Slashdot Mirror

← Back to Stories (view on slashdot.org)

Anonymous Member Sentenced For Joining DDoS Attack For One Minute

Posted by Unknown on from the are-you-serious dept.

jfruh writes "One of the most potent aspects of Anonymous is, well, its anonymity — but that isn't absolute. Eric Rosol was caught by federal authorities participating in a DDoS attack on a company owned by Koch Industry; for knocking a website offline for 15 minutes, Rosol got two years of probation and had to pay $183,000 in restitution (the amount Koch paid to a security consultant to protect its website ater the attack)." The worst part? From the article: "Eric J. Rosol, 38, is said to have admitted that on Feb. 28, 2011, he took part in a denial of service attack for about a minute on a Web page of Koch Industries..."

37 of 562 comments (clear)

  1. And they wonder why... by TerminaMorte · · Score: 5, Insightful

    no one trusts the "justice" system anymore. One minute of using an automated tool is apparently a worse offense than crashing the economy.

    1. Re:And they wonder why... by IanGrant604 · · Score: 5, Insightful

      Where's the "Like" button? There's just something egregiously wrong when you can be fined $183,000 and get two years probation for something like participating in a short-lived denial of service attack. That's a wildly disproportionate punishment!

    2. Re:And they wonder why... by FriendlyLurker · · Score: 5, Insightful

      The tiered justice system is working exactly as intended. Most of us are just on the wrong tier...

    3. Re:And they wonder why... by sycodon · · Score: 5, Informative

      Not one mention of Republicans in that link.

      So, you are just guessing? Hoping? Accusing?

      We know you are lying, that's plain to see by visiting the link.

      Or, you are just being a dick.

      --
      When Fascism comes to America, it will call itself Anti-Fascism, and tell you to give up your guns.
    4. Re:And they wonder why... by aeranvar · · Score: 5, Interesting

      I wonder how long it will be before a company attempts to make a DoS case against someone for visiting a site once. I could see the prosecutor in the Aaron Swartz case trying this. He was conducting a denial of service attack simply by visiting the download site for those academic journal articles. It just wasn't a very good DoS attack.

    5. Re:And they wonder why... by Richard_at_work · · Score: 4, Interesting

      How do you make that comparison? Just a few months ago JP Morgan was fined $14Billion by US and UK regulators for its involvement in various dealings leading up to the crash. So far, nearly $100Billion in fines has been handed out across the US and EU for suspect deals that contributed to the financial climate prior to the crash.

    6. Re:And they wonder why... by mobby_6kl · · Score: 5, Funny

      >Where's the "Like" button?

      That's the "Insightful" or "Interesting" option, which you don't have but I do. Oops!

    7. Re:And they wonder why... by GameMaster · · Score: 5, Insightful

      $100 Billion may sound like a lot to you but that doesn't mean it's meaningful in regards to the actual damages done. More often than not when massive horrible things are done by Corporations (the crash of the financial/real estate markets, the Gulf oil spill, etc.) large corps get hit with penalties that look massive to an individual but actually only represent a small part of the true cost of restitution and only represent a day or two of operating profits at most for the company.

      What happened in the story is so astonishingly unjustly inverted from that scenario because, in contrast, this guy was hit with the entire cost of the damages (even though he was only a tiny contributor to the actual crime, and that penalty probably represents many years worth of profits for him (minus the basic costs of living and taxes). It would be like fining JP Morgan all the Trillions of dollars that were estimated to have been lost throughout the economy because the courts didn't feel that they were likely to be able to clearly identify any of the other big players in the crime. Then, for good measure, make it so that the costs of litigating appeals of that verdict would be so expensive that it was guaranteed to drive the company into complete bankrupts (since even if this guy has a decent job and was able to afford a non-state appointed attorney for this trial it's unlikely he'll be able to hire a highly competent set of lawyers throughout the entire appeals process in the same way major companies to in order to successfully drive down the original, already too small, fines they are hit with).

