Catch up on stories from the past week (and beyond) at the Slashdot story archive

 


Forgot your password?
Close
typodupeerror
×
News

Maker of Kournikova Gets Wrist Slapped Too 167

Posted by CmdrTaco from the no-surprise-here dept.
shelflife writes: "This story says 'It is the first time in history that the maker of a computer virus has been tried in the Netherlands -- indeed one of the few times it has been done in the world. Hypponen knows only of one conviction. A man was sentenced to 18 months in jail in the U.K. in the early 1990s. The man served 11 months, said Hypponen.' but that can't be true. What about Robert Morris? Anyway, the requested sentence is amazingly light -- 240 hours of civil service." The really interesting part is that this kid wasn't even a programmer. He just downloaded a kit. Shows how far this Virus Craze has gone in the last few years.
This discussion has been archived. No new comments can be posted.

Maker of Kournikova Gets Wrist Slapped Too More

Maker of Kournikova Gets Wrist Slapped Too

Comments Filter:
  • May be he is guilty for spreading it?
  • If you read the article it says, "The fact that no damage claims have been filed with the prosecutor's office is one of the reasons the prosecutor isn't asking for heavier sentencing. However, the U.S. Federal Bureau of Investigation said in a fax to the prosecutor it identified 55 victims of the Kournikova worm with a total damage of $166,827. That claim wasn't specific enough, the prosecutor said."

    That is exactly right. No one stepped up to claim damages.

    In light of that the defense attorney attacked the prosecution.

    In terms of right or wrong it is obvious that the right thing wasn't done. In terms of judicial process and law, it was a success.

    Maybe there needs to a better way to determine losses during a virus/worm incident. Are there any standard formulas not based on Anti Virus company PR?

    The only thing I could find was this:

    http://www.vibert.ca/prevbus.htm

    It breaks time down on support efforts and totals it.
  • Joy. Now we have script kiddie wannabes.
  • That's messed up he used a kit. What a hobo.
  • Interesting that he turned himself in - perhaps this does lend credence to the idea that he really didn't know what he was doing. Although, to be fair, if you download a worm creation kit, use it to create a worm, and then post it to Usenet, it seems unlikely that you wouldn't be aware of the potential consequences.

  • I think it's high time that this kind of thing happened. All these script kiddies with their DDOS and rootkit tools, virus kiddies and their kits, are able to do what they are doing because they don't have to suffer for it. Everyone else has to suffer instead. Situations like that are why we make laws in the first place.

    I'm certainly against penalizing the authors of the kits, if they don't release viruses. We shouldn't do anything to people who alert us to security vulnerabilities, even to the extent of releasing an exploit, since this is often the only way to get companies to make a patch. But for those people who decide to use this information to steal the time and money of others to gratify their egos, the law is the proper recourse.

    If you don't agree, that's fine. See how you feel after having to spend a weekend of your own time wiping and reinstalling the OS and applications on a machine or machines that have been hacked. Then, testing them and having to deploy new security procedures so that you can be live on Monday. It's not fun.

  • Good.. (Score:2, Insightful)

    by evel aka matt ( 123728 )
    Finally someone in a computer-related trial gets a semi-fair sentencing. I'm suprised he didn't get $4,000,000,000 worth of jail time for all the "damages" he caused. I must admit, I'm a little suprised at the people who are not happy with the outcome of this trial..

    ---
    evelakamatt

    • Re:Good.. (Score:2, Interesting)

      by Spruitje ( 15331 )

      Finally someone in a computer-related trial gets a semi-fair sentencing. I'm suprised he didn't get $4,000,000,000 worth of jail time for all the "damages" he caused.


      Contrary to the US it is not common that people are compensated above Fl 50.000 (that's around $ 22.000) in the Netherlands.
      If a waitress spill some coffee on in a restaurant the normal compensation is that the restaurant pays the bill of the dry cleaner.
      Contrary to the US we at least have some common sense and it isn't done to sue somebody for a mistake (and it is almost impossible).
      You will find that this is the case in most parts of Europe.
  • Anna K. never infested my email box the way Sircam has, but for some people it probably did.

    I hope the court took into consideration:

    - cumulative time (at sysadmin rates) spent cleaning off the virus
    - long-distance and other comms. telling infectees, infected systems' admins that their systems are infected
    - lost time due to disk-full errors etc.

