2.5 years in jail for a DDoS attack seems disproportionately steep. He made a few websites temporarily inoperable, sounds more on the level of a bad prank than a felony with jail time on par with armed robbery.
According to the charges that were filed [1], the defendant also played a role in the creation of the botnet used in the attack. In addition to the DDoS attack there is the issue of accessing machines he was not authorized to. He pled guilty [2], so I don't think 2.5 years is that surprising.
That's not what happened, but: why? Why is that disproportionately steep? Because it's so easy to do, it doesn't seem like it should be a crime?
Talk to businesses dealing with DDoS attacks sometime. They're tearing their hair out and losing real money because of some sociopath's vanity "attack". Why, exactly, are we supposed to look the other way?
If I rob someone of $10k I'm going to jail.
If I use a botnet to take their site offline, resulting in a loss of revenue or donations of $10k, I should also go to jail.
Just because it is easy or common doesn't make it any less of a crime.
It's utterly ridiculous and a waste of resources that these sorts of things are felony criminal prosecutions at all. Putting people in state prison at a cost of $70,000 a year in housing costs, PLUS the loss of income and other tax they would have paid plus the loss of their support of family who then goes on welfare, this should only be reserved for people who are an actual imminent threat and danger to the community.
Hacking should be something that gets fines only. Let the hacker pay back the cost of his damage, but there is no reason for taxpayers to bear hundreds of thousands of dollars in costs to warehouse these guys with actual hardened criminals whom they will have to make deals with in order to survive in the pen. Then, when they get out, they owe favors to actual criminal syndicates which they formerly had no relation to.
If you broke into a store, stole a raft of credit card numbers from carbons, and rigged the registers to feed you more of them in the future, common sense would inform us that you're a criminal. Similarly, if some jackass broke into a series of automobiles and drove them to a store's parking lot to inconvenience or cripple its operations, we'd have no trouble conceiving of the criminal charges that might result from that.
The only difference between those crime and the crime committed here was the ease with which the Internet allowed it to be committed.
No doubt, the person running the botnet collecting credit card numbers and launching DDoS attacks didn't feel like a criminal. He felt like a prankster. But how is that relevant? I say it isn't relevant. At all. The Internet has a knack for making reality feel unreal. But there is a reality, and it does not give a shit about your message board posts.
It's ridiculous how easy it is to go to jail in the USA. It doesn't really solve anything for lower level non-violent crimes. Surely if they can rehab for drugs, they can rehab for hacking.
[+] [-] hop|15 years ago|reply
[+] [-] poet|15 years ago|reply
[1] http://www.justice.gov/usao/ohn/news/2010/Mitchell%20Frost%2...
[2] http://www.ohio.com/news/break_news/95045294.html
[+] [-] tptacek|15 years ago|reply
Talk to businesses dealing with DDoS attacks sometime. They're tearing their hair out and losing real money because of some sociopath's vanity "attack". Why, exactly, are we supposed to look the other way?
[+] [-] maukdaddy|15 years ago|reply
Just because it is easy or common doesn't make it any less of a crime.
[+] [-] bugsy|15 years ago|reply
Hacking should be something that gets fines only. Let the hacker pay back the cost of his damage, but there is no reason for taxpayers to bear hundreds of thousands of dollars in costs to warehouse these guys with actual hardened criminals whom they will have to make deals with in order to survive in the pen. Then, when they get out, they owe favors to actual criminal syndicates which they formerly had no relation to.
Sheesh.
[+] [-] tptacek|15 years ago|reply
The only difference between those crime and the crime committed here was the ease with which the Internet allowed it to be committed.
No doubt, the person running the botnet collecting credit card numbers and launching DDoS attacks didn't feel like a criminal. He felt like a prankster. But how is that relevant? I say it isn't relevant. At all. The Internet has a knack for making reality feel unreal. But there is a reality, and it does not give a shit about your message board posts.
[+] [-] privacyguru|15 years ago|reply
[+] [-] tptacek|15 years ago|reply
[+] [-] da5e|15 years ago|reply
[+] [-] unknown|15 years ago|reply
[deleted]
[+] [-] unknown|15 years ago|reply
[deleted]
[+] [-] donspaulding|15 years ago|reply
[+] [-] wakeup|15 years ago|reply
[deleted]
[+] [-] mattmaroon|15 years ago|reply
[+] [-] mattmaroon|15 years ago|reply
[+] [-] privacyguru|15 years ago|reply