Why Worm Writers Stay Free 373
savaget writes "There is an interesting Wired article explaining why worm writers are getting scott free despite their destructive deeds." Nothing really new: overworked law
officials, bragging worm writers, you do the math ;) I still find it amazing.
The bandwidth wasted by a successful worm is gigantic. To say nothing of
time and disk space.
Hilarious part (Score:5, Funny)
SirCam contains this text in its code: "SirCam Version 1.0 Copyright 2001 2rP Made in / Hecho en - Cuitzeo, Michoacan Mexico."
Smith has a hunch that the author of SirCam is or was in Cuitzeo, and is probably a student. Cuitzeo is located 16 miles from Morelia City, which boasts a large university.
Talk about a blinding flash of the glaringly obvious...
Re:Hilarious part (Score:2, Insightful)
Well the context of the story was that the virus writers are usually incredibly dumb, and they have a habit of putting real information to brag to their friends (and enemies) about what they'd done. Imagine going to all that trouble and no one believes that it was really you.
Having said that, people often reveal a lot about themselves even when they include fake information (i.e. the classic is the "opposite" syndrome: If you're a young male say that you're an elderly woman. It doesn't take a genius to flip them).
Constructive Uses? (Score:2)
Re:Constructive Uses? (Score:3, Insightful)
Its gotten bad enough that Symantec has posted a KB article on it, here [symantec.com].
Distributed.net also has a trojans page here [distributed.net].
---
www.symetrix.net
Re:Constructive Uses? (Score:3, Funny)
Target the mail-spamers. Go looking for the popular spam-blaster software and alter it to send 100,000 e-mails an hour to the Whitehouse. Locate 10,000,000 e-mail addresses in a file and randomize the domain and username. Alter the body-text of the out-going message to delete all telephone numbers, e-mail addresses, URLs, etc, and add a message including the senders real e-mail address, phone number, and whatever else personal info can be gleaned from their system configuration. Send pro-terrorism rants instead of adverts and make sure the FBI is on the list of recipients.
I mean, if you are going to cobble together a few dozen lines of VBS, why not make it do something USEFUL?
Why do worm writers stay free? (Score:5, Funny)
Rolling stop my ass.
Re:Why do worm writers stay free? (Score:5, Funny)
Yeah, cause that will get ya out of a ticket...
"Hey Barney, why aren't you on the Internet stopping the real criminals! Boy, I'm glad I buy from Amazon, or else my sales tax would pay for your salary!"
Why do worm writers stay free? (Score:2, Funny)
Would that be free as in beer or Free as in speech?
They aren't terrorists! (Score:4, Insightful)
This is the sort of thing that really pisses me off. Not to say that virus writers don't do damage or even that they are not criminals but how can you compare a computer glitch to killing 3000+ people? These virus writers are kids with too much time on their hands, they aren't terrorists! The solution isn't to toss them in jail or throw away the key, the solution is to get them to do something useful with their skills and then to use products that don't have so many security problems. </rant>
Re:They aren't terrorists! (Score:3, Insightful)
As one reader in an earlier post, people who write bad and insecure code have an equal hand in security compromises.
Most of the worms and virii are being coded by teenagers or kids who just do not have an idea as to what they are doing.
Think of this, why are people allowing their systems to be compromised again and again? A hack is a different thing, a worm/virus is a different thing. When there are so many different worms/virii, it cannot all be squarely blamed on the creators. The makers of the softwares should own up responsibility for writing bad code.
Why aren't other operating systems as vulnerable as the Win* platform? It is not like there are not enough people willing to write worms in Linux or FreeBSD. It is just that it is not that easy to.
Most of these people are kids, for God's sake!
Writing a computer worm to show off to your friends is akin to showing off your driving skills. It is just a means of getting recognized by the peers. These people should just be taught that writing bad code is harmful. To compare it to heinous crimes and huge losses is just plain stupid.
If it also causes harm, that is largely because of the immaturity of the technologies. If sysadmins regularly patched up their softwares, and if programmers wrote secure code, the effect of these worms will steadily decline.
But how many admins bother to administer the latest patch? And how many software companies bother to get out good code? It is plain stupidity to blame it all one some poor nerd out there.
Re:They aren't terrorists! (Score:2, Interesting)
Pervasively defective applications and system software, coupled with a highly predatory monopolist work to ensure that most naive end users are unecessarily vulnerable to security exploits.
If the UCC were being effectively applied to Microsoft, these worm attacks would cease as Microsoft would find the motivation to re-engineer their products.
These are not some highly crafted bits of machine language. By old virus standards, they are incredibly crude. Yet they continue to cause havoc.
This is primarily due to security being an afterthought at the company that controls most consumer software.
This element of the problem simply can't be ignored so that you people can play a Puritan game of "crime and punishment".
These nuisance worm writers are actually doing us a BIG favor at this point. These exploits will eventually escalate to the point of being genuinely harmful. We have time now to get ready for this because of these "teenage joyriders".
They are the flu and they are telling us we should mind our hygeine.
Re:They aren't terrorists! (Score:5, Insightful)
Re:They aren't terrorists! (Score:2)
Re:They aren't terrorists! (Score:2, Interesting)
I must speak up (Score:2)
I happen to like a web page that compares Margret Sanger's ideaology with the Aryan ideology. It doesn't say she should be(have been) hanged for crimes against humanity (because she didn't personally commit any).
OT: You must be high (Score:2)
Wow. Before now, I wasn't sure what a libruhl Freeper sounded like. Here's a link [nyu.edu], in case anyone is wondering why this fucking clown thinks someone who was persecuted and prosecuted for spreading information about preventing STDs and unwanted pregnancies is the moral equivalent of a Nazi sympathizer.
If you have a problem with Nazi supporters in the US, you need to look to the right and not to the left. It sure as hell wasn't wobblies, unionists, and labor activists who bankrolled that monster. Think bankers and industrialists, and particularly think the Bushes.
Re:They aren't terrorists! (Score:2)
Re:They aren't terrorists! (Score:5, Insightful)
Furthermore, I would argue that you don't need to have political objectives to be classified as a terrorist. If I blew up a generator station because I think it'd be cool to see, I think it would be valid to classify me as a terrorist. This gets kind of tricky, because it'd be easy to categorize an arsonist as a terrorist, or a vandal, but I digress.
Anyway, the obvious analogy is that someone who targets information infrastructure (ie worm writers targeting email servers) is a terrorist. And don't argue that the analogy doesn't hold simply because there's no no permanent damage simply because it can be repaired. That's like arguing pulverizing every cubic inch of a building isn't permanent damage because it can be rebuilt. Don't argue that there's no real costs associated with worm attacks - do you think net admins work for free? (If so, I've got a job for you
Counterpoint - if blowing up a building is terrorism, why not burning it down? Should arson be considered terrorism? What about insurance fraud - if I burn down my old barn for the insurance money am I a terrorist? What about vandals? There's a continuum of crimes against property, as well as crimes against people; where do we put "terrorism" on that continuum? We must be cautious in verbiage used to define "terrorism"
in the law, lest the crime be placed further down the continuum than we want.