    What else?

    The real loss / damage is that people are pissed off at each other for passing on a virus which someone else specifically designed for them to be able to pass on unknowingly.

    Like switching the brake and clutch in city buses. Ha ha, what a riot. OK, so no one got killed, but Ha ha! Look at me! How'd you like the hospital treating your loved ones to be putting their resources toward cleaning off this scum rather than toward keeping records straight, making sure your parent / sibling / spouse / child doesn't get a medicine they're allergic to, etc?

    timothy

    • Sir, I find your sig to be more than a small bit offensive.

      As an Arab living in the United States, I too have been affected by the tragedy inflicted on your country by these terrorists. I had several friends in the WTC at the time of the attacks, and I feel that the USia needs to extract vengance upon those who committed these acts. However, you must understand that the men who perpetrated this violence represent a distinct minority among Arabs.

      Your suggestion that all arabs have their arms amputated strikes me as offensive and highly insensitive. Racially motivated violence will not bring the dead back to life.

      Now is the time for level-headedness and tolerance, not ignorance and persecution.

  • Couldn't do it alone... (Score:3, Troll)

    by Ed Avis ( 5917 ) <ed@membled.com> on Saturday September 15, 2001 @10:51AM (#2302952) Homepage
    Will the makers of Outlook go to court for actively helping the spread of the worm by deliberately insecure handling of attachments?
    • I guess I am really tired of hearing people say this.

      Yes, Outlook is prone to leaving gaping holes to run these things through, but let's not blame the responsibility.

      Someone, an IT Manager, a Network Administrator, a tech, has made the decision that their company, group or department will use Outlook. That is where the blame rests.

      No one puts a gun to their head and forces them to use Outlook. No one. Someone makes the final decision.

      In that decision there may be mitigating factors such as software investments, training costs, etc. so if they find themselves in a situation where they feel Outlook is their best decision they then need to protect themselves.

      After the first Outlook specific virus everyone should have realized this simple fact: anit-virus products exist for a reason.

      A good anti-virus product will override your email and not allow it to happen. Automated updates to DAT files can be handled locally or over the internet.

      There is no use in blaming Microsoft. You blame the people who handle IT for the organization.
      • I agree. Microsoft should not be held responsible for writing the Outlook program; the fault is with those stupid enough to run it. The same principle should be applied to the person who wrote the Kournikova worm.
      • I agree... and even if you are forced to use outlook, it behaves unless you are outright stupid.
        And moreover, I'm tired of seeing those posts everywhere, where they are Not needed. If you really feel so hard about this crusade, why don't you tell the people that are Unaware of such?

        Ah yes. Scoring cheap points by cheering for the home team... :)

        Want me to tell you what the Real culprit is? All those management morons sending small little "funny" or "cute" AVIs or flash games... those are the ones that will dbl-click on Any attachement, and those are the ones likely to send an attachement that you should dbl-click. (Mail-rule: email from X with attachement goes straight to trash).

      • How many people factor the expense of mandatory anti-virus software into their calculations when choosing Outlook?

        What if IT says "hell no" but management forces the Microsoft solution on them. Do you still blame IT?

        What about schools and ISP's where clients just start using the bundled Outlook Express because it came with the computer, forcing the overworked sysadmins to divert time and money to installing centralized anti-virus software on the mail hosts, because there's no way in hell that anti-virus software is going to be installed properly configured on all the client machines?

        I say boycott Microsoft until they fix the negligent product design that brought us the anti-virus market.
    • Will the makers of Outlook go to court for actively helping the spread of the worm by deliberately insecure handling of attachments?

      Yes, but only if we also take God to court, for making people so stupid.

  • Announcement (Score:1, Funny)

    by Anonymous Coward
    We at Micro$oft strive to give as much help and support to the budding young developers as possible. To this end we announce the Micro$oft Virus Developers Network (M$VDN). Join now, download our VDK 1.0 and recieve a FREE one month subscription to our developers resource center, where you can learn about new security holes and exploits as soon as we make them!

  • Reasoning... (Score:3, Insightful)

    by Telek ( 410366 ) on Saturday September 15, 2001 @10:55AM (#2302969) Homepage
    The really interesting part is that this kid wasn't even a programmer. He just downloaded a kit.

    and

    The defendant, Jan de Wit, turned himself in to the police in his hometown Sneek, Netherlands, on Feb. 14.

