30 Months In Prison For Denial Of Service Hit On Politicians' Websites

from the seems-a-bit-extreme dept

For all of those participating in the denial of service attacks being put together by "Anonymous," you might want to consider that a guy who took down various politicians' websites with DDoS attacks just got 30 months in prison -- along with over $50,000 in fines and 3 additional years of "supervised release." This certainly seems like punishment way out of line with the actual actions, but in this day and age of law enforcement and the legal system not really understanding technology, it's not all that surprising.
Hide this

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

Filed Under: ddos, prison


Reader Comments

Subscribe: RSS

View by: Time | Thread


  1. icon
    fogbugzd (profile), 9 Nov 2010 @ 6:37am

    Pretty serious crime

    Taking down a politician's web site is a pretty serious crime in a democracy because it is a direct attack on freedom of speech. I don't think 30 months is out of line at all.

    I just wish it was a more uniform principle. We have provided too many legal methods such as DCMA and expansive interpretations of copyright and trademark law that let companies suppress free speech without consequences or penalties.

    In my mind the only reason the penalties in this case are excessive is that don't defend freedom of speech nearly as aggressively when it is big companies suppressing the speech of the little fellow.

    link to this | view in thread ]

  2. identicon
    John Doe, 9 Nov 2010 @ 6:38am

    Guess we shouldn't be surprised

    A local guy here got 18 months for killing someone while drinking and driving. A DDoS attack gets 30 months. Seems about right I guess. After all, a website is much more important than a human life.

    link to this | view in thread ]

  3. identicon
    Anonymous Coward, 9 Nov 2010 @ 6:57am

    Were I this guy, I would appeal the sentence on grounds of cruel and unusual punishment and refer to murder cases such as John Doe's comment above as relevant to sentencing guidelines.

    link to this | view in thread ]

  4. identicon
    Anonymous Coward, 9 Nov 2010 @ 6:58am

    I agree there should be punishment, but this punishment does seem excessive.

    link to this | view in thread ]

  5. icon
    The Infamous Joe (profile), 9 Nov 2010 @ 6:59am

    questions

    ..and if I stopped a politician on the street and loudly/repeatedly asked him questions, preventing him from talking to anyone else for 30 minutes-- how much jail time would I get for that?

    link to this | view in thread ]

  6. identicon
    Anonymous Coward, 9 Nov 2010 @ 7:01am

    Re: Pretty serious crime

    It seems we've reached the case where if a poor guy does something to a rich and powerful guy (politician or CEO) or entity (ie: corporation) he gets excessive punishment. If a rich and powerful guy or entity does something to a whole lot of poor people (ie: pharmaceutical corporations deliberately breaking laws) the punishment is a slap on the wrist.

    link to this | view in thread ]

  7. identicon
    Anonymous Coward, 9 Nov 2010 @ 7:04am

    What does technology have to do with it? Just because it may be easy to do something doesn't make it right. Infamous Joe, what do you think the charge would be if you stopped a politician on the street, then tied him up and held him against his will in a van for 30 mins?

    link to this | view in thread ]

  8. icon
    Chris (profile), 9 Nov 2010 @ 7:05am

    Re: Pretty serious crime

    I have to disagree with you. 30 months in prison for simply brining down a website for a while? How is that not excessive? The analog equivalent would be if someone took down a poster for a day and then put it back up. I really don't think anyone would actually care if someone did that. Should he be punished? Absolutely there is no excuse for a DDoS, it's just rude. I just don't think 30 months in jail fits his crime. A better use would be to force them to teach computer security classes.
    If you are saying that a DDoS is an attack on free speech then, any site take down should be met with such force. Including ones that people don't like or think are offensive. This would also apply to ISPs and gov'ts messing with sites. If you are ok with that then, I would agree with you on the attack of free speech part.

    link to this | view in thread ]

  9. identicon
    Anonymous Coward, 9 Nov 2010 @ 7:07am

    Re: Re: Pretty serious crime

    If a rich and powerful guy or entity does something to a whole lot of poor people (Verizon scamming customers out of millions) the punishment is a slap on the wrist.

    link to this | view in thread ]

  10. icon
    Jared (profile), 9 Nov 2010 @ 7:07am

    Re: Guess we shouldn't be surprised

    I think there needs to be far stiffer punishment for these sorts of crimes especially because drunk drivers are often repeat offenders and revoking their licenses doesn't seem to do much. I'd like to see a zero tolerance with drunk driving.

