspects of Anonymous is, well, its anonymity — but that isn't absolute. Eric Rosol was caught by federal authorities participating in a DDoS attack on a company owned by Koch Industry; for knocking a website offline for 15 minutes, Rosol got two years of probation and had to pay $183,000 in restitution (the amount Koch paid to a security consultant to protect its website ater the attack)."
The worst part? From the article: "Eric J. Rosol, 38, is said to have admitted that on Feb. 28, 2011, he took part in a denial of service attack for about a minute on a Web page of Koch Industries..."
no one trusts the "justice" system anymore. One minute of using an automated tool is apparently a worse offense than crashing the economy.
1 minute or 15, you were there, your guilty. Plain and simple. so for me thats not the worst part. It seems to be a fair part if you ask me
These people need to learn what actual violence against them and their property is, so that proportionate responses have value.
If your entire life is going to be ruined for any sort of protest, the natural incentive is to go in for intimidation, murder, arson, whatever to make their lives really hell instead.
Doesn't matter if it was for one minute, one hour or one day. You did the crime, you do the crime. If you rape a woman for one minute, you get sentenced for the same as if you raped her for ten minutes.
This is a stupid and dumb angle to take slashdot. You should be utterly and completely ashamed to even articulate this.
Play stupid games, win stupid prizes.
He admitted to doing something illegal? He got caught and sentenced.
"But officer! My knife was only in his kidney for one second!"
And making examples.
Censoring someone else is never valid. (which is what a DDoS is trying to do)
What about that curl-loader test I did that lasted for two hours?
Oh wait, that was at my job. Never mind, carry on...
The right to offend is far more important than the right not to be offended. (Rowan Atkinson)
never admit...
equals "open the browser, write the url and press f5 multiple times"?
Then wasn't his real crime admitting to being involved? After all, until that point, it could have been someone else using his internet, or spoofing his IP, or that his computer had been compromised and made part of a botnet, etc. And it would seem obvious that the effect on the site would have been no different had he done nothing whatsoever.
Knowingly trying to bring down web sites is a crime. Should we also not arrest people if they only throw one brick through a store window but do not take anything? Should we also not arrest people who kick someone only once when lying on the ground?
A crime is a crime, and the act of committing a crime takes only the moment you decide you are going to commit it. The duration of the actual crime hardly matters when compared to intent.
Also, consider the fact that the minute is only the point they could prove what he did, if he was willing to aid in DDOS attacks who knows how many other people he helped attack in the past?
"There is more worth loving than we have strength to love." - Brian Jay Stanley
and the MPAA issues a successful DMCA takedown (automated) for something they do not own the rights to....nothing happens.
But your honor, I only pulled the trigger for 1 second, 2 tops! While the fine seems FREAKING large I can appreciate that it was tied directly too a purpose. i.e. the amount paid to hire someone to secure the site. But I feel attaching it to the actual value lost (5k) would have been more fair, maybe with a bit extra to be punitive? I imagine that if they caught more people the fine would have been spread out among them? But I don't understand why intent to do harm would in any way be lessened because "I only did the bad thing for a short period of time."
Does this mean any further people found guilty can't be liable for the fine to recoup the consultant's fees?
Of course, they can always go for lawyer and court fees.
1. It is ineffective. The Koch brothers stance that there is some Liberal Conspiracy going on, hacking them and creating a DOS only proves their paranoia, and only makes them more resolved to continue.
2. It could hurt the wrong people. Are you hitting only their data center, or is that data center shared with other organizations as well. I had a job at a placed that hosted Electronic medical records. We had an external hosting site... They also hosted a big evil bank. They DOS the Bank but they also DOS thousands of doctors EMR systems. Granted we had a backup route, but that may not be the case.
3. You put your views on the moral low ground. Are your point so week and irrational that you need to jump into a technological bulling to get your point across.
If something is so important that you feel the need to post it on the internet... It probably isn't that important.
