Slashdot Mirror
UK Arrest Over Xbox Live and Playstation Network Outages
An anonymous reader writes Neowin.net is reporting the arrest of one Vincent Omari, a UK citizen [see also this Daily Mail story from a few days ago mentioning Omari], in the Christmas Day DDoS attacks on Sony's PSN and Microsoft's XBL systems: "In documents sent to Neowin, Vinnie Omari has been accused of 'hacking of the Playstation Network and Xbox Live systems over the Christmas Period'... While this is the first arrest related to the recent service disruptions, it may not be the last... In further conversations with those who are familiar with the investigation and the arrest, Omari believes that the police will not find anything of substance on his computers. His alleged crime is that he helped coordinate the DDOS attack on the service."
No, missuse of a computer system is a criminal offence. And yes, there was effectively destruction of property, and you heard of it.
You can protest outside of a business, but if you are physically stopping people from entering the building the answer is yes you can be arrested. Protesting is making your feelings known, not forcing your will on them.
iRepairIT - iPhone, Mac, & PC Repair
Well there's your problem.
Britain - and many other countries - have laws that say you can't DDoS.
The U.S. has similar laws;
http://en.wikipedia.org/wiki/C...
As for the hypothetical McDonald's case - they can most certainly call the cops on you and have the cops escort you away from the premises if you're actually stopping them from entering the store, and not just trying to persuade them not to. This also applies in the U.S. You can picket - but you can't block the entry. UK law is a bit more strict and you can probably easily slip into the "disturbing the peace" clause. It is the UK after all.
Whether or not you feel that you'd be made a spectacle out of is probably dependent on whether or not this would make the headlines around the world; because the arrest of this guy wasn't exactly with a pre-planned media circus to get a bunch of paparazzi try and take pictures while they shot gas grenades through the windows, busted down the doors with semi-automatics and then triumphantly led him outside with a bag over his head proclaiming "ladies and gentlemen, we got him".
Instead, they got a warrant for his arrest, they arrested him, reported on that arrest as they would any other, and oh hey look at that - he's already released on bail. Yawn.
When you blocked McDonalds by flooding all the highways with a 12" deep layer of molasses, it would probably be considered equally damaging.
There is a discernible monetary loss. How much was lost in revenue where customers could not pay for services? How much was lost from cancellation of services because of the outage? How much was spent for network and systems administrators to work on it, beyond their normal workload?
And then ... How much was lost by other companies impacted by degraded network capacity due to the network traffic?
I'm sure those numbers were easily in the millions. Those won't be the all inclusive questions either. I'm afraid to even ponder how big the final figure will become. It could involve seemingly unrelated companies, who lost sales because their VoIP traffic was on one of the over-utilized circuits.
Serious? Seriousness is well above my pay grade.
They committed fraud on Paypal, they carried out a bomb scare on a flight a Sony exec was on and they committed offences under the Computer Misuse Act.
Get your head out of your arse and try acting like a grownup if that's at all possible.
I only please one person per day. Today is not your day. Tomorrow isn't looking good either. - Scott Adams
To be fair, I'd label a DDOS attack as vandalism + opportunity cost loss, and only criminal if someone's safety is / was at risk.
Owning or controlling a botnet should be more serious than spamming game servers. Trespassing and theft.
So, in your thinking, a shoplifter being arrested is an action to protect the corporation that 1 makes the item, and 2 the corporation selling the item. Not one of enforcing the law? lol com on man......and if you block customers from entering any place of business you will get arrested. And if you decide to play superman and say nope your not arresting me,they will use whatever force necessary to arrest you.So you had better be in shape and be able to hold your breath for longer then 10 seconds. what makes you think otherwise?
And Sony, MS might have a civil case as well as the criminal but like you im no lawyer so time will tell.
Jack of all trades,master of none
Do you really think the prosecutors, law enforcement agencies and lawyers are going to have a squabble about semantics?
Comon man what do you expect people to say to you? You live a sheltered life? are you 10 years old? Why would you not know its against the law to do network attacks? Or its ok because its a corporation you don't like? Hell they could be using YOUR or one of your family members PC to help in the attack.
Jack of all trades,master of none
Generally, misusing your own computer system is not a criminal offense unless you really go to extremes.
Yes, but they weren't, were they - they were misusing millions of 3rd party's computers to create a DDoS
They were misusing the network (yes, that's a computer system)
They were misusing Sony's computer (by feeding it bogus data until it became unresponsive).
My Ideas to help stop this kinda attack.
Identify as many infected computers as they can and block each and every one of the PCs,cellphone,servers whatever at the ISP level. We all cry we want an open internet but that is impossible if people are allowed to run infected PCs for theses scum criminals to use at will. No more blame game no more OS wars. PC owners have to be more responsible, no PC should be connected to the internet without a firewall and antivirus/malware software period end of story. I sure as hell would want to know if my PC is being used without my knowledge and im betting a few billion of my internet friends think the same as i do. Funny they don't bat an eye to spy on us, to collect all the data they can dig up to make mint for advertising. they know damn well whose PCs are infected and being used as bots.
Jack of all trades,master of none
No, missuse of a computer system is a criminal offence
Generally, misusing your own computer system is not a criminal offense unless you really go to extremes. If I set my router to ping flood Sony or Microsoft all day long that generally is not a criminal offense. Previously it was said that this "Lizard Squad" attack was done by a group of people, until we have an idea of how many people were in said "squad" it will be really hard to say whether or not any one person had a meaningful role individually.
Here in the UK it probably doesn't really matter what you were actually doing, if your INTENT was to stop or prevent people engaging in a lawful activity then that is most likely a criminal offence. This is generally how our laws are written then we just let juries sort it out.
In this case we passed a law in 2006 called the Police And Justice Act. Here is an old register article about it: http://www.theregister.co.uk/2...
Our legal system generally has intent woven into its fabric at a far deeper level than in the US so that if the CPS (Crown Prosecution Service) feel there is a reasonable likelihood of them being able to convince a jury that an individuals intent was malicious then they can drag you through the courts. In this case whether this retard is charged will probably depend on how clean his PC's were when they raided him.
You might note that I have zero sympathy for him, being susceptible to getting DDOS'd is not really a security issue worth exposing. If you throw enough traffic from a bot-net at an awful lot of sites they will go down. The simple truth is that when companies provision any sort of on-line infrastructure or offering you look and how much load it is expected to be under during normal operation then plan from there by adding a certain safety margin. In this case it sounds like this service was only going to be called each time a game was started so creating far more load then this by lots of bots pretending to start games over and over again thousands of times a minute was miles away from the intended traffic volumes.
I know some people say this vulnerability never should have existed as this phoning home is a form of DRM and this should not happen but the probably is that without it there are an awful lot of people out there who just freeload and play stuff without paying. Of course companies are going to try an make this difficult in order to stay in business, that is what capitalism dictates they must do in order to maximise shareholder returns.
I hope this guy also realises that he has utterly screwed over any chance he had in life of actually becoming a real paid security researcher with this stupid stunt. With a prior arrest on public record like this he is just not worth the risk, especially as he has not really showed any special technical skills. He will be lucky to get any sort of computer work for the next 10 years.
I dont read