    On a somewhat related note, my uncle was killed by a woman in an giant SUV while talking on her phone, performing an illegal u-turn. She got a $25 ticket. Meanwhile 30 months for a DDoS.

    link to this | view in thread ]

  11. identicon
    Anonymous Coward, 9 Nov 2010 @ 7:08am

    Re: Pretty serious crime

    Have you spent even 5 minutes thinking about how much 30 months in jail would ruin your life? For Bill O'Reilly's website?

    The fines would have been more than adequate. This guy would have been severely punished, but would have had a chance to contribute to society. Now he'll spend time in jail and have extreme difficulty getting a job.

    This is a completely non-violent crime. Violent criminals need to be separated from society. Guys like this can be handled with fines.

    link to this | view in thread ]

  12. identicon
    Anonymous Coward, 9 Nov 2010 @ 7:17am

    It's only because it's against politicians. Most of those assholes have huge bankrolls and lots of connections. The only way to deal with a politician is to vote it out. If that doesn't work then use your imagination. But to leave a trail that they could follow and arrest you is just stupid and you got what you deserve. If you are going to hack then do it and don't get caught. Duh.

    link to this | view in thread ]

  13. identicon
    Pixelation, 9 Nov 2010 @ 7:19am

    While I agree this sentence is a bit excessive, if you read the fine article he did more than just a DDoS attack. There is a bit of a laundry list.

    link to this | view in thread ]

  14. icon
    btrussell (profile), 9 Nov 2010 @ 7:26am

    Re:

    What is it worth to be cut off of the internet for a year after a third strike?

    Seems to me they see the importance of having an internet connection. 30 min. = 30 months + $50,000 in fines +

    1 yr. suspension therefore equivalent to 525,600 months (43,800yrs.)+ $876 000 000 +

    What 3 songs/movies are equivalent to that in denying someone an internet connection?

    link to this | view in thread ]

  15. icon
    Free Capitalist (profile), 9 Nov 2010 @ 7:26am

    Re: Pretty serious crime

    Taking down a politician's web site is a pretty serious crime in a democracy because it is a direct attack on freedom of speech.

    In an ideal world I would agree taking down a politician's website, even for a while, would be very significant suppression of free speech.

    However, all of the affected politicians fall into the "no stand" paradigm, i.e., they did not bother to list their positions or explicit opinions regarding specific legislation. There are very few "two party" candidates who do bother to put their positions on their websites.

    In light of the absence of information or honest expression, I am left wondering just what, if any, detrimental effect these attacks actually caused.

    Still, he did the crime. That our judicial system favors the rich and powerful was a preexisting condition the hacker could have factored into his decision making process.

    link to this | view in thread ]

  16. icon
    DH's Love Child (profile), 9 Nov 2010 @ 7:29am

    Re:

    What does technology have to do with it? Just because it may be easy to do something doesn't make it right. Infamous Joe, what do you think the charge would be if you stopped a politician on the street, then tied him up and held him against his will in a van for 30 mins?

    There are so many disconnect with that analogy that it boggle my mind that any reasonably intelligent adult could have made it. i will attack the obvious though.

    A DDOS on a web site is not even REMOTELY close to physically holding a PERSON hostage. I would say it is more along the lines of unplugging his microphone for 30 minutes. He can still talk and use other platforms, like say a different microphone.

    I think you need to see a doctor about your cranial-rectal reversal disorder.

    link to this | view in thread ]

  17. icon
    ChronoFish (profile), 9 Nov 2010 @ 7:31am

    Re: Pretty serious crime

    I have to agree.

    I don't know how it could be any more blatant an attack on freedom of speech, freedom of assembly, and an attempt to sway an election by blocking access to information.

    I agree that it is a travesty that there are cases where murders and repeat offenders get off easier. But I take the side that those punishments should be stiffer - not that this punishment should be lessened.

    If TechDirt where taken down it would be a serious crime and I would expect the perpetrators to be held accountable - and I assume you (readers of techdirt) would too.

    If Mike Masnick were to run for office and his personal political website received a similar DDoS I would expect his supporters here to rally and demand those responsible to be punished with the full weight of the law behind it.

    -CF

    link to this | view in thread ]

  18. identicon
    Paul L, 9 Nov 2010 @ 7:50am

    Re: Guess we shouldn't be surprised

    I think the 18 months is a light sentence and it should have been much higher. But I do agree that 30 months sounds fine considering the attack on political sites. I don't think it's fair to compare the two or you could easily end up with a situation of cherry-picking a light sentence for one crime to justify a light sentence in another.