Counter-counter-point - arsonists rarely burn down every building on the internet; worm-writers at the very least have in their minds the idea that they could take out every email server on the internet (basically a DOS attack) or every workstation with the targeted OS(s) by wiping their drives after re-launching.
C
TERRORrism (Score:4, Insightful)
Re:Terrorism: Blowing up buildings vs binaries (Score:2)
So you experience no financial harm if I erase every bit on your hard drives, CD-ROMs, DVDs, floppies, and video tapes? Yes, a good disaster recovery plan will incorporate backups to restore data, but it takes time. Here's the equation:
Loss of data = loss of time = loss of money
For computer, yes, it's trivial compared to a building. For millions it can be comparable.
I would further suggest that the cost of recreating a software installation and configuration, as well as restoration of data, will be comparable to the cost of setting up the system in the first place - maybe a little more, maybe a little less, but in the same ballpark. I think the same is true of rebuilding a building. There is no permanent damage to the computer - granted. But there is no permanent damage to the building when you blow a hole in the side, either - the damage can be repaired. Just because the damage is "virtual" rather than physical doesn't make it any less costly. And frankly, the only two types of damage suffered in a terrorist attack are human suffering/death financial losses. I fail to see why wiping 1 million hard drives is necessarily qualitatively different from demolishing one building.
Re:They aren't terrorists! (Score:2, Insightful)
How many of the attacks where kids are involved were actually invented and written by kids?
Besides yes it is terroism since its mischief on the grand scale. Like it or not the internet is a mass communication medium and its a "way of life" for some people [some == growing].
That's like taking down the entire california telephone network and claiming "I'm bored". Not only is that dangerous [no 911 calls] but its disruptive to literally millions of people.
Tom
Terrorist no longer means anything... (Score:4, Insightful)
Over the last few months the word "terrorist" has lost all meaning. I also heard the other day that child pornographers were being called terrorists. And of course the Isrealis, Palestinians, and Americans are terrorists, depending on who you ask. I'm sure the people who set fires around Sydney were terrorists too. Nowadays a terrorist is anybody you don't like.
The old definition of terrorist was somebody who used terror as a tool to some political ends. Basically, if you can't defeat your enemy in a head-on attack, you choose an easy target calculated to demoralize the enemy.
It's too bad, because 'terrorist' really was a useful word. Now that it's being used so broadly there's no concise way to talk about 'classic' terrorists.
Re:They aren't terrorists! (Score:3, Interesting)
Great idea! Take a kid who obviously has no respect for other's property, and hand him the keys to your enterprise system! By the time he's done, all the backdoors, security holes, and other problems will be patched, except for your script kiddie's backdoors. Then, shoot the script kiddie. No known security holes, and one less 1337 haxor - everyone wins!
The one flaw in your plan is that the folks that make these worms are, for the most part, social backwards (no respect for others' property or lost time, and usually from a middle-class background, so they don't know how to really work for a living), and don't have a great set of computer skills, outside of those needed to find holes. It's a bit easier to find and exploit holes then it is to find and patch those holes, so the assholes will always have the advantage.
Personally, I like the Kevin Mitnick treatment - put 'em in jail for a while, away from computers, then put them on probation, again without access to computers. If you are too socially retarded to play the game right, then you'll have to sit on the sidelines. Too bad these kids are privileged enough that their parents could hire lawyers, and parents are brainwashed into thinking that computers are necessary for their kid's education...
Re:crimes? (Score:2, Insightful)
From the original post (emphasis added):
Not to say that virus writers ... are not criminals but ... they aren't terrorists!
I think you missed Christianfreak's point. They are criminals. They should be punished (or, better yet, rehabilitated... but when have we ever done that with criminals?). But they are not terrorists.
Granted, terrorism doesn't have to involve killing, but these kids aren't trying to make some crazed point. They're not striving to strike fear into the heart of everyone in the nation. They are simply, as Christianfreak put it, kids with too much time on their hands.
The people equating virus/worm writers with terrorists seem to be putting their bottom line at least on par with, if not above, the value of human life. That frightens me more than the network being down for a couple of days ever would.
Re:crimes? (Score:2)
Re:crimes? (Score:2)
Re:crimes? (Score:2)
Not to say that virus writers don't do damage or even that they are not criminals
The writer agrees that they are criminals. The poster simply says that the writers are not terrorists, as the original article implies. I agree completely.
Anyone calling them "terrorists" is just as guilty of using the Sept. 11 attacks for their own good as Saturn is in their latest line of commercials, trying to sell more cars "because it is our duty as Americans."
Treat them as criminals, not terrorists. There is a huge difference, and hopefully the American people can remember that difference when we start trying Middle-Easterners for expired visas.
To put this argument another way, if you break into my car, should you be tried as a terrorist?
Re:crimes? (Score:3, Insightful)
going after (Score:2)
If you read their click-wrap agreement, it says:
When I contacted AMI about the Y2K problem on a 1993 motherboard, they told me there waas no bios update, but they would be willing to sell me a clock card.
Re:going after (Score:2)
Sniff! Smells familiar...
Re:They aren't terrorists! (Score:2)
Vandalism is using unlawful means just for the hell of it. Crime usually does terrify people. That doesn't mean every criminal is a terrorist. Hell, I was terrified over final exams this semester. That doesn't mean my profs are terrorists.
There's a fine line in some cases, but unless a worm writer is working for some political cause and deliberately trying to frighten people in order to change their viewpoints, then the definition of terrorist does not fit. Vandal, perhaps. Maybe even burglar in some cases. Or, more descriptively, "author of a destructive program." But not terrorist.
There is a disturbing trend of identifying every sort of criminal as a terrorist, because that word carries a certain fear factor with it. Which sounds better: "We apprehended those delinquent web site crackers!", or "We apprehended those evil cyber-terrorists!"? Which would be more likely to get one promoted or secure more agency funding?
Isn't that "meta-terrorism" of sorts? Hrmmm...
-John
Re:They aren't terrorists! (Score:5, Interesting)
A criminal is, by definition, someone who commits a crime. Speeding is a crime. It doesn't compare to murder in severity.