So it's okay to participate for only one minute in a hate crime? Or a murder? Or a Heist? Crime is crime, yes? The whole point of law is defining a line not to cross and once crossed the consequence is provided. Most folks know this and in choosing to commit the crime, are also choosing to accept any consequence.
in another story, a hacker by the name "The Messiah" who claims to be part of Annoymous was denied bail in Singapore.
http://www.channelnewsasia.com/news/singapore/court-denies-bail-for/909492.html
In 1997 David Scott Ghantt was convicted and sent to prison for seven and a half years for only joining in a bank robbery for thirty minutes.
Is it fair that Eric Rosol was asked to pay for something Koch Industries should have done on their own, before being attacked? No. Is it fair that he should be arrested and tried for engaging in civil disobedience? Yes. That's kind of the point of it.
Now you can be convicted for owning a computer that joins in a botnet's DDoS attacks.
Oops-- sucks to be the only one that gets caught.
He's currently on the hook for the whole of Koch's damages, but he can always go after the other members of Anonymous to spread the pain around.
Or, maybe a kickstarter project; surely his brothers in arms would contribute......
The rules of modern day America are pretty simple. You have liberty to do whatever you like, but DON'T FUCK WITH THE OWNERS.
... for offending our rich libertarian overlords.
Bow down before your masters, peon.
Fuck Koch Industries. And fuck the Koch brothers.
There they go again doing everything they can, anyway they can, to scrape more profit.
So one guy has to pay $183,000. Does that mean any other Anonymous members involved in the DDoS attack are going to get the same punishment? It does if the Koch brothers have anything to say about it. 'Cause: profit!
Think about it, the Koch bros. pay some "security consultant" $183,000 to fix the problem. But if they bust a couple of people involved. Not only do they break even, but they make a profit.
These scumbags deserve a lot worse than a DDoS attack. They're all about harsh punishment for people opposed to them and their so-called principles, maybe they need a taste of their own medicine.
It's not enough that they're richer than God, but they actively work to make others poorer through their manipulation of the American political process.
These people need to learn what actual violence against them and their property is
Then you get to learn what ACTUAL violence is, either buy police officer or prison inmate.
Let me know when you want off the not-so-merry-go-round.
If your entire life is going to be ruined for any sort of protest, the natural incentive is to go...
Except that property damage is not protest.
Actions that will ruin my entire life do not "incent" me to act worse, they in fact very much incent me not to ruin my life. It is possible to protest without damaging anyone or anything, a fact that seems lost on many groups these days.
"There is more worth loving than we have strength to love." - Brian Jay Stanley
Homes are private.
Seems you don't understand this intertoobs thing.
... even though the defendant engaged in the activity for only a minute does not change the fact that he committed a crime.
We've seen numerous cases of the justice system being extremely heavy-handed when it comes to punishing cybercrime. But let's not forget that attempting to break or hamper the operation of somebody else's website without their permission is still a crime.
"free speech zones"
;-p
documented government use of provocateurs
documented government infiltration of dissent groups
CCTV drones recording everything happening in public.
NSA illegal collection of data (LOVEINT).
NSA illegal blackmail using illegally collected data (SEXINT).
NSA sharing illegally collected information with preferred partners. (UK, AUS, Israel today. Equifax, debt collection agencies and your employer tomorrow).
You've got nothing to fear if you're doing nothing wrong.
and they are part owners of private prisons so they even make bank off of the prison time as well.
We DDOS web sites all the time here and it's usually for more than 1 minute.
First of all, you'll note I am mainly referring to the comment that the 'worst part" is that he only participated for a minute. You seem to be arguing the worst part is the fine.
I partly agree, however I would also say that computers allow us to magnify actions beyond what we can do physically - just as we can send a message to millions via computer, we can also easily do millions of dollars in damage via computer to. I can't say what the right fine would be but it's probably not proportional to what someone would think one persons fine should be...
"There is more worth loving than we have strength to love." - Brian Jay Stanley
They're a handful of extremely talented computer professionals, a lot of them with ties to industry. Their secret is using idealistic morons like this one instead of getting their own hands dirty. They point in a direction and a million idiots flood it with LOIC or whatever the script kiddie package-du-jour is now, they get to claim the credit with very little risk to themselves.
