Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

US Bot Herder Admits Infecting 250K Machines

kdawson posted more than 6 years ago | from the security-consultant-gone-wild dept.

Security 206

AceCaseOR writes "In Los Angeles criminal court, security consultant John Schiefer, 26, has admitted infecting the systems of his clients with viruses to form a botnet containing a maximum of 250,000 systems. Schiefer used his zombies to steal users' PayPal usernames and passwords to make unauthorized purchases, as well as to install adware on their computers without their consent. Schiefer agreed to plead guilty to four felony charges of accessing protected computers to commit fraud, disclosing illegally intercepted electronic communications, wire fraud, and bank fraud. He will be sentenced Dec. 3 and faces up to 60 years in prison and a fine of $1.75 million."

cancel ×

206 comments

Sorry! There are no comments related to the filter you selected.

from the article (5, Funny)

Anonymous Coward | more than 6 years ago | (#21310017)

"...a system so simple even a grandmother could use it to infect computers..."

As a feminist, and a grandmother, i resent that.

Re:from the article (1, Offtopic)

newgalactic (840363) | more than 6 years ago | (#21310061)

Most grandmothers would have had enough sense to avoid these crimes, thus avoiding a possible 60 years in jail and millions in fines. This fella should have recognized wisdom when he had the chance.

Whoa! (2, Interesting)

junglee_iitk (651040) | more than 6 years ago | (#21310073)

... faces up to 60 years in prison and a fine of $1.75 million.
Sometimes somethings result in someother things that nobody would have expected. I feel sorry for this guy. But somehow I cannot come-up with any excuse as to why he should not be punished so harshly.

Re:Whoa! (2, Insightful)

Anonymous Coward | more than 6 years ago | (#21310123)

I hope this means that our government / law enforcement actually realizes that this kind of activity is a problem now. Who do we hire to watch the security experts these days?

Re:Whoa! (1)

Opportunist (166417) | more than 6 years ago | (#21310959)

More security experts. Some are not crooks, you know. Some of us don't do it for money.

He did the crime....he should do the time (5, Insightful)

Joce640k (829181) | more than 6 years ago | (#21310291)

He knowingly, willingly and maliciously did this. It wasn't an accident, a crime of passion or something he did because he was drunk one night, it took real work over many months. He was well aware of what he was doing the whole time he was doing it.

The proverbial book needs to be thrown at people like this. These are precisely the sort of people we should be making an example of.

Re:He did the crime....he should do the time (1)

ScrewMaster (602015) | more than 6 years ago | (#21310331)

These are precisely the sort of people we should be making an example of.

The problem with "making an example" (i.e. a harsher-than-required sentence handed down in order to "deter" similar crimes by other people) is that a. it really screws over the innocent guy and b. doesn't work anyway. Now, I'm not saying the sentence isn't warranted in this guy's case: hell, he admitted it. I just think that using excessive punishment as a deterrent serves no legitimate purpose. If, on the other hand, you meant "catch assholes like this and publicize their convictions and sentences widely" then I'd say we're in agreement.

Re:He did the crime....he should do the time (3, Interesting)

rbannon (512814) | more than 6 years ago | (#21310379)

You said, ``hell, he admitted it.''

Fact is, admitting to a crime is not the same as being guilty. I'm not saying he's not guilty, but knowing how the system works casts serious doubts in my mind about his guilt.

Re:He did the crime....he should do the time (2, Insightful)

Anonymous Coward | more than 6 years ago | (#21310887)

> He ... faces up to 60 years in prison and a fine of $1.75 million

So he's pleading guilty to avoid ... what, a way harsh punishment, like 65 years in prison and $2 million in fines?

It's always the man trying to bring someone down because he knows too much, eh?