      --

      Rules of Conduct:
      #1 - The DM is always right.
      #2 - If the DM is wrong, see rule #1
    8. Re:And they wonder why... by anagama · · Score: 5, Informative

      http://www.rollingstone.com/politics/blogs/taibblog/nobody-should-shed-a-tear-for-jp-morgan-chase-20131025

      • First of all, the settlement, as the folks at Better Markets have pointed out, may wipe out between $100 billion and $200 billion in potential liability -- meaning that the bank might just have settled "for ten cents or so on the dollar." ...
      • Moreover, the settlement is only $9 billion in cash, with $4 billion earmarked for "mortgage relief." Again, as Better Markets noted, we've seen settlements with orders of mortgage relief before, and banks seem to have many canny ways of getting out of the spirit of these requirements. ...
      • There's also the matter of the remaining $9 billion in fines being tax deductible (meaning we're subsidizing the settlement), and the fact that Chase is reportedly trying to get the FDIC to assume some of Washington Mutual's liability.
      • But overall, the key to this whole thing is that the punishment is just money, and not a crippling amount, and not from any individual's pocket, either. In fact, the deal that has just been completed between Chase and the state represents the end, or near the end, of a long process by which people who committed essentially the same crimes as Bernie Madoff will walk away without paying any individual penalty. ...
      • A few more notes on the deal. This latest settlement reportedly came about when CEO Jamie Dimon picked up the phone and called a high-ranking lieutenant of Attorney General Holder, who was about to hold a press conference announcing civil charges against the bank. The Justice Department meekly took the call, canceled the presser, and worked out this hideous deal, instead of doing the right thing and blowing off the self-important Wall Street hotshot long used to resolving meddlesome issues with the gift of his personal attention.
      --
      What changed under Obama? Nothing Good
    9. Re:And they wonder why... by krygny · · Score: 4, Insightful

      Why is someone who uses legal tax exemptions the one to blame? How about the congresspukes who add 4,000 pages of exemptions, credits and penalties to the tax code every year?

      Taxes are not merely intended to take in revenue. You don't need 80,000 pages to do that. The principal purpose of the tax code is to control, or at least influence "behavior". And we all know what the IRS is for.

      --
      Research shows that 67% of those who use the term "research shows", are just making shit up.
    10. Re:And they wonder why... by AIphaWolf_HK · · Score: 5, Insightful

      That's not justice at all, like the other one said. If police are too incompetent, or it is unfeasible to catch most people who commit a certain crime, they can't (or rather, shouldn't) punish those they do catch much more severely simply because they can't catch other people who commit said crime. Justice > security.

    11. Re:And they wonder why... by SecurityTheatre · · Score: 5, Insightful

      Oh, you're falling into the Austrian Economics trap of thinking of everything as a rational system.

      People aren't rational. People who are violating the law especially aren't rational.

      There is ample statistics that show increases in penalties do not have a linear impact on crime on any macro scale and in many cases, increases in punishment result in no net increase in compliance.

      They do, however, from a utilitarian view, impact the overall good generated by the justice system.

      Therefore increasing penalties shows a diminishing return (and a rather rapid one, in my view).

      I view a 1 minute DoS attack as roughly akin to orchestrating one minute of blocking the entrance to a store (or maybe multiple stores). Such an act, while punishable by a trespassing fine, probably on the order of $100-$500, the "online" equivalent of $183,000 and two years probation does not match the act, especially when he was one of only several thousand people doing the same thing.

      There are a few countries in the 1960s and 1970s that adopted the policy that there is no social justification for "making an example" of someone, and that the purpose of the justice system is rehabilitation and fair application of rules, rather than vindictive retribution, catharsis for victims, or the attempt to squash crime through draconian punishments.

      Those countries (Norway, Denmark, Korea, New Zealand) stand in contrast to those countries who adopted a policy of "tough on crime" during the same period (the US, Britain, France). Looking back, the crime rates in these countries diverged, and today we find those countries with liberal justice systems having seen their crime rate drop much faster than those with draconian justice policy.