    Carefully executed DDoS attacks *COULD* have an impact on elections which should be a serious matter.

    link to this | view in thread ]

  19. icon
    Overcast (profile), 9 Nov 2010 @ 7:53am

    Get less time for murder or rape half the time anymore - sad what our justice system has came to.

    link to this | view in thread ]

  20. identicon
    Daryl, 9 Nov 2010 @ 7:55am

    Not just a site takedown....

    ""Frost also admitted gaining access to other computers and computer networks by various means, including scanning for computer networks which were vulnerable to attack or unauthorized intrusion, gaining unauthorized access to and control over such computers, and fraudulently obtaining user names and passwords for users on such systems. Frost admitted using the compromised machines to spread malware and harvest data from the compromised systems, including user names, passwords, credit card numbers, and CVV security codes, and for the purpose of launching Distributed Denial of Service (DDoS) attacks on computer systems and Internet websites.

    The former student also admitted initiating denial of service attacks against University of Akron computer servers on or about March 14, 2007, which caused the entire University of Akron computer network to be knocked off-line for approximately 8 1⁄2 hours, preventing all students, faculty and staff members from accessing the network. The University claimed that response and remediation efforts to restore network services cost over $10,000.""

    Sounds to me like the punishment fit the crime. If he only just took the website down for a little while, then i could see how 30 months would be insane. But this seems fitting i believe.

    link to this | view in thread ]

  21. icon
    Overcast (profile), 9 Nov 2010 @ 7:58am

    What does technology have to do with it? Just because it may be easy to do something doesn't make it right. Infamous Joe, what do you think the charge would be if you stopped a politician on the street, then tied him up and held him against his will in a van for 30 mins?

    80 years.

    Now if it was you or I in the Van - even if we were killed after the fact; probably 8 years - Max. Probably less.

    link to this | view in thread ]

  22. identicon
    out_of_the_blue, 9 Nov 2010 @ 8:06am

    @ChronoFish: taking a web site down is *not* a "serious crime".

    Good heavens. It's a mere machine tampered with but easily restored to as before. If your notion were correct, then *everyone* at Microsoft should be executed for criminal incompetence.

    A "freedom of speech" justification, with an imagined Masnick tie-in yet, will appeal to tyrants of the political class who will turn it against you.

    link to this | view in thread ]

  23. icon
    Griff (profile), 9 Nov 2010 @ 8:15am

    Let me get this straight

    If I write to my representative, that's OK.
    If a million people in my state write to their representative, that might create a DoS . Are they all liable ? Or is it only the ringleader (it's unlikely to happen by chance) ?

    If I encourage people to write to their representative to protest a crappy law and 1 million people do so am I guilty of orchestrating a DoS ?
    (Assuming I'm not daft enough to suggest that they do it for that reason).

    I know that organisations such as Amnesty and Avaaz have campaigns where they encourage people to email/call/fax some evil official in a far away land over some applaing crime against someone. Is that a DoS attack ? I'd have thought that it doesn't take many faxes to render someone's fax line useless.

    Now a DDoS is a different matter - that implies control over a bot network without lots of PC owners' permission, but wasn't there that Israeli company that allowed you to effectively opt in as part of a protest network - running their software meant they used your PC as part of a mass protest against spammers' sites.
    Would that guy have been jailed in the USA ?
    Or is it only a crime when it's against the government ?

    link to this | view in thread ]

  24. icon
    justmyopinion (profile), 9 Nov 2010 @ 8:17am

    unfortunately this is reality. the bigger stronger person kicking the smaller weak persons a$$ because they can. its not ok to ruin someone's life because you have the connections and resources available to you. is there really any difference between this and someone getting beat up on the street because they pissed off some well connected street thug. hopefully this will get appealed and presented in front of a judge and the ensuing backlash will shed some light on why such a severe punishment was even handed out.

    link to this | view in thread ]

  25. identicon
    PRMan, 9 Nov 2010 @ 8:20am

    Re: questions

    Try it and see. But I'm guessing that (right or wrong) you would get more than 0.

    link to this | view in thread ]

  26. identicon
    Anonymous Coward, 9 Nov 2010 @ 8:29am

    Re: Re:

    I would say it is more along the lines of several people suddenly showing up with several large speakers and powerful amplifiers, and playing "Never Gonna Give You Up" in a VERY HIGH volume, drowning out completely the speaker even if he put his (weaker) amp up to 11, until after 30 minutes the crowd gets bored, unplugs their gear, and goes to the next target.