Actions have consequences. We can (and should) blame Microsoft all day for their flippant disregard of security, but that doesn't mean these script kiddies aren't commiting serious crimes. What if a teenager broke into a factory and managed to shut it down for several hours. Would we be sitting around saying, "Oh, well, he's just a kid with too much time on his hands!" or would we be considering the fact that he cost the company thousands or millions of dollars. Well, Internet servers have reached the point where they can have as much impact on a business as the physical property and machinery.
We need to recall that consequences (and punishment) should fit the crime, not the criminal. A relatively harmless crime needs a small punishment (or possibly even just a warning), whereas a larger crime requires a larger punishment. Otherwise you end up with anarchy.
I don't want to see young kids pulling years of hard time for youthful indiscretions aided by bad security measures, but if there's no threat of punishment, then there will be no deterrent.
I wish it were possible to focus a little less on fuzzy IP issues (which are important, but the government is listening too much to the money and not enough to its own law, precedent, and common sense) and a little more on the fact that the entire global computer network is being bogged down by the actions of a small number of penny-ante vandals.
Re:They aren't terrorists! (Score:2)
Ooh. Name-calling.
Go back and look at my post. Now look at what it was in response to. I no more believe that script kiddies aren't criminals than Swift believed that people should eat Irish babies. It's some pretty blatant (or so I believed) satire directed at the absurdity of the previous poster's argument where he/she defines terrorism strictly in terms of bodycount. That's why I quoted exactly what I was referring to.
Futhermore, I would think something as absurd as saying script kiddies aren't criminals would raise people's red flags, helping them identify the intent. You obviously caught on to the absurdity of it, but you missed the parody part which shifts it from trolling to satire.
Re:They aren't terrorists! (Score:2)
I guess I'm guilty of sarcasm profiling.
Re:They aren't terrorists! (Score:2)
I think your point is very good and thoughtful, but it really goes into the whole question of punishment vs. rehabilitation and whether they can coincide or if one can cause the other. I hope and think that will be a question that will be answered much better in the 21st century than in the 20th, but it's not happening yet.
Re:They aren't terrorists! (Score:3, Insightful)
Your point regarding giving skript kiddies jobs creating more skript kiddies isn't very realistic. It's a job, yes, but it's not a job they'd be proud to have. No convicts commit a crime hoping to be making license plates, there's just no incentive. But rather than a pointless punishment (i.e. imprisonment), make it productive. If you do a little research, you'll find that alot of IT security companies have real hackers on board. It makes perfect sense. Alot of insurance companies hire ex-burglars, to see how easy it was to break into someone's home/business. Security is always a 2 way street. It's the responsibility of both the individual and the company/service that provides them with security. Think if you get a 10 million dollar home and have gold bricks lying around in each room. A burglar discovers this from outside. Also you have a million dollar, state-of-the-art security system, but you don't arm it each time you leave the house. Who is at fault when you come home and all your gold bricks are gone?
Re:They aren't terrorists! (Score:3, Insightful)
Think of it this way. I impress the typical
I understand that a lot of IT security companies have hired ex-(h)|(cr)ackers and that's fine. But if getting caught means a good prospect for getting a job in computer security, then rooting someone's box becomes less of a crime and more of a resume builder. You see, there's a significant difference between making license plates, and working in high-tech security. I'm not saying it still couldn't be a deterrent, since many people won't want to deal with an ex-criminal, but people who are stupid enough to make things like nimda, might see it as a way to get ahead.
There are other kinds of useful community service that could be used, even jobs that take advantage of computer skills. I recall a friend got busted for some minor violation in college in the early 80's and ended up setting up a database for a local church as his community service.
I agree that alternatives to "pointless punishment" should be found, because there is an incredible waste of human resource when someone is sitting around sulking in striped sunlight for years on end. But we have to remember that punishment for crimes needs to be something that people want to avoid, not some kind of jobs program for troubled youths. That should happen before the legal system comes into play. We have to remember our first priority is trying to keep people from committing the crimes in the first place, even if we do still want to help them once they do.
That's all I'm trying to say.
Rick
p.s.
Who is at fault when you come home and all your gold bricks are gone?
The thief. You might be at fault for being careless or incompetent (and if it were your job to secure the gold, that's another issue), but the thief is still guilty of far worse. Maybe you shouldn't complain if your house is burglarized, but there is still a significant difference in the degree of moral fault here.
If I walk out and leave my gold bricks lying around unprotected, that in no way mitigates the degree of guilt of anyone who might happen to steal them.
Re:They aren't terrorists! (Score:5, Interesting)
You are in a car accident, your fault. The other guy was wearing a seat belt and suffers minor injuries. You are charged with failure to control. You pay a minor fine and maybe do some community service.
Now consider your same action:
You are in a car accident, your fault. The other guy was not wearing a seat belt and dies. You are charged with vehicular homiside. You spend a few years in jail.
Your same actions caused two different events based solely on someone else's choice. Is it truly fair that you should be punished more severely for the second result than the first? The same situation exists in your example. You wrote some stupid virus that spreads, but doesn't do much more. Clearly, you're not a saint. However, because some putz in charge of the airport control system left out the patch, your "innocent" virus spread through the airport control system, and unfortunately DOSed it offline. This brought down planes.
Should you really be charged with terrorism when the intent was not there? Where is the responsibility for the other person who allowed this to happen?
No money in catching them. (Score:5, Insightful)
Re:No money in catching them. (Score:5, Interesting)
*gulp* (Score:4, Insightful)
Terrorists? Virus writers are terrorists? Keep it up, boys, and the word will lose all meaning and everyone will be desensitized to what it really means. Sheesh.
Obviously the legal system doesn't see them as such, yet, from the details of the article.
Re:*gulp* (Score:4, Interesting)
Pretty soon you won't be able to sneeze in a subway car without someone accusing you of biological warfare.
If you don't call everyone a terrorist.... (Score:3, Funny)
D'oh.
Re:*gulp* (Score:2)
Gah.
Re:*gulp* (Score:2)
Two popular (among gov't theorists) scenarios are a terrorist poisoning a reservoir, or piloting a cropduster loaded with biological agents over a city. Yet neither of those seems to have yet happened. Likewise, if nukes are so "easy" to obtain on the black market, why haven't we seen any suicide bombers with them yet?
Now, consider a worm designed to, say, sniff out the settings (including passwords) needed to gain root-level remote access to a large, typically insecure company's network. Perception: the hacker could, say, add himself to the company's payroll, with money going to a Caribbean or Swiss bank account, or just transfer much of the company's liquid assets to same, and that's just the easy stuff (not counting corporate espionage or, for companies with a lot of intellectual property, copying the IP - say, stealing the Windows source code with intent to post to the world). Reality: these programs almost never go beyond mere defacement or disablement of the systems, and spreading themselves; deeper hacking would require personal involvement and actual malice that the script kiddies usually lack (for example: even if one had complete access to Microsoft's networks, it would take ages to gather and document for public release even a mere majority of the Windows source code).
