GameBanshee Forums

I was watching a bit of the Today show this morning and they had an interview with the parents of an 18 year old who has been arrested and charged with distributing a variant of the latest worm virus. His version of the virus apparently affected 20,000 or so systems (allegedly). This is a small fraction of the systems affected by the original worm. Federal authorities have indicated that it is very unlikely that the original worm author and distributors will be tracked down. The 18 year old that was caught was a relative hacker novice and didn't cover his tracks very well.

The parents in the interview did the normal parent thing - they emphasized that he had not been in any trouble before - he was a good student - he should not go to jail, etc. He is facing 10 years in prison.

My personal view on crime and punishment is "do the crime and you do the time". I have no sympathy for this kid at all. I believe there needs to be consequences for breaking the law - and these consequences need to be enforced if there is to be a deterrent.

What do you think? What kind of punishment is appropriate for distributing damaging viruses?

Damn straight they should recieve a harsher punishment. The MSblast virus whilst being a pain was ultimately flawed, he knew the risks when he went out to modify it and when our PC's start to go down again I'll curse his name out.

I have no sympathy for hackers, if your smart enough to encode viruses then get yourself a programming job. Trashing someones PC is no different to breaking into someones home. I hope he gets the 10 years although he'll probably get out earlier on good behaviour but damn it we need a deterrent. Things have gotten way out of control...

If you ask me the system is prety good as it is. I agre with you about the "do the crime, do the time" part and feel sorry for all the people who suffered teribly under this virus. Finally, a reason where linux is superior to windows (ive been looking for a reason for years(and its only because so few people use linux))

I'd feel a lot better about this kid doing time if the officials who ran Enron and screwed several million people out of their life savings weren't for the most part getting away scotfree, while Dubya refused outright to sign any Congressional bill strengthening penalties for accounting fraud.

I'm not suggesting he should be let loose. But the attendant hoopla from the FBI looks suspiciously like scapegoating, if you know what I mean.

@Fable - I agree with your view on the Enron and Worldcom situation. The problem in those cases (as I am sure you are aware) is the time it takes to make a case that will stick against them. Enron went far beyond business mismanagment - It was clearly fraud on a huge scale. I think in time you will see more charges filed. Just last week the state of Oklahoma filed charges against several Worldcom officers.

That does not change my opinion of crime and punishment. We could all site numerous cases of lawbreakers getting off easy - because of technicalities, money, etc. Its frustrating - but it does not make me feel any sympathy towards those caught red handed.

And as far as scapegoating goes - If the kid is guilty he is guilty - unfortunately the prime offenders will never be caught - but that does not exempt this kid from being forced to take responsibility for his actions.

By the way - I am not suggesting that you are looking to justify this kids actions - I understand and agree with your frustration and outrage over the Enron situation.

I really don't care much about thoese making the virus - thoese I wanna hang are the stupid people that keep virus alive by clicking attachements that they don't know about from peopel they don't know. And the fact that the latest vira spoofs emails, still doesn't make it okay. Never open attachments that you haven't asked for or have some sort of "lame" one line email-body.
Also update the freeking windows so Blaster and Welchier can't continue to spread.

So my main beef is with the ignorant people that think computers and internet is so safe that they don't have to "lock" it like they lock their doors at night.

The reasons such emails can spread like this is because people don't think when using computers.....

Oh by the way - hang thoese that create anyway, they are still vandals

Originally posted by IHateUsernames
the people who suffered teribly under this virus.

Suffering is ofcourse a resonably individual thing but I think that the suffering induced by this particular virus was minor.

I know one person that left work early that day because the system didnt work. She said the suffering was not too bad.

I guess the people that had real problems were the systems adminstraters with leaky firewalls (to be fair it can be hard to maintain a completly secure external firewall with todays sprawling networks but that just shows that each mahine should have its own firewall running) and unupdated windows mashines.

(edit) Ohh just read about bucks trouples - people that run outlook seems to have been hit as well. Change to linux.

As for the kid - I think 10 years is a bit harsh. I would ban him from using any kind of computer and force him to get a life and do some exercise.

I generally would like to see the book thrown at people who create and distribute viruses. (Though I certainly agree with Fable's points regarding Enron, Worldcom etc.). They are a very real menace.

The thing is, as others have pointed out, often the perpetrators that are responsible for the worst ones never get caught.

Also, how much of a deterrent is a ten-year jail term? You would think that it would dissuade people from such crimes, but does it really? Not to get too far off-topic, but most US states have the death penelty, and the country has one of the highest violent crime rates in the world.....

I really don't know what the solution is. People can make forceful arguments against gun possession, but how do you argue that the sale of computers should be regulated?

If thev'e always been good [before] they should still make them do the sentence.

I think they should calculate how much financial damage the virus did, and instead of a jail term, fine that person the amount. Wouldn't it be great? They would be financially ruined for their entire lives!