    I would venture a guess to say that those are the reasons why he was given such a light sentance, and the fact that he was 20 years old. A little remorse goes a long way in the courts, and turning yourself in too usually helps to give a lighter sentance.
  • I was wondering how long it would take for the police to finally go after these low-lifes who seem to have nothing better to do with their time than cause other people aggravation. After having to deal with these script kiddies for quite some time, I think jail is the safest place for them. I know quite a few IT people who would love to hunt down these jerks and kill them (Jay and Silent Bob style hehe). I think that in addtion to putting these people in prison where they belong, they should also be fined for all the costs incurred by victims of these viruses.

    Anyone who makes a "virus kit" or anything similar should also be imprisoned and fined. Figuring out how to breach security in software and letting the authors know so they can fix it is one thing, and its a good thing to do. But actually writing a program to exploit shortcomings in programs has nothing other than malice written all over it.

    On the other hand... one could also make a case that people should be allowed to sue software manufacturers for costs incurred dealing with virii, etc. if the software company was indeed informed about the problem but took no corrective action to fix it. Of course, if they released a patch and you didn't bother to install it, or you didn't bother to install/set up the software correctly, that is and still should be your own fault.
    • Anyone who makes a "virus kit" or anything similar should also be imprisoned and fined. Figuring out how to breach security in software and letting the authors know so they can fix it is one thing, and its a good thing to do. But actually writing a program to exploit shortcomings in programs has nothing other than malice written all over it.

      Some authors will refuse to patch the software until something is actually exploiting it vulnerablities. *cough*Microsoft*cough* See also this comment [slashdot.org].

      • Surely though, anyone who writes a program which exploits security holes for malicious purposes and then willingly distributes it to anyone who wants it is no better than a willing accomplice in a DDOS attack.

        This is not the same as punishing someone who sells you a gun because you use it to protect yourself. These kinds of malicious programs serve no legitimate, useful purpose of any kind. While I don't think coding should be a crime, the programs DO cause real damage which costs real money to fix. Something needs to be done about it.

        One example, not too long ago, someone posted instructions which would allow Hotmail users to read emails belonging to other Hotmail users. What purpose was served by posting this stuff in a public forum? We had already known hotmail security was breached. Did the poster think that someone might just use it to illegally break into another person's hotmail account?
        • For fuck sake dude, a good sized rock can be used to kill someone. Does that mean rocks of particular sizes ought to be outlawed? Should the writers of compilers be held accountable for people who used their compiler to make a virus? Run of the mill network utilities can easily be used to DOS some poor sap with a slower connection than yours. You post vulnerabilities in order to expose the fact that company X doesn't test their shit properly and ought to learn how before they lose all their customers. I'd rather use a product that has had bugs exploited and fixed than one where I didn't know if it had been exploited or not. If you're the target of an exploit especially a dumbfuck exploit like macro virii then you live and learn.
        • One example, not too long ago, someone posted instructions which would allow Hotmail users to read emails belonging to other Hotmail users. What purpose was served by posting this stuff in a public forum?

          The purpose was to force Hotmail to fix the vulnerablity. It worked. The reason it worked was because the Joe Blow User found out about the vulnerablity due to the coverage, and took appropriate action. Different people take different actions, but the end result gave Hotmail a clear message: fix it, or you won't have enough business to sustain your operation. Often these security holes are considered too obscure and therefore not a threat. All you have to do it get the message out to a couple blackhats and average users, and walla, it becomes a serious threat even to those who would rather not deal with it.

          We had already known hotmail security was breached. Did the poster think that someone might just use it to illegally break into another person's hotmail account?

          Yes, the poster knew all too well that the blackhats would find and exploit the vulnerablity if it were made public, and they would run amuck if it were not fixed, as such he/she made it so public that Hotmail is left with no choice but to fix it. The same principle is the reason we invest in the stock market: We give up a little bit of something now, to get more back later. That something is money or security depending on your favorite paradigm.