    And I think this example shows why analogies are a poor way of explaining something.

    link to this | view in thread ]

  27. identicon
    Anonymous Coward, 9 Nov 2010 @ 8:40am

    I have no hard numbers, but doesn't anyone notice a double standard here? When a particular crime is done using the Internet it always seems that the punishments are heavier when compared to a crime of a similar nature using low tech means. Ex: file sharing damage amounts

    link to this | view in thread ]

  28. identicon
    Convict, 9 Nov 2010 @ 8:46am

    so what are you in for

    so what are you in for
    assault causing bodily harm- time one year

    so what are you in for
    rape- time 36 months

    so what are you in for
    burglary , theft etc time one year

    so what are you in for
    i dossed a few idiot politicians websites ( cheers begin ) - 30 months

    see a pattern here....

    link to this | view in thread ]

  29. identicon
    Daryl, 9 Nov 2010 @ 8:48am

    Re: so what are you in for

    No i do not see a pattern because it had to do with a hell of a lot more then just taking down a website, as i noted above.

    link to this | view in thread ]

  30. icon
    ChurchHatesTucker (profile), 9 Nov 2010 @ 8:49am

    Re: Pretty serious crime

    "I just wish it was a more uniform principle. We have provided too many legal methods such as DCMA and expansive interpretations of copyright and trademark law that let companies suppress free speech without consequences or penalties."

    Exactly.

    Remember kids, false DMCA takedowns are the way to go.

    link to this | view in thread ]

  31. icon
    Ron Rezendes (profile), 9 Nov 2010 @ 9:00am

    Re: Not just a site takedown....

    Agreed Daryl, I think too many people are weighing the sentence against a lone charge which is clearly incorrect as you've pointed out. He's lucky the sentence was as lenient as it was considering the extent of the activities.

    link to this | view in thread ]

  32. identicon
    Michael, 9 Nov 2010 @ 9:02am

    Re: Re:

    I honestly cannot figure out how a DDOS attack can be a crime.

    It is perfectly legal for me to open my browser to the content they have published. It is legal for me to open 2, 3, 4, 5, ...oh wait, somewhere I hit my upper limit of ok connections?

    When apple's website goes down because they release a new product and the entire world connects at once, did the last person who successfully connected break the law?


    This is not like holding someone hostage. This is like thousands of people standing outside Wal-Mart to protest something. Yup - that will mean people that want to shop may get stuck trying to walk through the crowd.

    link to this | view in thread ]

  33. icon
    letherial (profile), 9 Nov 2010 @ 9:07am

    Re: Re: Re:

    DDOS attacks come in a form more then just "opening browsers" these kind of attacks dont happen on accident or because your trying to log in but cant, they abuse the TCP/IP system to bring down servers and there is no other way to do it.

    while i do think 30 months is a bit harsh, taking down a politicians website is trying to stop a fair election and thats nerve racking on any side; nobody should do that, despite how much they may disagree with the other side, let voters decide....this is how our country works.

    link to this | view in thread ]

  34. identicon
    Anonymous Coward, 9 Nov 2010 @ 9:08am

    Re: Pretty serious crime

    One could argue that DDoS is the new free speech and that some people just aren't prepared to listen.

    link to this | view in thread ]

  35. identicon
    TDR, 9 Nov 2010 @ 9:14am

    Since when have our elections been fair? They've been owned by the corporations and politicians for ages now, such that voting really makes no difference because almost all candidates are owned by the system.

    link to this | view in thread ]

  36. identicon
    Michael, 9 Nov 2010 @ 9:19am

    Re: Re: Re: Re:

    They are not an abuse of of the "TCP/IP System" (I don't really know what that means).

    They often do not use a traditional browser, but many are a simple http connection to the website repeatedly until the server can no longer handle the number of incoming requests.