"An law school professor and former criminal defense attorney tells you why you should never agree to be interviewed by the police. "
http://www.youtube.com/watch?v=6wXkI4t7nuc
It is an old clip and I've never been to sure about the UK use of this information regarding the Silence gives consent maxim of common law.
But I thought Republicans are stupid. How could they possible bring down a website created by the genius Democrats, who are so much smarter than everyone else, and know best how we should all live our lives?
Remember when people burned the books and pamphlets of their political opponents? How well did that work?
If you're annoyed at someone, please don't (D)DOS their site - it just strengthens their point and conviction.
Yeah, Washington needs to be torn down brick by brick.
Congress approval rating: 6% - You're on notice.
Cut, fire, repeal, repeat......
It is just the tip, it doesn't count!
I think one misdemeanor count of accessing a computer without authorization is defensible for downloading a DDoS attack tool and deliberately participating in a DDoS attack.
However, the $183000 in restitution seems excessive; a reasonable person wouldn't run out and spend $183000 on a consultant for a 15 minute DDoS attack (how do you even do that?), so that loss is really the fault of the site owner.
Sure, it's a crime. It's not a $183,000 crime. Proportionality matters.
If I throw a brick through a man's window with the intent of making him think about what if that window was his head. Then breaking the window isn't the real crime, is it? If I run up to someone at a rally and grab their $.40 sign and rip it up so they can't get their message out, then the destruction of the sign isn't the real crime is it? In this case, the owners of the business have views that aren't popular amongst a certain type of morally sure people. The crime here was to bully them off the public stage.
Prohibits excessive fines and excessive bail, as well as cruel and unusual punishment
Slashdot's burgeoning pro-exploit crowd loves cheering these guys on, so how about cheering on his honorable sacrifice of $183K for the cause?
I swear to God...I swear to God! That is NOT how you treat your human!
Was his (second) biggest mistake admitting that he downloaded and used the software, rather than deny and let them try to prove it wasn't a hacker who tapped into his home network?
Interesting corollary is to those who use bittorrent for illegal purposes.. at some point a lawyer and judge can come in and garnish years of your earned wages.
If I were the judge I would have fined Koch $183k just for having a website in such an appalling state that it required $183k to protect it. Seriously, unless it can be proven that it was due to a zero day then any corporation that gets hacked should face an equal fine as those doing any hacking. How will security improve otherwise? This restitution actually encourages firms to have lax security because then they can sue the pants of anyone that decides to hack them.
Since IANAL, I'm just wondering if the various defenses that go along with "mob mentality" could be applied to a DDOS. The concept being that "getting caught up" with the drive and goals of a group has a sort of "group will" that supersedes your own, or something like that. As such, you aren't "fully accountable" for your actions at that time. It probably varies by jurisdiction, but I'm pretty sure there's precedent, and I would think it would be a lot easier to explain in court than "you can't prove that was my IP" or "my computer was hijacked".
--Not to be worried, Pitr fix.
This inspires the glorious future of high frequency prosecution, or the HFP. Finally, a process with due and liquidity!
Today it is $183,000 for participating in a DDOS, covering the costs of a security firm hired previous to the DDOS to protect from the DDOS. Not long ago, it was millions of dollars for supposedly damaging the network of San Francisco, by not giving up the passwords for a week. Add to that Swartz having thirty-years in jail threatened, millions in legal feeds. The computer abuse and fraud laws are the problem. I could kill or rape someone and get off for less. But, apparently, threatening the plutocracy is the worst offense according to the plutocracy.
Rosol got two years of probation and had to pay $183,000 in restitution (the amount Koch paid to a security consultant to protect its website ater the attack).
So if I were caught trespassing on Koch's property would I be liable for the cost of building a new electric fence?
I only threw one firebomb. I shouldn't be held liable for the 5 alarm fire.
He admitted it? Jail is full of innocent people too. Just ask them.
Just as you have to replace a window, and possibly install a security system with a brick through a window - after a DDOS they had to pay to fix the web server and also to improve security in case they were attacked again.
The enhanced security was not needed until someone decided to DDOS them, so begin the first to do so means they are the ones who bear the extra costs of security of the business.