  • ... my buddy and I were reading about different poly-morphic and boot-sector viruses in the program F-Prot. We came across one that was written in Visual Basic - and laughed. Boy, have things changed!
  • Sure kids who program or release viruses should get their wrirsts slapped and do some community service. What gets me is these stupid figures for damages that get banded about. If companies really are losing much as they claim, why don't they just hire someone to install security patches when they become available, it's not exactly rocket science. In my view if you have some critical systems but don't bother to add security patches when they become available, you are equally to blame and should not be allowed to claim damages.
    • Huh? If you leave your keys in the ignition of your car, and someone jumps in takes it for a ride and torches it, you're not allowed to sue him for the loss of your car because you left your keys there?

      And that's a lot more lacsidasical than we are talking here- it's closer to a manufacturing a car that's easy to hotwire.

      In my view you're an ass. There are very real costs with setting a system up right. How long does it take you to reinstall your operating system? My personal system takes a couple of evenings for the basics and won't be right for weeks.

      >If companies really are losing much as they claim, why don't they just hire someone to install
      >security patches when they become available, it's not exactly rocket science.

      They do. These networks can be vast though, and getting to all of the machines in time can be difficult. Also, many patches or fixes involve switching off services or features. Companies cannot blindly install patches, they need to test them first. It ain't easy.

      • IMO your car analogy misses important features of the case. I think a better analogy would be a fire officer deciding what fire precautions to take. He knows that for every fire, someone must take the blame. He also knows that most fires are started by arsonists. Taking fire precautions is a time consuming and tedious job. Whatever punishment is given to arsonists, arson attacks won't stop: most arsonists get away, and most of them are kids so can't be punished severely anyway. The fire officer knows this, the problem is that what's important to him and his immediate manager is that they don't get blamed for fires and sacked, and that they are not overworked taking fire precautions. If there is a fire and they're not blamed, it's not the end of the world for them since other people do most of the clearing up. They have an incentive take less than the optimum level of fire precautions and to make sure arsonists get all the blame for fires.
        • >If there is a fire and they?re not blamed, it?s not the end
          >of the world for them since other people do most of the clearing up.

          Oh right, so the architects of the WTC were to blaim for the building falling down? [In that case I think they should be admired that the building stood for an hour after such a brutal attack; and the failure mode was the best you could really have- almost straight down.]

          Some or even many attacks cannot be realistically avoided; but can only be dealt as best anyone can when they occur. We don't know the holes until somebody finds them, and the bad guys sometimes find them first.

          >They have an incentive take less than the optimum level of fire
          >precautions and to make sure arsonists get all the blame for fires.

          Not so much; if they are being significantly reckless they will carry some small part of the blame in all likelyhood, same as if you leave the door open; and that can be career affecting. But still, 90+% of the blame rests on the attacker.

          In the company I work for Red Code attacked a handful of servers out of hundreds or even thousands- the rest had been patched; in that case perhaps there was some recklessness involved, they should have patched them. But 95% of the blaim lies at the doors of the authors.
          • Oh right, so the architects of the WTC were to blaim for the building falling down?

            No. Noone in their right mind would have expected those attacks. However, when you connect a machine to the internet, you can be almost certain it will be port scanned for weaknesses.


            In the company I work for Red Code attacked a handful of servers out of hundreds or even thousands- the rest had been patched


            Security can never be 100%. I'm suggesting that if reasonable precautions haven't been taken, then blame should be shared.

            • >I'm suggesting that if reasonable precautions haven't been taken,
              >then blame should be shared.

              How many hours of community service should the system admins have been given then? Get a clue dude, you've lost it.
              • How many hours of community service should the system admins have been given then? Get a clue dude, you've lost it.

                LOL.. Off the top of my head.. 24 hours per month.

                (If you read carefully, I said if people aren't taking precautions, they shouldn't get damages - not that they should do community service.)

      • Re:Right decision (Score:2, Insightful)

        by archen ( 447353 )
        "How long does it take you to reinstall your operating system? My personal system takes a couple of evenings for the basics and won't be right for weeks. "

        Two words dude: Norton Ghost

        Besides which as most any computer oriented person will tell you, backing everything up is most important.
        • >backing everything up is most important.

          Yeah, if you have the hardware to do that; and even then only if your data is necessary.