    Calling this a crime is saying that it is legal to connect to their website, but illegal to connect some x number of times - with no real definition of x. Now, I can see something like this becoming a TOS issue, but a crime?

    link to this | view in thread ]

  37. identicon
    Daryl, 9 Nov 2010 @ 9:33am

    Re: Re: Re: Re: Re:@Michael

    Would you agree that Fraud is a crime?

    link to this | view in thread ]

  38. icon
    harbingerofdoom (profile), 9 Nov 2010 @ 9:48am

    Re: Re: Re: Re: Re:

    1. the TCP/IP system that he is talking about is how computers transmit data on the internet. everything you do on the internet eventually breaks down into bits of data and its the TCP that makes sure everything gets there, while the IP makes sure that its going to the correct place (that is a *VERY* nutshell version)

    2. its a degree of crime combined with intent.
    you open a webpage (even just refresh a web page 500 times as fast as you possibly can) any decent server is not going to be bothered by that type of action. you try sending data that is designed to be malformed and not compliant with TCP/IP protocols (which is intended to cause an adverse reaction by the server) and combine that with a coordinated effort to have thousands of people do it at the same time using software that is designed to multiply those effects and that is where it crosses into criminal.

    you cant really put a number on it to define it as you state because there are lots of variables that have to be taken into account. the amount of bandwidth the server has, the amount of requests the server can handle before it crashes and most importantly, the talent of the IT guy responsible for that server and the talent of the network admin responsible for the routers the server has to go through and exactly how distributed the attack actually is.

    and *ALL* TOS verbiage includes inclusion of DDOS as a violation of the TOS these days.

    link to this | view in thread ]

  39. identicon
    Jason, 9 Nov 2010 @ 9:48am

    Re: Pretty serious crime

    Bull, the DDoS was little more than a well planned protest, a case of one free speech act being louder than another. The prison term was handed down for a truckload of other offenses in concert with this one.

    "30 Months In Prison For Denial Of Service Hit On Politicians' Websites?" No this cowboy was caught wearing a much darker hat.

    link to this | view in thread ]

  40. identicon
    Anonymous Coward, 9 Nov 2010 @ 9:51am

    Re: Pretty serious crime

    was the DoS being committed by the gubermint?

    are you sure this a 1st amendment violation?

    link to this | view in thread ]

  41. icon
    kryptonianjorel (profile), 9 Nov 2010 @ 9:52am

    Re: Pretty serious crime

    Good thing its not illegal for people or companies to suppress free speech, eh?

    link to this | view in thread ]

  42. icon
    Flack (profile), 9 Nov 2010 @ 9:53am

    You're missing the point

    Any denial of service should be prosecuted and punished. If the attacker doesn't like a politician today he may not like a bank or your hospital or city mayor tomorrow.

    DoA at a bank could prevent people from getting access to their money when they need to eat or pay a mortgage and avoid late fees/foreclosure. And certainly we can think of medical systems that supply life critical information OK for him to DoA? Is it OK if he attacks your town's traffic systems causing hours of delays, pollution and emergency access?

    Punishment should be sever so that attackers won't say "It was just a harmless joke or a lark." Peoples lives, livelihoods, and safety are sometimes the unanticipated consequences of those DoA masking as pranks.

    DoA is an intentional crime. The manslaughter mentioned above is sad, but mainly punishment for negligence (We don't know all the circumstances obviously - and there is unfairness in sentencing out there.)

    If a DoA attack on a city or hospital causes people to die is that when you want to increase the penalty?

    Flack

    link to this | view in thread ]

  43. icon
    harbingerofdoom (profile), 9 Nov 2010 @ 9:54am

    Re: Not just a site takedown....

    although, he probably should be given some sort of credit for showing the university of Akron that they need to make some pretty large changes to their IT department if he actually did take the entire school down for 8.5 hrs and it cost them 10 grand to fix it.

    unless it was a very distributed attack, that sounds more like overpaid undertalented staff to me....

    link to this | view in thread ]

  44. icon
    harbingerofdoom (profile), 9 Nov 2010 @ 10:00am

    Re: You're missing the point

    "If a DoA attack on a city or hospital causes people to die is that when you want to increase the penalty?"

    some states already have laws that pretty much say if you do something illegal and someone dies as a result (even your accomplice) you can be charged with murder and its automatically a felony... id imagine those in those states the increase of the penalty would be already there.

    link to this | view in thread ]

  45. icon
    ChronoFish (profile), 9 Nov 2010 @ 10:05am

    Re: @ChronoFish: taking a web site down is *not* a "serious crime".

    Read the article

    link to this | view in thread ]

  46. identicon
    Michael, 9 Nov 2010 @ 10:15am

    Re: Re: Re: Re: Re: Re:

    I know what TCP/IP communication is, I am not sure what an abuse of it would mean.