Re:*gulp* (Score:2)
It's a strange sort of vandalism, though.
If I spraypaint my sign on a business, then that business has to spend extra money to repaint, and maybe buy some security lights or hire a security guard, or risk loosing customers due to customer bad impressions.
If I write a Windows worm that results in email systems all over the world shutting down and horrible network congestion, then almost everyone that does web work loses a few minutes. Even if you run Linux and Mozilla, your Slashdot load time will be that much slower, due to all the other packets running around the backbones, and you'll get that much less work done.
Businesses will lose money, but very little of it will be identifiable. The identifiable stuff - network guys spending their weekends patch Winboxen - is misleading as well, since many of these guys are salaried. In the end, it turns up as a dip in productivity, vaguely measurable, possibly showing up in end-of-year profit statements, but hard to prove.
It does impact the bottom line in subtle ways, though. Reduced profits lead to reduced taxes, and the government has a little less money to spend.
So, yeah, call it vandalism, possibly bordering on property damage, but also add "defrauding the government" or some such charge. Those IRS bastards know how to squeeze money out of folks that owe them money.
Re:Terrorism (Score:2)
terrorism: The unlawful use or threatened use of force or violence, not authorized by a government, by a person or an organized group against people or property with the intention of intimidating or coercing societies or governments, often for ideological or political reasons.
That is, it's violent crime for political reasons. And note that with this definition, any laws against terrorism are redundant -- blowing up buildings is already illegal, blowing up buildings with people in them is more illegal (murder), etc. You don't need anti-terrorist laws, you just need effective enforcement of the usual laws, including doing something about other nations which shelter conspiracies to commit crimes in your nation. So when politicians rush out to pass more laws, ask whether they are (1) pandering to popular hysteria by passing unneeded laws, or (2) extending the power of government to meddle with political groups, thereby making it even harder to get the incumbents unelected...
Of course, by that definition, nonviolent crimes such as computer exploits are certainly not terrorism. When someone calls a non-violent crime, or a non-crime, "terrorism", I rather suspect that he belongs to group 2 above. But this sort of re-definition just pushes us closer to the most cynical definition of "terrorism": individuals or non-governmental groups doing what governments do.
After all, the FBI apparently now has a trojan program that insinuates itself into your system, records your keystrokes, and sends them your passwords. And if they can't directly get to the target system itself, want to bet they won't embed that in a virus to feed to any vulnerable machine on your local net? But they aren't terrorists -- because they're the gov't...
Wasted bandwidth from SirCam (Score:4, Interesting)
As SirCam virus e-mails average 250kb per message, each month we pass over a gigabyte of bandwidth on this crap.
I wonder if its possible to approximate how many dollars worth of bandwidth and lost productivity have been lost to these kinds of worms. I don't see why the authors shouldn't be prosecuted more harshly. This is just large-scale vandalism that raises the prices for everyone else to make up for it.
Re:Wasted bandwidth from SirCam (Score:2)
Hmmm. You've probably got T3 or better pipe, but lets say you only have a T1 (1.5 Mbps). A GB takes a only a couple of minutes of your monthly bandwidth capacity. You're incensed at this? You're going to devote major efforts to stop it? If so, you don't have enough to do to keep you busy with business mission-critical work there. Less than 1% of bandwidth capacity is just noise.
Of course, destructive worms are a much different matter, and where worms destroy systems and data causing lost productivity, overtime, and business losses I agree with you, somewhat. But clueless choices to use Microsoft software are where the blame really should be placed in such circumstances. The worm/virus writers are just opportunists preying on fundamentally insecure Microsoft based systems. And that's your fault.
Re:Wasted bandwidth from SirCam (Score:2)
Gosh, at this point, I'd really look into installing a good AV filtering gateway. You won't cut bandwidth in, but at least you won't be passing the stuff on.
Oh yeah, the guy who told you kick off Windows users? He was right, too...
Re:If you ask me, (Score:2)
There are stupid people all over this world and they are allowed to be stupid.
Replacing the candles on a birthday cake with sticks of dynamite is a dangerous and antisocial practice. Anyone who does this can not succesfully argue that the person who is at fault is the one who stupidly lit the fuses. It may be true that it is easy to tell the difference and only a fool would light the fuses, but that does not absolve the dynamiter.
Let's limit the destructive capabilities (Score:2, Insightful)
So, while some sit pondering on how to prosecute the authors of such worms, doesn't it make more sense to focus efforts on preventing the problems that worms cause by eliminating the well known, published ways that the past 4 or 5 recent worms have propogated? How many email worms need to take place before people realize that the worm authors are only half guilty? End users need education. Applications (read Outlook) need to provide better ability for users to limit functionality to core functions unless otherwise needed.
Catching the new virus writers and discovering their techniques is and always will be a game of "whack-a-mole". You slam the hammer down, only to find another one pops up in a "security-hole" somewhere else.
Re:Let's limit the destructive capabilities (Score:2)
That's right. Because outside the US there isn't any law or order to speak of....
Form a posse? (Score:3, Interesting)
So what I'm wondering is if anyone has bothered to form an organization to do exactly that, maybe along the line of CyberAngels [cyberangels.com]. Let's face it, the people who write these useless things, although they definitely aren't terrorists, are wasting other peoples' bandwidth, resources, and precious time. And they do deserve to be punished. But what's stopping the slew of arrests is a lack of manpower. Law enforcement officials can't be everywhere, they have their limits.
So what I'm suggesting is something based off of CyberAngels. The people volunteering there track down stalkers, harassers, child pornographers, and other "cybercrimes" that go beyond the Internet and into your personal life. They do good work. My idea then, is much the same. Get people with the necessary skills, who understand the net, understand the technology, and make use of those skills to help track down all those worm writers, script kiddies, and the like.
Personally, I think it may work. Anyone have any thoughts?
Put a price on their head (Score:3, Interesting)
Re:Form a posse? (Score:2)
Anyway, It reminds me about the old days(well early nineties anyway) of IRC when I used to op on one of the more family channels and occasionally some a/s/l retard would come in asking for cyber or whatever. (Click name F2 - kick F3 - kick ban F4 kick ban winnuke!).
It sometimes came to the ops attention that there where "kiddie pr0n" people on the networks and sometimes they would DCC this crap to kids and the like. There where also a bunch of kids who would invoke the whole ping / dcc flood etc nightmare on newbies and stuff.
After a while a whole bunch of the more technically literate among us started to fight back, invading pr0n channels, gathering evidence, and getting offenders server banned etc. On one occassion it lead to a raid by some US cops on a particularly bad offender leading to some apparently nasty child abuse being uncovered.