          People that go around trashing, writing worms, trojans or viruses, or cracking are dirt. It's like stealing peoples lives- often hundreds of dollars worth of time per system. Even with backups.
      • What if circuit city accidently marks the price of its TVs at $5.00? The value of the TV is $100. They were selling for $500. You hear about this "bug", and go to circuit city and buy 1000 TVs. The cashier accepts the purchase and you go home with 1000 TVs for $5000. The TVs are destroyed in an explosion when you get home. Should you owe Circuit City $95000, $495000, or nothing? Should you have to do community service, or spend time in jail?

  • D'oh (Score:4, Offtopic)

    by zpengo ( 99887 ) on Saturday September 15, 2001 @11:05AM (#2303005) Homepage
    And here I was seeing "Kournikova" and "slapped" and thinking this article was going to be much more interesting (and perhaps have some pics!)

  • That seems like a reasonable sentence (Score:3, Insightful)

    by iabervon ( 1971 ) on Saturday September 15, 2001 @11:09AM (#2303017) Homepage Journal
    It's a light sentence, as sentences go, but it makes the whole process, from putting it together to serving the sentence, more trouble than it's worth in entertainment.

    The reason lame modern viruses get written is that it's really easy; you put in very little time, and then get to hear reports about how it spreads: very little effort, a little entertainment. If he'd known that it would take 250 hours of work, he probably wouldn't have bothered.

    The same goes for hacking websites: people do it because it doesn't take any real effort. If it took 250 hours of boring work that you can't automate, people wouldn't bother.
  • I think that all viruses show how much the Internet relies on trust, and how easy it is to violate that trust. To me this is like removing stop signs at intersections, or disabling stop lights -- on the one hand, a thoughtless prank,
    ; on the other hand, a criminal act that costs countless money and time. I hope this kid has to do sysadmin work, install patches, and fight off other viruses as part of his community service.
  • ...to the father of the beutiful tennis player?

  • Kevin Mitnick (Score:2, Interesting)

    by Zero__Kelvin ( 151819 )

    "A man was sentenced to 18 months in jail in the U.K. in the early 1990s. The man served 11 months, said Hypponen.' but that can't be true. What about Robert Morris?"

    Not to take away from RTM, but what about Kevin Mitnick [kevinmitnick.org]?

  • Wrist slapped? (Score:2, Insightful)

    by sedawkgrep ( 142682 )
    240 hours of community service is quite a bit, at least in my book.

    Say you work a 40-hour week (days)...that pretty much only gives you weekends to devote to service. If you work 8 hours on saturday, it will take 30 weeks to complete the sentence.

    Anybody want to give up 30 saturdays? I didn't think so.

    The punishment is certainly less than what one might have expected, but I think this is a good trend, not a bad one. I'd much rather see these marginally troublesome white-collar criminals get easier sentences than ANY drunk driver or other violent criminal acts. So the virus is bad. Sure. Was there any loss of life? Was anyone maimed or psychologically traumatized (heh) over the incident? Hell - he didn't even try to steal information or money.

    Punishments should fit the crime. What he did was not excusable, but a little perspective check is in order - especially after tuesday's events.

    sedawkgrep

    • Say you work a 40-hour week (days)...that pretty much only gives you weekends to devote to service. If you work 8 hours on saturday, it will take 30 weeks to complete the sentence.

      Anybody want to give up 30 saturdays? I didn't think so

      Why should the criminal get to determine the conditions under which his sentence will be imposed? He should have to run the risk of losing his job to complete his sentence. Had the law not been broken, he would not be in such trouble.

      • He should have to run the risk of losing his job to complete his sentence

        There you go, trying to call down hellfire and brimstone. One of the intents of a sentence is rehabilitation - the convict should be more capable of normal functioning at the end of this, not less. What do you think will happen if he loses his job?

    • Say you work a 40-hour week (days)...that pretty much only gives you weekends to devote to service. If you work 8 hours on saturday, it will take 30 weeks to complete the sentence.

      Say you work a 40-hour week and at 4:45 pm on a Friday a new virus gets emailed to someone in your company and starts renaming random files on your file server? That pretty much only gives you the weekend to devote to restoring from backup, instituting new procedures, etc.

      So the virus is bad. Sure. Was there any loss of life? Was anyone maimed or psychologically traumatized (heh) over the incident?

      There was no loss of life, but a system administrator had to spend the next day and a half, while his wife and 2 year old kid were at home, restoring from backup, updating virus definitions, and cleaning infected machines. If he gets paid hourly, the company lost money. If he's salary, he lost money -- and a weekend day, maybe the entire weekend, with his wife and kid at Disney World. I think 240 hours is more than fair.