    "its a degree of crime combined with intent." and then "any decent server is not going to be bothered by that type of action"

    That does not match up. Intending to cause a denial of service and failing is not a crime? Just because my effort is not going to work?

    "try sending data that is designed to be malformed and not compliant with TCP/IP protocols"

    Now, that, I could argue could be a crime, but a DDOS attack does not need any malformed requests - it can be completely legitimate, working, valid connections - just millions of them at once. To me, that is like saying you can only have 10 protesters outside the store you do not like - but if you bring 11, you are going to jail.

    link to this | view in thread ]

  47. identicon
    Michael, 9 Nov 2010 @ 10:17am

    Re: Re: Re: Re: Re: Re:@Michael

    Yes. If there is an aspect of fraud in a standard DDOS attack, please educate me.

    link to this | view in thread ]

  48. identicon
    MrWilson, 9 Nov 2010 @ 10:27am

    Re: questions

    In Kentucky, you'd probably get your head stomped just for being within 20 feet of him while disagreeing with his political positions.

    link to this | view in thread ]

  49. identicon
    Anonymous Coward, 9 Nov 2010 @ 10:32am

    "some states already have laws that pretty much say if you do something illegal and someone dies as a result (even your accomplice) you can be charged with murder and its automatically a felony"

    You have it backwards. If you commit a felony and someone involved in the felony dies, they charge you with felony murder. If you are shoplifting nd a cop dies on his way to arrest you, you are not going to be hit with a murder charge unless of course, you did something to raise the charge to a felony.

    link to this | view in thread ]

  50. identicon
    Bengie, 9 Nov 2010 @ 10:34am

    Re: Re: Re: Re: Re: Re: Re:

    "To me, that is like saying you can only have 10 protesters outside the store you do not like - but if you bring 11, you are going to jail."

    Let me fix that

    "To me, that is like saying you can only have 10 protesters outside the store you do not like - but if you bring 65,000, you are going to jail."

    link to this | view in thread ]

  51. identicon
    Revelati, 9 Nov 2010 @ 11:01am

    Well at least its not all solitary confinement, I guess they didnt think this guy could launch nuclear missiles from a cell phone like Kevin Mitnick.

    It doesn't matter if your smoking a joint, spraying graffiti, or defacing a web page. If they catch you the government will go as far out of its way as it possibly can to screw you. This case is a big ol' gold star on a prosecutors resume. So if you plan on committing acts of social disobedience, either don't get caught, or prepare to serve the max sentence on every charge they give you. Remember the justice system is a a game, and the more time the prosecutors doll out the more points they score.

    link to this | view in thread ]

  52. identicon
    Anonymous Coward, 9 Nov 2010 @ 11:05am

    Hey, remember that last article where Mike took newspapers to task for not doing any research on an article before printing it?

    link to this | view in thread ]

  53. identicon
    Michael, 9 Nov 2010 @ 11:07am

    Re: Re: Re: Re: Re: Re: Re: Re:

    Ok, but what is the magic number? If someone has a REALLY weak server and the number is lower, is a DDOS attack on them legal? I would question any law that makes it illegal to do something completely legal repeatedly - particularly when it stifles a form of protest.

    And what is wrong with bringing a million people to protest? In the US, this is not only legal, but a constitutionally protected right.

    link to this | view in thread ]

  54. identicon
    Jason, 9 Nov 2010 @ 11:51am

    Re: Re: Re: Re: Re: Re:

    "you try sending data that is designed to be malformed and not compliant with TCP/IP protocols"

    Bull, to you and to the dude that conceded this point without thinking about it.

    Just because I send malformed data, that makes it a crime? I mean one piece of malformed data is just an error. But somehow simply blabbermouthing a whole bunch of jibberish in the general direction of a server goes from free speech to crime? Bull.

    link to this | view in thread ]

  55. icon
    marak (profile), 9 Nov 2010 @ 1:00pm

    Re: You're missing the point

    re: Flack's
    "Any denial of service should be prosecuted and punished. If the attacker doesn't like a politician today he may not like a bank or your hospital or city mayor tomorrow.

    DoA at a bank could prevent people from getting access to their money when they need to eat or pay a mortgage and avoid late fees/foreclosure. And certainly we can think of medical systems that supply life critical information OK for him to DoA? Is it OK if he attacks your town's traffic systems causing hours of delays, pollution and emergency access?