Re:He did the crime....he should do the time (1, Interesting)

Anonymous Coward | more than 6 years ago | (#21310727)

I'm not so sure this is a harsh punishment. How about sentencing him to equal time in jail to the time he wasted for other people by stealing their PayPal accounts, etc? Say he serves a day in jail for every day of someone else life he wasted with his crimes? If 10% of those 250,000 people wasted just 1 day each, then that's 68 years in jail. The 60 years MAX he's facing (= 5-10 years max in reality?) sounds quite lenient. Ditto restitution - never mind a punitative fine.

I don't feel sorry for criminals - at mininum they should get "eye for an eye" punishment. Murderers included.

Re:He did the crime....he should do the time (1, Funny)

Anonymous Coward | more than 6 years ago | (#21310801)

i hope you serve some time for wasting my time and countless others who read your post

Re:He did the crime....he should do the time (0)

Anonymous Coward | more than 6 years ago | (#21310829)

I lolled

Right, (1)

agent (7471) | more than 6 years ago | (#21310987)

and I to not murder people because of the death penalty.

Do you think it might be for another reason? Part of a top ten list.

Re:Whoa! (5, Insightful)

brassman (112558) | more than 6 years ago | (#21310383)

Indeed, it's worth stressing why the penalty should be so severe. The guy positioned himself as a security expert, offering to protect his clients against this very sort of thing.

Gaining someone's trust with the intent to betray it is a particularly pernicious form of moral rot. It is called "embezzlement," and there is a reason it is viewed even more harshly than burglary or robbery under the law.

Losing property to a hostile stranger does not turn society upside down. Burglary (taking someone's property) is often considered rather petty, especially when the property owner is absent.

Robbery (taking property directly from someone) is more serious -- but even though there is an active component of threat, it can be impersonal: "Hand it over and nobody gets hurt." Robbery without violence might disrupt the victim's life, but the disruption might be only to the extent that he or she is reminded that none of us is an invulnerable superbeing.

Embezzling someone's assets invalidates their judgment and throws every decision they have ever made into question. It is psychologically devastating. When someone who has promised to protect you is instead the one who steals from you, he is undermining the basis of civilization itself.

Re:Whoa! (1, Insightful)

Aladrin (926209) | more than 6 years ago | (#21310451)

So having someone invade your personal space and steal things that have sentimental value isn't psychologically devastating? Being robbed at gunpoint with your life on the line over some green paper isn't psychologically devastating? Think again.

I can agree that this is worse, but don't put down other peoples' experiences to make your point.

Re:Whoa! (5, Insightful)

Grave (8234) | more than 6 years ago | (#21310997)

I don't believe he meant to put down the experience of being robbed. Rather, I believe his point was that the morality of a person who commits of robbery is not quite as damaged and evil as someone who knowingly gains the trust of thousands just to deceive them. To the victim the difference may not be significant, but for the perpetrator of the act it is very different, and thus deserving of a more substantial punishment. Though I must say, he's not going to serve 60 years - that's the max, and I find it hard to believe any judge is going to sentence him to the full time, as it would be pretty much the rest of his life.

Re:Whoa! (0)

Anonymous Coward | more than 6 years ago | (#21310705)

When someone who has promised to protect you is instead the one who steals from you, he is undermining the basis of civilization itself.
I thought that was the basis of civilization itself.

Re:Whoa! (1)

mightyQuin (1021045) | more than 6 years ago | (#21310569)

60 years is brutally harsh in my opinion.

As a northern neighbour to the US I can't help but notice how harsh the US sentences are. As a contrast, I feel the Canadian sentences are always too lenient.

Maybe there's a middle ground somewhere that is reasonable?

Re:Whoa! (0)

Anonymous Coward | more than 6 years ago | (#21310779)

Of course. What he did could be considered theft of service, in that he effectively stole the bandwidth of thousands of people, theft, because he 'stole' untold trillions of CPU cycles, storage, and memory that could have been put to better use at the time, and I'm sure we could probably squeeze a few murders in there if we added up all the time he wasted for everyone clicking through the spam he churned out. On that last part, I'm starting to wish we could get 'wasting ungodly amounts of time' written into criminal law.