      • but a system administrator had to spend the next day and a half, [...] updating virus definitions

        Sorry, but that was the admins responsibility is the first place: a good admin will prevent virus infections at all cost. Hey, I'm just admin of our family network and I update virus definitions each month twice.... In a company he should even filter out all executables at mailserver level. Sorry, I don't condone writing viruses but companies should be protecting themselves.
        Normal people, I mean, granny using her computer, are of course not protected that way....Companies and admins administering the networks have no excuse. They are in fault when a virus gets through.

  • Last few years? Hmm. Virus kits have been around for awhile now. Right now I am looking over the docs for IVP (Instant Virus Production Kit) 1.7 which has a time-stamp from 1992. It supported .COM/.EXE(MZ) infections, encryption, etc. If you look through a virus bestiary, all of these viruses begin with IVP.*. I remember seeing a "review" of the kit by a virus software company, calling it shoddy. So I guess Virus Kits are nothing new. Just thought I would mention it.
    • I remember those kits. Especially the one that came with wordstar built in that was set up like Turbo-C. They were pretty shoddy IIRC, it was the quickest way to write a virus that all antivirus packages would immediatly detect (because the kits themselves tended to leave their signature on the virus). I do remember some of the more sophisticated kits claiming to make your virus automatically polymorphic, but I don't know if they actually worked. Most of those kits were riddled with bugs to boot (heck, most _viruses_ have bugs in them, have you ever read through those virus bestiaries?).
      Besides, I never heard of any kits that helped you to write boot sector viruses, which were the only ones that ever seemed to spread anywhere, at least before Word Macro viruses and Outlook worms came along.
  • "I didn't know what it (the worm) would do. I just clicked away... I did this without thinking and without overseeing the consequences and without the intent to cause damage to anyone," he said. "I am not a programmer; this was the first time I created something myself."

    We should send a message to all clueless amateurs out there that go around "clicking" in virus making kits and creating Outlook viruses that force law abiding companies to close down their e-mail systems and loose thousands of dolars in revenues (imagine all those suffering employees that cannot send the latest joke to all their collegues).

    If we don't act swiftly and decisively now, we risk having these "amateurs" playing around with Code Red Creation Kits.

    I say hang the guy in Dam square in Amsterdam - that will show them!!!

  • In the name of all that's holy, don't let our marketing department hear about this!
  • The really interesting part is that this kid wasn't even a programmer.

    The really interesting part is that he did not make the gun, just pointed it and pulled the trigger.

  • The conviction in 1990 wasn't for creating a virus. I know, because I was network manager at one of the sites involved and was responsible for logging network activity which formed part of the evidence. In that case, the individual had found a vulnerability in the ICL 3980 mainframe series - in essence, root password changes were logged to a journal which was publicly readable. He had already taken over several machines in the UK before we were alerted, but as it happened he hadn't managed to root us because we were "slack" in our password changing and the root password hadn't actually been changed for many months. Other more diligant sites who changed the password weekly or monthly weren't so fortunate.


    For a couple of weeks I created logs of his connections to our machine; they were traced back to a dial-up connection at one of the colleges in London. Once the evidence was in place, the authorities gave him (I quote the detective who interviewed me) "the wobbly door treatment" one evening, much to the amazement of his mother who was cooking dinner while her son was "playing" with his computer in his bedroom


    At the time, the Computer Misuse Act was only just going through parliament and therefore he had to be charged under existing laws. The prosecution case was that modifying the magnetic fields on hard drives amounted to criminal damage, and it was for this that he was tried and convicted. He was sentenced to 12 months, with a further 6 months suspended. He came out after 11 months to an operator job with a company using ICL mainframes.


    • The conviction in 1990 wasn't for creating a virus. I know, because I was network manager at one of the sites involved and was responsible for logging network activity which formed part of the evidence.

      Uh, actually, no, it was for creating a virus, and had nothing to do with mainframes as you suggest.

      I had corresponded with the author (he was part of the SAM Coupé programming community). I know who he is. I have tons of his source code. And he was convicted for (on the surface of it) creating the first assembly-language polymorphic virus, and putting it into a virus kit.

      The virus was called Smeg.