    Punishment should be sever so that attackers won't say "It was just a harmless joke or a lark." Peoples lives, livelihoods, and safety are sometimes the unanticipated consequences of those DoA masking as pranks.

    DoA is an intentional crime. The manslaughter mentioned above is sad, but mainly punishment for negligence (We don't know all the circumstances obviously - and there is unfairness in sentencing out there.)

    If a DoA attack on a city or hospital causes people to die is that when you want to increase the penalty?
    "

    Are you nuts?

    Dos a bank - they should be smart enough to have internal systems in place for this, switching ips to the next one(while temp banning the high freq incoming for 30 mins).

    Dos a hospital - Since when is the equipment accessable over the internet? At the very least they should be running multiple networks, with a few physically seperated.

    Dos traffic lights - Again, if not on a seperate system - why not?

    To stop people from using their money your attempting to take down all ADSL traffic from the EFTPOS machines - which all have a manual option for when the networks are clogged/down to allow purchases anyway.

    What im saying is all important services are not vunerable to this so stop scare mongering :P

    The guy did take down a university, but again, THEY should have been prepared(if i dont insure my car and i crash into someone, can i blame them as i wasnt prepared?) - my uni site was recently taken down by a ddos, it was back up quickly with a work around(its a tech uni, id hope to hell my lecturers know what their doing).

    30 months for a prank? Glad i dont live over there.

    - Marak

    link to this | view in thread ]

  56. identicon
    Anonymous Coward, 9 Nov 2010 @ 2:46pm

    Re: Re: Pretty serious crime

    Are you really that insecure that you can't live without something (be it a website/or the internet for that matter) for a day?

    link to this | view in thread ]

  57. icon
    nasch (profile), 9 Nov 2010 @ 2:59pm

    Re: Re: Pretty serious crime

    I'm a TechDirt fan, and I wouldn't want to see anyone put in prison for taking down the Masnick for Congress web site. Certainly not for two and a half years. Is it a "serious crime"? I don't know, murder, sex abuse, kidnapping, robbery, and large scale fraud are serious crimes. I have a hard time putting a denial of service attack in that same category.

    link to this | view in thread ]

  58. icon
    nasch (profile), 9 Nov 2010 @ 3:02pm

    Re: Re: questions

    Hey, that guy was just protecting himself! She was clearly about to open some serious whup ass on him and the other two guys holding her down, as soon as she got her glasses clean enough.

    link to this | view in thread ]

  59. icon
    nasch (profile), 9 Nov 2010 @ 3:12pm

    Re: Re: so what are you in for

    I read the whole list, and I didn't see anything that sounded worse than, say, accidentally killing someone.

    link to this | view in thread ]

  60. identicon
    MrWilson, 9 Nov 2010 @ 5:18pm

    Re: Re: Re: questions

    You don't want to see a 90 lb political activist when she's angry.

    link to this | view in thread ]

  61. identicon
    Anonymous Coward, 9 Nov 2010 @ 5:40pm

    Re:

    Tie him up? Hold him against his will in a van? What the hell are you talking about? He's talking about engaging someone in conversation in a loud voice.

    link to this | view in thread ]

  62. identicon
    abc gum, 9 Nov 2010 @ 5:41pm

    2 1/2 yrs for a DDOS

    2 yrs incl time served for shooting someone in the back while they are handcuffed and face down restrained by two other officers.

    2 misdemeanour traffic charges for running over a bicyclist and leaving the scene

    Yeah, that is justice alright.

    link to this | view in thread ]

  63. identicon
    Anonymous Coward, 9 Nov 2010 @ 6:41pm

    Re: Re: Pretty serious crime

    What will end up happening is that those who actually represent the public will have their websites taken down by corporate interests and rich and powerful people and those taking down those representative sites (and Mikes blog has been subject to various attacks already and the attackers were never held accountable, not even once, as an example) will never, not even once, be held accountable. If one person even tries to take down the website of the rich or a big corporation the punishment will be huge. That will be the future if people don't step up to prevent it.

    link to this | view in thread ]

  64. icon
    MadderMak (profile), 9 Nov 2010 @ 8:07pm

    Mike dropped the ball on this one...

    I have to agree whith a couple of AC's.
    Mike's articles are usually well researched or thought out... yet unless he chose not to link further information he had access to...