None the less we where told to refrain from vigilante behaviour by the server ops, and for me that spelt the death of IRC as since we felt obliged to do as we where told, it only left the assholes with the weapons to do the attacking
I do not intend an analogy with gun laws, since when human life is concerned , I feel it's best left to real cops, but with the sort of "emotional" damage that malicious skript kiddies and pr0nsters can do, sometimes fighting back really seems the thing to do.
Think snort add in that DoS's back!(maybe)
Re:Form a posse? (Score:2, Funny)
Also, if you are going to draw and quarter a bunch of script kiddes it's also time to start fining and imprisoning the stupid people that execute these trojans.
Why just punish the author? Without a few morons to spread this stuff around, it never would surivive in the wild. Really? How many UNIQUE email addresses did you see the last time one of these things rampaged across your corporate email network. 2? 3?
Take those 3 twits into the corporate atrium and FLOG them.
Writing Word templates is not a crime. (Score:2, Interesting)
Are you crazy? (Score:2)
See how stupid it sounds when you give it a real world analogy? This is the same logic that says that if your house is unlocked then it's legal to rob it. If people were made to defend themselves from every threat then there'd be no need for police or defence forces. The sad thing is that some people believe this "Well, they were vulnerable, they were asking for it. They should have been more careful! Not my fault."
Now, I agree that Microsoft needs to focus more strongly on security but people who write malicous code are still criminals, not terrorists but still criminals.
Blaming the Victim (Score:2)
In the case of laying some responsibility at the feet of the OS writer and the System Administrators, in the first case it is their job to make sure that their product is reasonably secure. In the second case it is part of their job to keep up with the security patches and make sure that the corporate systems are reasonably secure.
In the case of the people who wrote the OS or software that gets compromised again and again, a better analogy might be to compare them to a bunch of builders who build houses with no locks or faulty locks that fail to keep people out.
In the second case, you might compare the system administrator to someone who bought the house and then didn't take any action when the lock recall went out (or he didn't install it becase installing the new lock makes the toilet stop flushing...) In many cases he does this even though he lives in a hood known for its high level of break-ins and robberies.
When it's your job to make sure the company's network is reasonably secure and the same attacks against holes that were announced months ago work again and again to compromise that security, I'd say you're not doing your job very well. Excuses may be made, like "The fix breaks 14 other things" or "We didn't have time to test it on all the company platforms." In the first case I'd say the vendor is at fault and if they can't fix the problem to your satisfaction maybe you should consider a new vendor. In the second case, I might want to send some blame the way of the CIO/CEO as the department is obviously underfunded or the corporate infrastructure is badly designed.
Hurting people, not network equipment (Score:2)
The world is just not that dependant on the Internet, and never will be. Worms are definitely annoying, but they aren't hurting anyone physically, ever.
Re:Hurting people, not network equipment (Score:2, Insightful)
We don't need to punish those that embezzle from the banks, companies, etc. Nobody dies. Production doesn't stop in our factories, our banks and credit cards keep making debt for people, the hospitals don't keel over.
The worm writers steal resources from companies, universities, governments, etc. when they have to deal with tracking down and eliminate the worm. This is valuable time that could be used working on other issues. Just like with embezzlement, there is cost to people involved.
btw: People make debt for themselves.
Riddler? (Score:5, Funny)
This detective must have never watched the old Batman shows.
Punishment? (Score:3, Insightful)
Pah! I know what to do with them. Charge the writer of a virus/worm for time the Admin puts in to fix or block their poisoned program. If the virus/worm writer doesn't have the money, then the Admin will charge through violence to where one hit upside the virus/worm writer's skull with a 2"x4" will be exchangable to 15 minutes of the Admin's time that could have been better spent.
Sorry to rant, but virus/worm copycats^Wwriters really get on my nerves, especially when I could be spending that time doing something with my friends, instead of telling sendmail to block out the latest "Melissa" clones.
Well. (Score:2)
I, personally, don't ever feel anger towards those who wrote these. 99% of them spread due to the sheer ignorance of the masses.
Or rather, if someone in the company opens a virus attachment, and it spreads, I don't say 'damn virus'.. I get mad at the employee. There is NO EXCUSE for not understanding what to open.
Possible explanation (Score:2)
Informed Authorities (Score:2)
I don't know... Maybe it's just my imagination...
Just seeing 'informed' and 'authorities' together just made me picture a Hippo and an Aligator dancing. Those two words just don;t go together well.
Time for a better metaphor (Score:3, Interesting)
Imagine if someone went to a photographer and had some "personal" photos taken for their spouse. And that the photographer made poster-size prints and put them in the front window with a sign saying, "Please don't look at these."
Would you prosecute the 13-year-old kid who came by and looked at them? How about if he took picutres of the posters and put them up on his web site? The originals are still "secure" in the studio's safe. How can you blame the photographer?
If current computer law (UCITA, DMCA) were applied to this situation, the 13-year-old would be in jail and the photographer would be suing me for telling you that the posters were available.
Re:Time for a better metaphor (Score:2)
That is a very different situation. There is a difference between leaving something to be seen in a very public place and computer crime. The closer analogy to someone breaking into a computer is someone sneeking into a tree in someones backyard and looking through the partially open window and spying on them. Then again you'd probably think that it's their fault for leaving the blinds slightly open. An unprotected computer is not the same thing as a something intentionally made public.
Your analogy is VERY WRONG (Score:2)
Would you prosecute the 13-year-old kid who came by and looked at them? How about if he took picutres of the posters and put them up on his web site? The originals are still "secure" in the studio's safe. How can you blame the photographer?
Your analogy only makes sense if cracking a site requires a passive activity such as accidentally visiting a URL or attempting to connect via FTP. Unfortunately, most cracking involves active malicious intent by the perpetrators which doesn't jibe with your analogy.
A better analogy would be if the photographer had the pictures in a drawer marked and some teenager felt that he/she couldn't resist looking at the pictures. The teenager is still in the wrong but one can also blame the photographer for not taking better precautions which means both parties are at fault which is the case in most cases of cracking websites.
Time for a new brain (Score:2)
You imply that digital data has no intrinsic worth, and therefore can't be stolen. What century are you living in? Future generations will view your analogy as hopelessly anachronistic, something like stories your grandpa tells today about one-room schoolhouses.
And as for the substance of your analogy - "a guy takes nude pix of his wife and puts them up in his window with a sign saying don't look at these" - how does this utterly absurd statement clear things up for you better than the "if you leave your front door unlocked" one? Do you even know what your point is?
You made the exact mistake I'm pointing out (Score:2)
This is exactly the mindset I was criticizing. I didn't say or imply that digital data has no intrinsic worth. I said that its worth had to be calculated differently from the worth of phsical goods.