      Sure, this is anecdote, but I don't buy vengance or harsh deterrence as justified reasons for rolling out the stocks on the few people who are caught at a relatively rare crime.

    12. Re:And they wonder why... by someSnarkyBastard · · Score: 4, Insightful

      ...create civil disobedience and not get caught.

      Then you are missing the point of civil disobedience. You are supposed to get caught, especially in places like the US where LEOs like to have a bit of theatricality in perp-walking someone out to the squad car. You want all the attention you can get, that's the point, you are calling attention to something you believe to be wrong.

    13. Re:And they wonder why... by ultranova · · Score: 4, Interesting

      D=P*S-B, or Deterrence = (Probability of getting caught) * (Severity of punishment) - Benefit.

      Since very few participants in a DDoS get caught, the punishment must be severe to have much deterrence.

      The actualy formula for deterrence (0 - expected utility) is: Deterrence = (Probability of getting caught) * (Severity of punishment) - (Benefit) * (1 - (Probability of getting caught)).

      This doesn't actually work for three reasons:

      1. 1. People are bad at estimating probabilities, so low probs get rounded to zero.
      2. 2. People don't like to think bad things, so the more severe the punishment, the less likely the potential criminal is to imagine it being applied to him - robbing it of much or all of its power.
      3. 3. If you are hated, for example because you are perceived to be an unjust tyrant who hands over disproportionate punishments to compensate for incompetent police, the Benefit will go up, since people want to oppose you.

      Even ancient Rome, where conservatives demanded criminals be crucified and bleeding-heart liberals merely fed them to lions, never ran out of them.

      Another way this is misleading is that the lifetime of debt slavery - what the $183,000 amounts to - is not considered the punishment. 2 years probation is the punishment; $183,000 is "damages". Thus what we have here is an example of a rather nasty loophole in the law, where the main part of a punishment is not subject to normal lawmaking process but is rather ordered by the judge on a case-by-case basis. This leads to exactly this kind of perversions.

      Compare: if my dog took a dumb in your lawn, would I be quilty and should I clean it up? Absolutely. If you then spent $183,000 to dog-proof your yard, should I pay for it? Of course not, that's crazy. Except that's exactly what happend here.

      --

      Forget magic. Any technology distinguishable from divine power is insufficiently advanced.

    14. Re:And they wonder why... by CohibaVancouver · · Score: 4, Insightful

      That's the "Insightful" or "Interesting" option, which you don't have but I do. Oops!

      Not to be confused with the [I Disagree] option, which is labelled "Troll" and/or "Flamebait."

  2. Importance by fluffythedestroyer · · Score: 5, Insightful

    1 minute or 15, you were there, your guilty. Plain and simple. so for me thats not the worst part. It seems to be a fair part if you ask me

    1. Re:Importance by WillAdams · · Score: 5, Interesting

      Financial penalties should be proportional:

        - how many others participated in this DDOS? divide by that number
        - how long were other machines involved in this? divide by that time
        - how fast was his internet connection in comparison to the others? divide by that

      He admitted to guilt, but it's not fair to hold him completely financially responsible simply because he was the only person they were able to catch and was honest enough to confess.

      --
      Sphinx of black quartz, judge my vow.
    2. Re:Importance by Anonymous Coward · · Score: 4, Interesting

      Charging the defendants with the cost of 'fixing' their web site is bogus, because they should have had that done in the first place to prevent themselves from being open to attack

    3. Re:Importance by Anonymous Coward · · Score: 5, Insightful

      Charging robbers for the cost of replacing doors is bogus, because the home owner should have installed steel vault doors in the first place to prevent themselves from being open to attack.

    4. Re:Importance by halltk1983 · · Score: 4, Insightful

      Most robbers don't pay to fix the homeowners homes. Nor do they pay for the homeowners to install security systems, or hire a security guard to patrol the premises.