Re:Whoa! (1)

Nullav (1053766) | more than 6 years ago | (#21310825)

theft, because he 'stole' untold trillions of CPU cycles, storage, and memory that could have been put to better use at the time
Or, you know...directly stealing money and all that stuff.

Re:from the article (2, Interesting)

Feminist-Mom (816033) | more than 6 years ago | (#21310111)

I am a grandmother too, and sorry but you are wrong. The truth is, that most grandmothers are not technically literate. I just happen to have a career as a programmer, but I think your being too pc if you think there isn't a grain of truth in the original statement.

A better article, names companies involved, etc. (5, Informative)

trolltalk.com (1108067) | more than 6 years ago | (#21310135)

http://www.scamfraudalert.com/f142/john-kenneth-schiefer-botmaster-aka-acid-acidstorm-pleads-guilty-10692/ [scamfraudalert.com]

  1. He was employed at a Los Angeles-based security firm known as 3G Communications,
  2. The malware contained a sniffing feature that siphoned PayPal credentials from Protected Store, a section of Windows that stores passwords users have opted to have saved. Although Pstore, as the Windows feature is often called, encrypts the information before storing it, Schiefer's malware was able to read it, presumably by escalating its Windows privileges.
  3. On one occasion, in December 2005, he moved money out of a Suffolk National Bank account to buy undisclosed domain names from a registrar by the name of Dynadot
  4. Schiefer also used the botnet to collect more than $19,000 in commissions from a Dutch company called Simpel Internet for installing its adware on end users' machines without their permission.

3G Communications may go under because of him (4, Interesting)

Joce640k (829181) | more than 6 years ago | (#21310469)

3G Communications may also go under because of this guy's actions.

Would you trust them after this?

Yet another article with an "exclusive interview" (1, Informative)

Anonymous Coward | more than 6 years ago | (#21310921)

This blog, Security Fix, in the washington post has additional info based on an "exclusive interview",
http://blog.washingtonpost.com/securityfix/2007/11/security_pro_admits_to_hijacki.html?nav=rss_blog [washingtonpost.com]

From the article: The poor guy saw the light in early January 2006.

"Ever since then, I've been more trying to create a positive thing and trying to prevent crap like this happening," he said. "I kind of saw the error of my ways and decided I'd had enough."

Gooch Approach (-1, Offtopic)

Anonymous Coward | more than 6 years ago | (#21310211)

I don't know why this keeps escaping comment. [wikimedia.org] It's obviously relevant.

Unfortunately, I was a victim (4, Funny)

Anonymous Coward | more than 6 years ago | (#21310049)

The adware and viruses he installed slowed my system down, so I couldn't get first post.

Oh God (0, Flamebait)

The MAZZTer (911996) | more than 6 years ago | (#21310603)

The first poster must've been a victim too, his post is GONE!

Is 60 years long enough? (1, Funny)

Dilaudid (574715) | more than 6 years ago | (#21310059)

Is 60 years long enough? Will they have the charged electrodes attached to his testicles for at least half of that?

Re:Is 60 years long enough? (0)

Anonymous Coward | more than 6 years ago | (#21310587)

Flamebait? Siding with the spammers now, are we?

Re:Is 60 years long enough? (1)

jo42 (227475) | more than 6 years ago | (#21310967)

He should be made to go around to every infected system and clean off any and all malware. Instead, he will get to sit in a small room with a roof over his head and three square meals a day for free.

Re:Is 60 years long enough? (1)

roguetrick (1147853) | more than 6 years ago | (#21311007)

Aye, you should get yourself arrested since its so wonderful.

White collar (1, Insightful)

sproketboy (608031) | more than 6 years ago | (#21310085)

He'll get 5 years at a country club and a bunch of great job offers after he gets out. You heard it here first.