Theft of physical goods deprives the rightful owner of their use. Copying of digital goods does not deprive anyone of their use, but in fact greatly increases the number of people who may potentially use them. This could, of course, possibly reduce the value of the digital goods. Certain information is only valuable when it is not widely known. This is why Digital Rights Managment is so important to the RIAA and MPAA.
The point of the analogy, since you seem to have missed it, is that the customer pays someone for a product, and the provider doesn't take steps to ensure that the product is secure. The fact that EULA's have not been tested in court is the only reason software producers continue to believe this is acceptable.
Re:Time for a better metaphor (Score:3, Interesting)
Now imagine if, instead of being posted in the windows, the photos were in a drawer with a big-lettered sign - big enough to be readable from the street, through the open door the sign faces - that says "Nude pix! Do not open!". I suspect the same legal theory could apply, especially if the kid were to sustain any injury as a result. (The way the world is going, forever destroying one's ability to blindly trust big institutions might almost count as "injury". ^_-)
I know this applies in California, USA, at the least; does anyone know if it applies elsewhere?
Misplaced blame (Score:3, Interesting)
Virus/worm authors are like cockroaches. Sure it sucks to have to deal with them, but it's your own damn fault. And prosecuting is pointless - there's a million more where the last one came from.
Most current viruses are NOT very sophisticated. They exploit wide-open security holes in unpatched operating systems that were produced by careless vendors. It's like getting pissed at people walking into your house at all hours of the night. Yes, they shouldn't be doing it - but if you were locking your doors it wouldn't be a problem.
My point is that the blame should not fall entirely on the virus/worm authors. It should be evenly distributed between the vendor (for being negligent with regard to security); the system admin (for the same); and the virus author.
We need to define the crime a worm writer commits (Score:3, Insightful)
First, the "WiReD" article confuses worm - a program or process that propagates itself to a different computer, usually via some networking protocol, and chainmail - an email message that requires human intervention to automatically send out more email messages, usually containing the same or slightly evolved chainmail. WiReD should straighten up its vocabulary on this issue, they do no service to anyone confusing the two.
Second, the techniques used by both chainmail and worms are all used by legitimate scripts, programs and emails. How does law enforcement propose to declare one email message a crime, and another legitimate? And I don't mean "Let's ask some expert like Graham Cluely."
Sure an IIS worm like Code Red usually uses some initial exploit, like overflowing a buffer in an IIS module or service or plug-in or whatever the MSFT lingo is, but Nimda used a variety of techniques built in to IIS, "shares" and Outlook. The variety of Outlook worms (Anna Kournikova, Nude Housewife, etc etc) and even the CHRISTMA EXE chainmail of 1987 [ncl.ac.uk] used entirely legitimate techniques built in to Outlook and other email viewers. The 1988 Internet Worm used both legitimate techniques (BSD "r" commands that didn't require a password) and exploits like "fingerd" buffer overflows. How do we define the crime - "I didn't authorize this use of Outlook" really doesn't amount to a way to decide whether or not a particular program committed a crime. Similary, worms like x.c [jammed.com] get telnet servers to crash in particular ways when they spread. Gee whiz, a network server process crashes! That's news, for sure. I guess that hasn't happened to me since yesterday. How do we make one instance of a crashed program a crime, and another instance into a bug report?
About the bandwith... (Score:2, Insightful)
Re:About the bandwith... (Score:3, Funny)
7
Let's define "terrorist," shall we? (Score:3, Insightful)
Since some people are confused, let's look it up in the dictionary [dictionary.com].
Now, I do agree that a skilled person could use computer viruses for the purposes of terrorism, as defined above. But clearly 99% of viruses do not fall into the category of terrorism, and therefore calling their creators terrorists is quite a stretch. Most of them are smart young people with no common sense, no direction, and a distorted sense of right and wrong
I'm sure Russ Cooper [mailto] is more interested in getting his site linked from wired, and knows mentioning the buzzword 'terrorist' is sure to get a soundbyte.
Refer to previous article (Score:2)
One thing about Corps, they're generally consistent. Of course, that's generally, not always [computerworld.com].
Illegal software (Score:5, Interesting)
The only rational solution, as is the case with other "banning the tool vs. banning the act" problems, is to ban the act of dissemminating virii or worms maliciously. Banning certain types of software is an ill-conceived notion, just like banning certain guns.
Those who believe that software (in the US at least) is constitutionally protected speech may want to think twice if they believe virus writers should be prosecuted. Judging software based on its purpose is probably impossible - is deCSS a tool for piracy or for interoperability? Depending on who you ask, you will get 2 different answers. Is back orifice a security tool or a hacking tool? Is it a virus? Should the writers be prosecuted?
Virus/worm software does have redeeming educational value, however little.. it's useful for exposing vulnerabilities, even if it only shows that the end user is stupid.
So even though virii, worms, spamware etc. are a pain in the ass, I do support your right to create any type of software you like. The other alternative, banning classes of software, is actually more dangerous.
Note this has nothing to do with my view on copyright. Of course if you infringe someone else's copyright in your software you are breaking the law.
Re:Illegal software (Score:2)
Is a computer program that one created to do something damaging really free speech? Okay, lets say they add a political message to the virus, which flashes the political message over and over on the computer screen. This isn't quite free speech - its vandalism. If I used spray paint to put my political views on the side of one's car to make a point - I'd get tried for vandalism and no free speech argument would protect me. For the virus, you've taken over someone's computer and temporarily vandalized it. The spraypaint on the car and the virus can both be removed, returning the item to original condition, but damage was still done.
So lets take this further. Lets say I write a virus with a political message that "capitalism is evil" with a destructive payload that erases all the non-freeware programs. Now this virus makes its way to a water treatment plant, and screws up computer-operated water handling system. The erased program causes the pump to go to its defualt mode, which causes several hundred thousand gallons of sewage (read e-coli contaminated) to be forced into the clean water tank. Several people get sick and some elderly and children die. I've now used a tool, with no real benefit to others (except those who know how to use it to look for security holes) as my method of free speech. Should I be tried for terrorism or manslaughter? You bet! Whether or not this scenario could happen, it is possible, and therefore, it suggests that the tool should be banned, or at least restricted in access.
Some tools are meant to be restricted for a reason, because when used improperly they can cause huge amounts of damage. Therefore we ban their use except to those authorized (and trustworthy) enough to use them. Certain biological techniques have been voluntarily banned due to their danger they could cause to humanity in general. I'm not talking about cloning, but some very complicated retrovirus techniques which created a cold virus that creates cancer. The Austrialian lab that created this realized what it had done, destroyed all the work, and asked the few other researchers to drop this line of research until controls could be put in place. The ban was accepted, and it makes perfect sense.