    30 Months for Hacking and DOS's University network, Distributing malware and botnet to computers, controlling botnets, harvesting finacial data *AND* DDOSing some political websites

    ... is a *MUCH* more valid title.
    Sorry Mike - I expect sensationalist headlines and brief ill-thought statements that misrepresent the facts from the **AA's and mainstream Journo's - not from you.

    link to this | view in thread ]

  65. identicon
    Anonymous Coward, 9 Nov 2010 @ 8:39pm

    AC, he is talking about engaging someone in a 30 min. conversation, wasting his time. A DOS isn't like that because the person (through his website) can't walk away. And a DOS really can't be compared to engaging someone in a conversation now, can it?

    A DOS is shutting somone up and keeping them shut up until they can figure out a way around what you are doing. The physical equilivant is duct taping someone's mouth shut.

    link to this | view in thread ]

  66. identicon
    abc gum, 10 Nov 2010 @ 5:07am

    Re: Mike dropped the ball on this one...

    Ok, so the Headline needs more detail. This guy was involved with much more than a single ddos.

    Does this change the fact that the sentence is inconsistent?

    link to this | view in thread ]

  67. identicon
    anonymous derpp, 10 Nov 2010 @ 5:54am

    i originally thougth that there were no laws discerning online crime like this because no single country can stop anybody from doing anything online especially since it was DoSS and this is a part of free speech for this case. he just doesnt like the politicians and is going against them no harm done.

    link to this | view in thread ]

  68. identicon
    anonymous derpp, 10 Nov 2010 @ 5:54am

    i originally thougth that there were no laws discerning online crime like this because no single country can stop anybody from doing anything online especially since it was DoSS and this is a part of free speech for this case. he just doesnt like the politicians and is going against them no harm done.

    link to this | view in thread ]

  69. identicon
    Anonymous Coward, 10 Nov 2010 @ 6:11am

    Re: Re: Re:

    link to this | view in thread ]

  70. icon
    nasch (profile), 10 Nov 2010 @ 6:33am

    Re:

    A DOS shuts down one avenue of communication. It's more like turning off someone's microphone.

    link to this | view in thread ]

  71. identicon
    Anonymous Coward, 10 Nov 2010 @ 6:58am

    Ever tried to report a serious IT issue to a univeristy IT department?

    If you have, you probably realize that 'resistance is futile'... wait wrong movie...

    First you'll be asked to explain HOW you know there is a security issue. Be very careful what you say, as it will be used against you (by the university IT department, if not in court).

    If you can somehow explain the issue in a way that they can understand the issue without incriminating yourself, they will thank you and promptly ignore the issue (since it was just a loud mouth student making waves, they don't really know what they are doing). After the issue has been ignored for an appropriate amount of time (2-3 years), the IT department will suddenly identify a huge security issue that requires them to hand over truck loads of cash to consulting companies to come in and 'fix' the issue (which will probably fail miserably at actually correcting the issue, and will probably create a few new vulnerabilities in the process... for the consulting company to come back and fix later... they need continued employment you know).

    While it may not be 'legal', crashing the system via the vulnerability is often the 'easiest' way to get the issue actually addressed (it's a little hard to hide the fact that the site was down for 8 hours from upper management, it's much easier to hide a report of a vulnerability from a student).

    What do I know, I'm just a cynical government employee. Now get off my lawn....

    link to this | view in thread ]

  72. identicon
    Anonymous Coward, 11 Nov 2010 @ 5:52am

    Re: Not just a site takedown....

    I usually like Techdirt, but sometimes they really do come up with some horribly misleading headlines.

    Here's a more accurate headline:

    30 months in prison for fraud, credit card theft, malware distrbution, hacking, illegal access to computers, DDoS attacks on multiple systems.

    Yeah, not looking like such a severe punishment after all.

    link to this | view in thread ]

  73. identicon
    Jenkins, Leeorryy Jenkins!!!!, 10 Jul 2011 @ 3:07am

    hmm Ill try and give The VERY best analogy i can give this is like a guy stopping the speakers of a political rally for 30 mins And, an obvious breach of "i have money/power/friends and you don't many people don't understand the internet. I believe the the internet shouldn't be govern by any body except one like Nato instead of being so secular. Btw

    link to this | view in thread ]


Follow Techdirt
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Discord

The latest chatter on the Techdirt Insider Discord channel...

Loading...
Recent Stories

This site, like most other sites on the web, uses cookies. For more information, see our privacy policy. Got it
Close

Email This

This feature is only available to registered users. Register or sign in to use it.