"There is more worth loving than we have strength to love." - Brian Jay Stanley
plea bargaining is a corruption of our justice system
it railroads innocent people into admitting guilt for things they didnt do for fear of wrongful convictions
it allows guilty people to get away with less punishment than they deserve
plea bargaining also requires perjury by both the prosecutor and the suspect, the suspect has to confess to a crime they didn't commit, the procesutor has to charge for a crime they have no evidence for
I'm American, so I speak from experience. The US legal system allows punitive damages. Eric Rosol didn't have to actually go to jail - that was the fair part of the sentence. But US verdicts with insane monetary awards are not unusual. There's the infamous "McDonald's coffee" case which eventually got settled out of court for a never disclosed amount after a jury awarded what almost everybody in the US considered an unreasonable and probably insane amount of money in punitive damages. Jammie Thomas, the last person you'd ever want to fight the RIAA, has gotten a series of shocking judgements against her, far in excess of any real damage that was done by her. I served on a jury once that awarded punitive damages and they're meant to send a lesson to the guilty party and others (this part is key) that there are very real financial costs to certain actions. In this case, the message is clear that people should not do DOS activities or they too may be facing ruinous financial penalties. I haven't followed this case at all, so for all I know like Jammie Thomas, Rosol may be his own worst enemy and perhaps his demeanor in court led to this outcome. Juries really don't like arrogant defendants who insist that they did nothing wrong when the jury feels otherwise. I can tell you from experience that the vast majority of jurors are non-techies and some are actually tech hostile. These kinds of people also get easily swayed by prosecutor arguments that some great evil just happened that must be prevented in the future because they don't really understand what happened. Juries also sometimes get this subgroup of people (roughly 10% of the population by my estimation) who see the entire world in black and white and are obsessed with punishing rule breakers as they see them. These are the people who want draconian punishments for trivial offenses (ie. they'd support the death penalty for people who let a parking meter expire as "That will teach them not do that again!"). Sometimes on juries they are adamant that the "evil doer" has to get a very harsh sentence and if the other jurors really don't care, want to go home, and agree at least that the defendant really is guilty, the other jurors will just agree to large punitive damages so they can get on with their lives. It's difficult to get punitive damages reduced and there's no incentive in the US system for juries to really find a fair verdict. The system just wants them to all agree on the verdict and if 11 people give in to 1 stubborn crazy person, the US system accepts this as the cost for how the system works. The prevailing dogma that gets drilled into all law students and the American public in general is that the US jury system is the greatest of all possible systems and is the cornerstone of our democracy, so nobody on the legal side dares to question whether it really works as it is supposed to or not.
So:
"I was only driving without insurance for a minute."
"I was only over the speed limit for a minute."
"I was only throwing bricks through people's windows for a minute."
"I was only obstructing the police officer for a minute".
"I only tweeted the name of the guy, that the courts ordered to be kept secret until after the trial, for a minute."
Are all valid excuses to get off?
No. He did it. He admits it. And with DDoS, it's perfectly possible to have several million people "only do it for a minute" and still take any site you can point to down through sheer overwhelming of traffic.
The size of his fine - that's up to his legal team to prove the damages caused by his actions were less than he is being required to pay and that it's disproportionate. You can argue that in appeal if you want.
But, fact is, you did it. You meant to do it. You verifiably did it. You admit you did it. And it was illegal to do it. Argue over your punishment but the headline just has me saying "Er, yes, and?"
Good. These liberal terrorists should all get what they deserve.
So bank robbers must also be on the hook for all security guards, surveillance, and the cost of the vault?
So a company waits until they are hit with a DDOS attack before hiring a security company to ensure their website is secure. Then get the people that attacked them to pay for their security upgrade, how is that fair ?
All you people comparing this to breaking a window and saying how the "fine should be the replacement cost of the window" don't know the first damn thing about the law. If one throw a brick through a window, one might have to pay restitution of the replacement cost of the window, but onewill also face possible jail time and a fine.
Let's say someone throws a brick through a $300.00 window:
That is on top of any restitution the court orders. And, if you don't believe me, look it up your damn self.