Virus programs do nothing constructuve except find security holes. So it makes sense for computer security experts to use them in controlled settings, but to make them available to the public does not make sense.
All that being said, the technology and know-how is already out there, so one can't put the genie back in the bottle in regards to viruses. However, we can ban their use in the public when damage is caused by them, provided we actually enforce the law. If we don't enforce it, then we shouldn't even bother passing the law.
Re:Illegal software (Score:2)
If I used spray paint to put my political views on the side of one's car to make a point - I'd get tried for vandalism and no free speech argument would protect me. For the virus, you've taken over someone's computer and temporarily vandalized it.
This doesn't go against my philosophy - your act of vandalism has broken the law, irregardless of whatever message you've spray-painted. My act of infecting a university's servers with a destructive worm would be theft of service, regardless of which worm I used, or who wrote the worm. The act of writing the worm, by whoever did it, may or may not have been with malicious intent. Really, there's no objective way to tell or prove one way or another. Is it malicious of OS writers to make an OS with raw socket access? I don't think it's malicious to create a computer with open hardware standards, that can be programmed to do evil at the lowest level. At what point in the tool does the responsibility end?
Lets say I write a virus with a political message that "capitalism is evil" with a destructive payload that erases all the non-freeware programs... it is possible, and therefore, it suggests that the tool should be banned, or at least restricted in access.
You may have misunderstood my "software as speech" point. I wasn't talking about including political speech in software, or using software as a way to get attention - just that I and many others consider software code to be protected speech. This means it is afforded many protections under the constitution, including protection from being banned based on content. If I post the code to my virus onto my web site, nothing in the law should prevent me from doing that.
Your point that potentially destructive software should be banned or restricted is a dangerous view. Are you in favor of export controls on encryption? I'm assuming you're here in the US, where controls have been relaxed but not yet eliminated due to the mistaken view that banning strong encryption will somehow empower intelligence and law enforcement agencies. This is exactly what I'm talking about - encryption is considered by most to be a necessity for security, and by some to be a national security risk. But above all, an encryption algorithm should be considered protected speech.
Some tools are meant to be restricted for a reason, because when used improperly they can cause huge amounts of damage.
I suspect we disagree on gun control, too. I won't get into that, except to say that I was once strongly in favor of radical gun control. I've now realized that the more legislation, and the more "banning" there is, the less responsible people become. We need people who feel responsible for their own actions, not laws. And that is a MUCH bigger debate, which goes to the root of our corporate society.
Once I realized my hypocrisy in guns vs. encryption vs. virus/worm/spamware I came to see that it's really the same topic, and I am for the act, as opposed to the tool, being punished.
Certain biological techniques have been voluntarily banned due to their danger they could cause to humanity in general.
I don't think this is the case here. It would do more harm than good to prevent knowledge of security flaws, and demonstrations of them, from disseminating. If people feared for their freedom, they wouldn't expose security holes. As we've seen recently, when companies aren't FORCED to issue patches they tend to ignore gaping holes in their software.
Voluntarily is also the key word here. It's usually a good thing when the scientific community voluntarily decides to drop something, and we do need to see more of this. Human cloning and bio-weapon research are two areas that could use more scientists who actually thought about ethics. Is banning whole classes of scientific research the best way to progress, though? The church also banned research when it felt threatened..
Virus programs do nothing constructuve except find security holes. So it makes sense for computer security experts to use them in controlled settings, but to make them available to the public does not make sense.
However, the ONLY way to get companies to respond is exactly what you said - full disclosure is the only way to go. Security by obscurity (what you describe) keeps knowledge of flaws in the hands of the few, who have enough resources to find them (e.g. the NSA, companies, and yes, you can't rule out terrorists).
However, we can ban their use in the public when damage is caused by them
Well that is exactly what I support! Maybe we don't disagree as much as I thought..
Re:Illegal software (Score:2)
Re:Illegal software (Score:2)
Note I'm not saying anything about your provider's TOS, or any community effort to silence you (as is the case with spamware). I fully support RBL's inclusion of spamware vendors on the list, however much they may cry "but free speech! free speech!" Your provider is also within their rights to boot you for posting viruses.
worms waste bandwidth? what about packet kiddies? (Score:2, Insightful)
CmdrTaco writes:
if you've ever been on the receiving end of a round-the-clock DDoS attack from irc packet kiddies, you know about wasted bandwidth. worms seem to be a mere drop on the bucket.
the only difference is - worms are indiscriminant; they walk their way thru IP blocks no matter who owns them. so big ISPs get their panties in a bunch and can use their muscle to bargain for the FBI's time. irc revenge DDoS is usually directed towards EFNet servers at the handful of ISPs who are brave enough to still be operating one.
but, these two issues are related. the machines infected with the worms (which expose massive exploits) are usually taken over as zombies for nefarious bidding (such as the aforementioned DDoS).
perhaps then we can roll in responsibility for the DDoS to the charges against the worm writers? then the cost of bandwidth soars astronomically and can probably justify more significant prosecution. (and hey, maybe get a little bit of 'official' attention to this problem (DDoS) that's been going on for years).
I'll take this advice... (Score:2)
Strings inside code could be used as evidence, but they are not very serious evidence, not more serious than a papernote left by a burglar saying "I wasn't!". After all, we don't want incrimination to be that easy.
Reasons (Score:2)
The people in our Govt are the problem and the terrorists. They try and generate fear in the public about what these worms can do!
I say we leave it to a team of geeks to find these people, and then bludgeon them with rubber hoses and soap in socks.. 3 months in prison wont stop them but the fear of getting their ass kicked by a few pissed IS/IT people will.
New kind of free? (Score:3, Funny)
Free as in software
Free as in worm author
only destructive because of incompetence (Score:2)
Worms and viruses are the equivalent of teenagers skateboarding in a China shop. Sure, technically, if they knock something over, they are responsible. But why the hell did the shop keeper allow skateboards in the shop in the first place?
It would be a sweet deal for Internet businesses to be able to have all their security-related costs to the public. But the people who should pay for Internet security are the ones benefitting from Internet business--the merchants and infrastructure providers. Putting this responsibility on the public amounts to a huge corporate welfare check for Microsoft and Internet businesses, who get to keep making profits without bearing the cost of security.
Re:only destructive because of incompetence (Score:2, Insightful)
There is nothing technical about the skateboarder's responsibility for something being broken by his/her own actions. Does the owner need to post a no skateboarding sign, or can we as a society rely on common sense.
We, as a society, have relied on the common sense model for a very long time. What has changed in our society, that people don't think that they are responsible for their own actions?
Yes, people shoud do a better job in writing their software. That does not excuse those that are writing the viruses and the worms.