      Here's a link that you might find informative:

      News story [niu.edu]

      Simon

      • Looks like the link you provided is indeed the case referred to in the article. The case I was involved in happened five years earlier in 1990 and I as far as I know, then and now, was the first time there was a conviction in court for a "computer misdemeanour". Just a coincidence that both perps ended up doing 11 months, I guess.

  • Outlook makes virus propagation so easy all you have to do is come up with a catchy subject line and the rest is a CS101 project.
  • Eighteen months in jail is nothing like getting your wrists slapped! That's a year and a half in confinement at a very dangerous place. It's a jail sentence, not a slap on the wrist.

    What the hell is the matter with people who think they're entitled to take away people's freedom for causing a little economic damage? People are more important than money!

    A lot of these hackers might learn their lesson through public humiliation and education. Jail does nothing to fix people, so why the hell resort to it except in hopeless cases?
    • The guy who got 18 months was a different person. That's what I get for not reading the story.

      I think they should return the kid his computer. They should delete the viruses and let him keep his computer and data. Just because he released a virus shouln't be reason to seize his entire digital "assets".
  • didn't write a virus. It was a worm. It sought out vulnerabilities that were (at the time) unknown to the majority of internet users. It replicated and attempted to spread at such a rate it crippled the internet.

  • ...c'mon, where's the craftsmanship? Where's the pride in your work? When I wrote viruses, it was all about doing it yourself, accomplishing something. Now you don't even have to be a programmer, you just have to know how to point-and-click. I tell ya, when pride in craftsmanship goes down the toilet, there's nothing left.

  • CmdrTaco appears to be one of those people out there who have a rather confused notion of how severe sentences actually are. This is the second posting about how 18 months in juvie or 240 hours of community service + a criminal record amounts to a slap on the wrist.

    This is pretty dumb. Jail is boring, obnoxious, demeaning and occasionally dangerous, particularly for these type of people. A sentence of several months is not a slap on the wrist. Community service sounds about right.

  • I think it is a great thing that he is going to trial. It is time for everyone to stop seeing people such as Jan de Wit as innocent. He created something that caused companies problems. The fact that he used a creationkit to create the worm is beside the point. Everyone are responisble for their own actions, and everyone should be prepared to take ALL consekvenses that their actions may have... always!

    If you look at most "new" viruses that are added to the databases of Antivirus products, you can see that they aren't actually new. Most of them are modified versions of some existing virus. So, if we get another case where someone modifies an existing virus to avoid detection by AV products, is he the creator of it? I say that he is the creator just as much as Jan de Wit is the creator of this worm.

    I hope that he this guy gets a penalty. I hope that this will prevent some other people from creating viruses. Something else that is good about this case is that the creator of the kit, [K]alamar, stopped creating more kits (his name was in on Argentinan TV and this scared him).

    Viruses are bad. Even though they fund an entire industri, I think everyone would be happier without them, even people in the industri. Bringing people that create or spread them to justice is a good start in the path toward a virusfree world.
  • This is rediculous. For actually attacking computers on the internet, or for writing a virus that maliciously attacked other computers, these jokers got a wrist slap.

    For writing software that MIGHT be used to violate copyright law and therefore violates the DMCA, Dimitry Sklyarov gets the book thrown at him. Where the hell is the justice in that? Nothing that Mr. Sklyarov did was malicious, and yet his "crime" is treated far worse than those whose actions were deliberately intended to do damage. There is something seriously wrong with this picture.

    • Yes but Dimitry Sklyarov committed his crime under US law. The US has the highest incarceration rate in the world. The wristslapping in the last few days occured outside America, and hence, the sentancing is a little more level headed.

  • he is the black baron, or chris pyle. responsible for SMEG.

  • Anyway, the requested sentence is amazingly light -- 240 hours of civil service.

    How often people say that a sentence is "amazingly light". I think that should be a crime punishable by whatever sentence the speaker/writer says is "amazingly light".

    Just to remind people: at the trial, no evidence that this guy's activity had harmed anyone in any way was presented. Yes, viruses are bad; yes, he should be punished; but for a first offence, wouldn't probation and a fine be more appropriate? If he doesn't learn his lesson and offends again, OK, then throw the book at him.

Slashdot Top Deals

Human resources are human first, and resources second. -- J. Garbers

Close