      --
      Watch for Penguins, they eat Apples and throw rocks at Windows.
    5. Re:Importance by jedidiah · · Score: 5, Insightful

      Even under that model an absurdly high number is still an absurdly high number. He can never repay it. Thus it will never be repaid. The "punitive benefit" of that number is entirely bogus.

      Justice is never served by an unreasonably high number.

      It's far more likely to increase disrespect for the law.

      --
      A Pirate and a Puritan look the same on a balance sheet.
    6. Re:Importance by ganjadude · · Score: 4, Insightful

      Some could argue that a DDoS is nothing more than "freedom of assembly" A modern day sit in if you will

      --
      have you seen my sig? there are many others like it but none that are the same
    7. Re:Importance by MikeBabcock · · Score: 4, Insightful

      A DDoS should be punished with community service; its no different from protesting a store you dislike and making it hard for customers to get in.

      --
      - Michael T. Babcock (Yes, I blog)
    8. Re:Importance by SuricouRaven · · Score: 5, Interesting

      There's an old expression: Might as well be hung for a sheep as for a lamb.

      Roughly meaning: If the punishment for a minor crime is going to ruin you, why stop at minor? Go for something serious. They can't make the punishment any worse.

    9. Re:Importance by sumdumass · · Score: 5, Interesting

      I don't know why you were modded down. In my home town, as a prank arouns graduation, the seniors would dump liquid soap in a fountain so it would bubble all over the place. It was visible on the main drag. Another aspect was putting that art celulous over the lights illuminating it to match the school colors (blue and gold). It took about 50 graduates in order to do it without getting picked up by the cameras. One year, they put sensors in the foutain that went off when the soap changed the ph levels enough alerting the city to what was happening. Out of about 100 students that participated 6 where caught- 4 who hadn't even dumped the soap yet and they had to pay for the entiee security theator that ensued for a midemeanor act of mischief. The sad part is that this had happened for so long, everyone thought the city was in on it and we just needed to watch out for the caretaker who would be upset because he had to clean it later.

      I learned then that you aren't 2% guilty. If you participate, you are 100% liable and that liability includes what they spent in response to your actions. This was back in the late 80s early 90s. Nothing new with this kid outside of what was vandalized.

    10. Re:Importance by sumdumass · · Score: 5, Informative

      Actually they do. Had a meth head that kept breaking into my fathers garage and stealing tools to pawn. Installed some cameras and actually caught some kid about 15 or so doing it. The judge orderd him to pay for the cameras plus all the tools stolen over the 5 or 6 break ins. We sued his parents and got a judgement for $15k in all.this was around 2000 or so. It covered the instalation of the security system, cameras, and time taken off work to rush homr and see what was stolen this time.

    11. Re:Importance by anagama · · Score: 4, Interesting

      A salient example of s/sheep/lamb/ is the drug war which has become ever more violent over time as penalties for getting caught become ever more draconian. If you're going to do a life (or close to it) sentence for getting caught, might as well just kill the person trying to catch you or witnessing what you are doing, and improve your chance of remaining free.

      --
      What changed under Obama? Nothing Good
  3. These people by i+kan+reed · · Score: 4, Interesting

    These people need to learn what actual violence against them and their property is, so that proportionate responses have value.

    If your entire life is going to be ruined for any sort of protest, the natural incentive is to go in for intimidation, murder, arson, whatever to make their lives really hell instead.

  4. No, the worst part was joining in the attack by SuperKendall · · Score: 5, Insightful

    Knowingly trying to bring down web sites is a crime. Should we also not arrest people if they only throw one brick through a store window but do not take anything? Should we also not arrest people who kick someone only once when lying on the ground?

    A crime is a crime, and the act of committing a crime takes only the moment you decide you are going to commit it. The duration of the actual crime hardly matters when compared to intent.