Why worm writers stay script kiddies (Score:2, Interesting)
It's enough to take a quick look at my server's logs to see a bunch of attempts to exploit IIS holes in Apache! This alone makes me wanna put them behind bars...
For God's sake, all they have to do is check the server type and thus spare lots of bandwidth. A real coder would do that.
Apparently VB aware script kiddies wouldn't...
Resource use by spam vs. worms... (Score:2)
The bandwidth wasted by a successful worm is gigantic. To say nothing of time and disk space.
In terms of bandwidth/time/storage space, which is worse for the net as a whole, then? Is it successful worms, or is it really the spam?
I think it's the spam... and since I've never been directly affected by a successful worm, I most certainly would rather see spammers get jailtime rather than worm writers, if I had to choose one or the other.
Both would certainly be acceptable.
Evidently, DMCA is the real priority... (Score:2)
Let's get our priorities straight! Now that Sklyarov guy, there's a dangerous criminal! His ultra-dangerous Adobe-buster is cyber-terrorism at it's worst! That must be why Skylarov has spent more time in jail than all the script kiddies in the world combined. And people think our government doesn't have any sense of priority! Way to go DOJ!
"Overworked Law Enforcement" is half the reason (Score:2)
If just ONE of those companies that "lost billions" had prosecuted the perp themselves, we wouldn't be having this discussion.
But no, we sit here and decry how "law enforcement is overworked" to do all the prosecuting for us. And in those places where medical service is also government provided? Gee, the same discussion, how "medical providers are overworked".
Maybe the pattern this obvious to me is obvious to others. Has anyone who claims to have lost money gone after a virus writer? Anyone? Any company? Any organization?
The negative effects of abrogating your physical security [jpfo.org] to "law enforcement" is well known. There is very little argument that even the best firewall does not eliminate the requirement that individual PC's and servers be individually hardened.
Yet with all this emphasis on distributed defense, there is not a distributed offence against these virus writers?
Bob-
Re:Aren't we going after the wrong people? (Score:2)
Bad Examples (Score:3, Insightful)
I'm all for considering computer crimes as "real" crimes. The damages you mention are real, the crime is real. The motivation whether it's greed, political activism, or just being a "prankster" is irrelevant. Such attacks on computer systems and networks can do enormous economic damage and should be treated as serious crimes.
But you undermine the argument by overstating it and picking examples of even more serious crimes to compare them to. A cop takes a body on the ground more seriously than economic damage, bandwidth loss, destroyed data and lost time because it IS much much more serious. A microbiology student infecting people with a real virus would be a far more serious crime than even the most damaging computer virus.
That is a very interesting thought experiment. I'm a little torn on this since in general I think the act is what should be considered illegal not the motivation behind it. The "not guilty by reason of sincerity" defense (if we approve of your cause) as well as "EXTRA guilty by reason of sincerity" (if we don't approve of your cause) are abhorant to me. They raise the specter of state sanctioned lawlessness and "thought crimes" - It is a mix I associate with tyranny, think of the mutually reinforcing state sponsored lawlessness of kristalnacht and the totalitarian state control of everything else.
On the other hand being blind to considerations of motivation and association could be taken too far. Society, if only to protect itself must take them into account. A lone hacker causing massive economic damage as a prank is a different kind of *threat* than an ideologically driven organization with a stated goal of destroying the society - even if the *crime* is identical. The organization is treated more seriously not because the crime is more serious but because the threat is more serious.
Re:This is the way I learned comuters! (Score:3, Interesting)
But a few months ago, a system I maintained got hit by a cracker. Completely my fault, had a rather obvious security hole. So, I shrugged my shoulders and went about the task of reloading the system. Only I didn't patch up the new load right away, and he got back in, playing exactly the same games. Removing log files and setting up irc bouncers. Sure, I could have spent another hour and done a reload correctly at this point, but I decided to play with this guy for a while. Since the machine wasn't vital to any operations, I simply quarantined it on its own network, and set another system on that network strand to sniff all data going to and from the telnet and ftp ports.
Then I let the guy have fun. I'd hate to make assumptions as to his age, because I never did find out exactly, but judging by his rather brazen messages I'd place him in the sub-20 crowd. So after obtaining logs from more than five ip addresses from an ISP, I called the ISP and after they figured out which customer of theirs it was, I had them call the customer and mention that I'd be pressing charges if it didn't stop. It stopped. Completely. Never even tried again.
Now, I know as well as most poeple, that even if law enforcment even paid attention to me, it probably wouldn't go anywhere. I figure it was probably the parents of that kid that got the phone call from the ISP and while they may not be completely aware of what their son was doing, they were pretty damn well aware of what the scare word "hacker" meant and probably started to monitor the activities of their son a little more closely, as they realize they'd be legally liable if someone actually DID press charges.
I'm sure this cocky guy didn't stop of his own free will just because he realized someone was on to him. He knew I was on to him before that and was making quite a scene when he thought he had thwarted my sneaky logging techniques (he wasn't aware of the sniffing). If he was smart he would have stopped then, but no, he kept on trudging. But a single phone call stopped him.
I almost have to assume it was the parents.
-Restil
Re:This is the way I learned comuters! (Score:2)
You've learned about computers completely backwards. You downloaded "toolz," then wrote "nukes" and "game cheaters" and you somehow think this qualifies you as a "programmer?" You're kidding yourself.
Don't you realize that you'll be slaving in some code-shop for the rest of your life? Don't you ever want to do anything exciting? Why not go to school and do the work and actually get a clue about what is going on with computers.
Do you know what a red-black tree is? How about a context-free grammar? What is Chomsky normal form? For that matter what is conjunctive normal form? Can you describe the LALR algorithm? How about operator precedence parsing? What is the difference between a synthetic attribute and in inherited attribute? What does TLB stand for, and what does it do? What is the meaning of the term "re-entrant?" Why would a fully re-entrant Linux kernel kick ass? What would be difficult about doing it? What is the meaning of the term "cryptographically secure hash?" Describe alpha-beta game-tree pruning. How about STRIPS planning? Go and implement a backprop neural network with weight decay and momentum. Tell me the time-complexity of the last algorithm you wrote. And finally, what does it mean for a problem to be NP-complete?
Look, this is not Ancient Lore known only to the oldest and wisest code-wizards. This is stuff that every CS graduate, even from the crappiest school in the country, knows. Without this sort of knowledge you'll just be another code-monkey.
Re:This is the way I learned comuters! (Score:2)
A lot of the stuff you've mentioned is pretty dang academic, and only comes in piecemeal to day to day applications, if at all.
Re:This is the way I learned comuters! (Score:2)
Book learning is just as equal as practical learning. Neither alone makes a good programmer. One just speaks oddly, and the other speaks