There is no "-1 offended" or "-1 you don't agree with me" mod options for a reason.
Not the GP and can't speak for them but I agree with you on your statements. Proportionality does matter and the reason for this response is a request for those who are acquainted with the necessary facts and the ability and interest in doing the math: what is the cost to those who have to pay for their bandwidth at assorted rates (seperate please for hosted services, privately maintained services or possibly even individuals not hosting web pages but gets charged per data sent/received) if they happen to have the misfortune of being targeted by a botnet DDOS? After all, there are some services for individuals where it can cost some ISP customers up to $100 or more just to download OpenSUSE for example. And yes, I realize I maybe asking what many will consider a "stupid question" even though we were all told "there are no STUPID questions". Or will all service providers automatically make allowances for that sort of thing?
FTG
in a rape, how many years would he get?
in a robbery, how many years would he get?
in a road rage, how many years would he get?
in a kidnapping, how many years would he get?
in a smash and grab, how many years would he get?
He participated in a felony and got a felony conviction.
Play stupid games, win stupid prizes.
Yes Ladies and Gentlemen of the Jury, my client did intentionally run over those children in the crosswalk, but what you're got to understand is that the collision only lasted for fractions of a second and therefore, you must vote NOT GUILTY!!!!
There's nothing to be gained from a DDoS.
If you want to destroy the Koch brothers (I do), reduce your oil and coal consumption as much as possible, go green.
Convince others to do the same.
You can do a lot more damage to them by getting 10000 people to lay off oil and coal than any DDoS will do.
If I organized a mass call-in to a government number to protest a policy - causing the number to be 'busy' for the rest of the general public - should all of the participants have their lives destroyed? Of course not.
There is no way one minute of participating in a DDOS protest caused $183,000 of damage. The punishment is life-destroying and completely out of line. Juries are stupid and easily manipulated. I can just see their eyes glazing over when the technical terms started flying.
Fuck your fake best-justice-money-can-buy system, America. You're giving the dickweed politicians in my country ideas that they're too dumb to come up with on their own.
Yea, and I only tried to jimmy that lock for a minute. I only tried to break into your house for about a minute. I only raped you for about a minute...
If they visit your website because they want to see what is there, you cannot charge them.
If they know that visiting your site will cause it to crash and thereby do you harm, then yes un theory you could charge them (although probably not taking reasonable precautions would get that thrown out).
"There is more worth loving than we have strength to love." - Brian Jay Stanley
How do they know he was DDoSing the site?
Maybe he was just trying to load the page in Firefox or whatever?
They Broke the Straw Man That Did Not Break the Camel's Back
Sending Them IP Packets along the Public HighWay
Their HighWay is not Your HighWay ,
He Must Be Guilty By Association
Give Him A Red Herring
>A DDoS should be punished with community service; its no different from protesting a store you dislike and making it hard for customers to get in.
Its involves a computer and the internet there for its a much greater crime and must be punished as so and a very important person (corporation) was hurt so its a different level of crime.
by TheSpoom (715771) Uncaring Linux user here. I have nothing to add to this but please continue. *munches popcorn*
From Wikipedia:
Under joint and several liability or all sums, a claimant may pursue an obligation against any one party as if they were jointly liable and it becomes the responsibility of the defendants to sort out their respective proportions of liability and payment. This means that if the claimant pursues one defendant and receives payment, that defendant must then pursue the other obligors for a contribution to their share of the liability.
Joint and several liability is most relevant in tort claims, whereby a plaintiff may recover all the damages from any of the defendants regardless of their individual share of the liability. The rule is often applied in negligence cases, though it is sometimes invoked in other areas of law.
No individual raindrop ever considers itself responsible for the flood.
So, does that mean the Federal Government can collect $183K from all those people who crashed healthcare.gov?
Slow down, cowboy! It has been 4 hours since you last posted. You must wait another few hours.
It was an amount they should have already paid to secure their website. I don't condone the attack, but proper security is not a cost you only pay when attacked. I don't only attach a lock to my door after I have been the victim of a burglary.