    Also, consider the fact that the minute is only the point they could prove what he did, if he was willing to aid in DDOS attacks who knows how many other people he helped attack in the past?

    --
    "There is more worth loving than we have strength to love." - Brian Jay Stanley
    1. Re:No, the worst part was joining in the attack by rich_hudds · · Score: 5, Insightful

      You don't get fined $183,000 for throwing a brick through a window though.

      It's supposed to be a justice system, and that fine is clearly unjust.

    2. Re:No, the worst part was joining in the attack by harvestsun · · Score: 5, Insightful

      Yes, we should arrest people that throw a brick through a window. But we should fine them the price of the window, not the price of hiring an elite security team to protect the window from future brick attacks.

    3. Re:No, the worst part was joining in the attack by IanGrant604 · · Score: 5, Interesting

      Proportionality is important, too. His punishment was wildly out of proportion to the offense.

    4. Re:No, the worst part was joining in the attack by DarkOx · · Score: 4, Insightful

      Two things should happen when you toss a brick through a store window. First the owner or perhaps the state on the owners behalf should initiate a civil proceeding against you where minimally upon being found liable be compelled to pay the full replacement and installation costs of a new window. Additional you might reasonably be expected to compensate the owner for the temporary loss of use of his property while the windows is being repaired. You must compensate for the harm to the owners property.

      Then a criminal charges should be brought against you because its not in societies interest to have people thinking they can go around and break windows. Given throwing bricks through plate glass in public places has a high probability of injuring others that penalty too should be not insignificant. When its all said and does committing a senseless destructive act of vandalism like that should set you back a few thousand dollars; in the interest of justice.

      Now lets think about the DDOS attack. Its vandalism pretty similar; but unless you are DDOS a hospital, public utility, or some government sites and similar there is basically no probability of anyone getting hurt as a direct consequence. So if anything the harm is automatically much lower. Unlike the window your computer is still perfectly fine once the DDOS is over and done with. So we are really down to society wanting to discourage vandalism and the short term loss of the use of property. Seems to me the penalty might be tied to the revenue the site nominally generates during the period for the owners and a little wrist for society to remind you not to be a prick.

      183K is way out of line for 60 of participation in a DDOS, even if your hitting a site like Amazon.

      --
      Repeal the 17th Amendment TODAY! Also Please Read http://www.gnu.org/philosophy/right-to-read.html
  5. But when the situation is reversed.... by ikedasquid · · Score: 4, Insightful

    and the MPAA issues a successful DMCA takedown (automated) for something they do not own the rights to....nothing happens.

    1. Re:But when the situation is reversed.... by real+gumby · · Score: 4, Funny

      Your subject line raises an interesting point: I'd never before recognized that the Koch brothers' advertising and astroturfing is just a DDoS of the airwaves (and public discourse).

      I already knew it is evil, but this takes it to a new level!

  6. Re:Actual Violence by Hatta · · Score: 5, Insightful

    Then you get to learn what ACTUAL violence is, either buy police officer or prison inmate.

    His point is that this fellow is learning what ACTUAL violence is, by police officer and prison inmate, for doing nothing more than sending TCP packets.

    Except that property damage is not protest.

    Two things: A DDOS is not property damage. And are you claiming the Boston Tea Party was not a protest?

    It is possible to protest without damaging anyone or anything

    It's not possible to effectively protest anything in todays America. You can have your say all you want inside free speech zones, but you'll never be heard. What good is a phone call if you are unable to speak?

    --
    Give me Classic Slashdot or give me death!
  7. Re:You Got Caught, Case Closed by GameboyRMH · · Score: 5, Insightful

    This is ridiculous. He didn't rape anyone. He didn't hurt anyone. He rapidly requested web pages for 1 minute, slightly contributing to a computer bogging down. In a less batshit-crazy, less rabidly corporatist world, this would carry a punishment on par with dropping a cigarette butt on the street.

    --
    "When information is power, privacy is freedom" - Jah-Wren Ryel