I say give those virus makers who get caught 20 years without a computer or going near any internet service.

now that is torture enough

The sad thing is they'll won't be able to catch the original Blaster author so they'll put the whole blame at this kid for the whole Blaster thing.

Add those hackers wanna-be on the list. If you have firewall runing you can see lots of hack attempt using various method from the log.

Originally posted by fable
I'd feel a lot better about this kid doing time if the officials who ran Enron and screwed several million people out of their life savings weren't for the most part getting away scotfree, while Dubya refused outright to sign any Congressional bill strengthening penalties for accounting fraud.

I'm not suggesting he should be let loose. But the attendant hoopla from the FBI looks suspiciously like scapegoating, if you know what I mean.

Sorry fable, I'm not sure what one has to do with the other.

The virus writers can wreck havoc on large scale. As far as I am concerned keel hauling would be too kind !

If you look at the damage suffered from virus attacks, I think sofar we've been very lucky. A few examples from this and previous attacks:

The control system on a nuclear power plant got knocked out, but fortunately the plant was inactive at the time. (MSBLAST)

An airport closed down for hours, since major control and surveillance systems were downed by a netshare propagating worm. (NIMDA).

A hospital working at reduced efficiency since most computers are bogged down by netshare propagating worm, mail system knocked out by same worm utilising Outlook bug. The system for medical journals was down for days (NIMDA).

Any one of these three could have resulted in loss of life or worse. Therefore I think whoever writes these things should be held responsible. On the other hand, I find the US sentencing principles completely ludicrous, and would say that 10 - 20 years is far too harsh a punishment except maybe for murder, rape and the Enron/Worldcom executives. The later mostly because it sickens me that those responsible in those types of crimes almost always get away, so consider it somewhat emotionally biased.

I do not agree to put any responsibility on the users, however. Everyone has a right to be (somewhat) clueless, and for some people, it's computers. Those writing trojans (viruses you need to click on) are getting better and better at the social engineering part of the delivery. Also, the effect of having everyone not open attachments is hampering for the technology as a whole and would be to give in to the culprits.

The system administrators don't have an easy job either. Firewalls and anti-viral software are by design reactive, which means someone has to apply a rule, update a signature database or otherwise manually fix something. In the meantime, the virus or worm goes through it's automated procedures and could easily spread to thousands of computers in a matter of minutes. Luckily, virus writers are generally quite incompetent, so thus far, no really effective propagation mechanisms have been devised since the legendary "internet worm". That was a unix-based worm btw, to wake up all the I-use-linux-so-Im-safe users.

One party that _is_ responsible is the producer of the operating system, in this case Microsoft. Most programmers today are guilty of pretty shady programming practices, with ad-hoc solutions and Ill-fix-it-later work queues as long as the transsiberian railway (guilty as charged ). This does not bode well for security anywhere, but in the Microsoft case, focus has always been features and security has come as a hindsight at best. Their current focus on security is in effect just a different set of features, which is completely missing the point. Theories and methods for building safe operating systems has been around since the 70's, but has sofar not been applied to "modern" operating systems such as windows3/9x/2k/xp, unix, linux, mac, etc. The only reasons why the others have been spared is because M$ is a popular target for hatred and they make it sooooooo easy.

The day you hear me say "I use a Mac/Linux/Whatever so I'm safe", throw a bucket of water over me and make sure I wake up.

Originally posted by Scayde
Sorry fable, I'm not sure what one has to do with the other.

I should have been clearer; sorry.

We have a kid who's going to get 10 years for perpetuating a virus on the Web. I've read plenty of statements from federal politicians talking tough about going after virus writers/spreaders--more power to these lawyers with control issues, but we all know the worst that will happen is the laws will be made stricter, while remaining largely unenforced due to the difficullty of finding the virus perpetrators.

Yet at the same time, these politicians can't or won't do a thing to cut the sleeze factor in government: the extraordinary quantity (as in tens of billions of dollars per year) of lobbying money in Washington, for example. And of course, Dubya killed a bill to toughen laws against accountancy fraud, which would have made the penalties for such scams much stricter. So we'll have tougher laws against irresponsible 18-year old kids who spread Web viruses, while we protect corporate leaders who defraud tens of millions of people out of their life savings. Here's to Bush, who has his head on--backwards, as usual.

I also found it amusing (in a sad way) that the FBI was trumpeting its "success" in finding the kid. Considering that they've messed up with 9/11, still haven't tracked down the Anthrax mailer/killer and this is their first success in grabbing a virus spreader, I think they have no reason to posture in public about their accomplishments.

I agree with you, Fable. The Enron debacle utterly ruined many people's lives - and the perpetrators got off virtually scot-free. This teenager didn't anything close to that, and is receiving such a harsh penalty simply because he's a nobody. Yes, he should be punished, but not with a sentence normally given to rapists and the like.