Not really in a courtroom, but Winston Moseley, killer of Kitty Genovese, rapist of another unnamed woman during an unsuccessful prison attempt had this to say about his sentence:
"For a victim outside, it's a one-time or one-hour or one-minute affair, but for the person who's caught, it's forever."
Well, there's one DDOS attack that's perfectly legal. Boycott Koch Industries and all their products. Of course it'd take some hunting to find out just what Koch does besides drill for oil, foul the environment and inject tons of money to corrupt the political system to their ends.
Posted from my Android phone. Oh, I can change this? There, that's better...
...Anontards using LOIC from their home/work internet thought they were "helping" and "wouldn't get caught"
Anontards....
so basically, some intarweb ne'er-do-wells knocked over the MPAA's cardstand?
And the judge slapped a over 9000 dollar fine on the one kid dumb enough to get nicked by the filth?
Hardly seems proportionate. Or just.
http://xkcd.com/932/
2 years of probation and $180k is a pretty absurd sentence for what is effectively petty vandalism
n/t
Please see other article, regarding charging your car and getting arrested for $.05...
Other commentators mentioned doesnt matter if its a .05 or $500, same in this case, 1 min vs 30 seconds... its still "damage/theft"
He got what he deserved. Idiot.
See the Teaparty in America, circa 2010
Let this be a lesson to all you boys and girls. The system no longer deals justice.
Do not let them threaten you with huge punishments, unless you do what they say. Remember, if they have real evidence, then why are they wasting time by talking to you?
Keep your mouth SHUT!
Keep your identity ANONYMOUS!
and if accused, deny EVERYTHING.
...in annoying someone with power. When he gets caught, he gets slammed around the head with a high fine and a restraining order. In some countries he'd be smacked around the knees, ribs, spine, and head with an iron bar.
My heart bleeds for him.
From the article: "Eric J. Rosol, 38, is said to have admitted that on Feb. 28, 2011, he took part in a denial of service attack for about a minute on a Web page of Koch Industries..."
You are headed into court and things are looking pretty bleak .
The government is willing to accept a deal on the lesser --- misdemeanor charge --- ending in probation and a fine you won't soon forget and can't be discharged in bankruptcy.
But in return you must admit to the core elements of the offense, which will come back to haunt you later should you ever choose to repeat it.
He admitted to guilt, but it's not fair to hold him completely financially responsible simply because he was the only person they were able to catch and was honest enough to confess.
So it's instead fair to let the victim be uncompensated for the harm done to them if some of the guilty parties are too crafty?
What you call justice for the liable party is injustice for the injured party. We have rules for joint and several liability (used here) and related doctrines like respondeat superior because our civil justice system focuses largely on the principle that the victim must be made whole. If perfect justice cannot be achieved for both, then let the one who has caused the harm bear the pain and not the one he has done harm to.
If it's for-profit but free, you're not the customer -- you're the product (e.g., the Slashdot Beta's "audience").
Double-standard: if it is done against abortion, then it is fundamentalist bigotry and we need stricter bubble zones, even if it is peaceful and non-coercive. If it is done in support to a trendy, politically correct cause such as animal rights then it is freedom of speech and freedom of assembly, even if it is coercive.
Would you support direct action against abortion clinics? Or it is only "freedom of assembly" if it is politically correct and trendy?
Poor kid. Break the law and risk jail and a big fine... wahhhhhhh
If there's an example of what wrath is, this case should be one of the textbook examples.
Twitter supports and protects racists - by smearing their critics with the "Hate Speech" label.
"Hi, I only participated in the murder for one minute..." WTF? So what? He participated in a DDoS and was proven guilty. Whether he was "just" participating for a minute or the whole duration, is immaterial
I may have failed at reading comprehension.
Your original post said:
I interpreted it as meaning that blocking entrance to a store is an acceptable way to protest. I strongly disagree with that and it opened a can of worms in my head. I then mentioned abortion and animal rights as examples of double standard. I just wanted people to be as gentle in their own protests as they demand from protesters they disagree with.
But reading your post again, it does not say that coercion is acceptable expression. Community service is not necessarily trivial.