Re:White collar (2, Insightful)

Secrity (742221) | more than 6 years ago | (#21310101)

With time off for good behavior, it will be less than 30 months. He may even be able to get most of that as work release.

RTFA (0, Informative)

Anonymous Coward | more than 6 years ago | (#21310417)

It says the dude is facing 60 years.. i dont think you can turn 60 years into 30 months in ANY scenario.

Re:White collar (5, Insightful)

Dogtanian (588974) | more than 6 years ago | (#21310237)

He'll get 5 years at a country club and a bunch of great job offers after he gets out. You heard it here first.
Actually, I suspect that there's going to be a major perceived difference between someone who has simply hacked into others' computers in the past, and someone who has specifically exploited the trust of and targeted those who employed him to protect their PCs.

Would I trust a former black-hat hacker to protect my computers? Possibly. Would I trust someone who has specifically targeted and screwed over his clients in the past- the people who paid him good money to protect them from such behaviour? Would I fuck.

Re:White collar (0, Offtopic)

guruevi (827432) | more than 6 years ago | (#21310617)

You mean the companies and enterprises that still run Windows even though Microsoft is a convicted monopolist and has screwed over customers, suppliers and partners?

Re:White collar (1)

that this is not und (1026860) | more than 6 years ago | (#21310781)

It almost seems like you're excusing his behavior, and blaming it on Microsoft.

Which is really weird. But go ahead and hire him when he gets out, I guess. Maybe Microsoft won't exist by then.

Re:White collar (0)

Anonymous Coward | more than 6 years ago | (#21310807)

I'd give him a 20 year sentence, minimum security prison (he's not violent) no computers or computer related materials specified in the sentencing, whatsoever, at all. By the time 20 years is up his knowledge will be so ancient he won't be able to use it and he'll be working remedial jobs.

He didn't kill anyone, nobody's traumatized for life by his actions. He just infected some machines with viruses, created a botnet that installed adware, ddosed a few sites, and committed identity theft on probably a few thousand people for small dollar amounts.

Malicious? Yes. Danger to society? Only for so long...

Re:White collar (1)

DynamiteNeon (623949) | more than 6 years ago | (#21310823)

[quote]Actually, I suspect that there's going to be a major perceived difference between someone who has simply hacked into others' computers in the past, and someone who has specifically exploited the trust of and targeted those who employed him to protect their PCs.[/quote]

Yeah, screw a new job. He'll probably get elected president.

Re:White collar (1)

pclminion (145572) | more than 6 years ago | (#21310971)

He'll get 5 years at a country club and a bunch of great job offers after he gets out. You heard it here first.

What kind of fucking lunatic would hire somebody who has PROVEN that he says he's one thing but is actually another?

Kevin Mitnick got job offers, but he never claimed to be a white-hat hacker in the first place. This situation is very different. This is a guy who said he was a security expert, who turned around and fucked people over. Anybody who hires this guy in the future for his security knowledge, in other words, hiring him as a "security expert," has got to be a total fucking moron.

No, this guy won't be gainfully employed again.

less than 15 cents per infected computer ... (3, Insightful)

tomhudson (43916) | more than 6 years ago | (#21310113)

According to the article, this jerk got $19,000 for dumping adware on more than 150,000 pcs.

He also encouraged minors to act as go-betweens:

At one point, according to the plea agreement, a conspirator named "Adam" expressed concern about stealing money. Schiefer responded by reminding Adam that he was not yet 18 and should "quit being a bitch and claim it

Obviously he had more than one kid "working" for him. He probably agreed to the plea-bargain because otherwise he'd be facing total possible time of several hundred years.

However, he won't be hired by anyone in the computer field after this - what he did was a simple con, no "computer wizardry" required. Hans Reiser would have more chance after a murder conviction.

Corrupting the mind of youths (2, Interesting)

Lead Butthead (321013) | more than 6 years ago | (#21310533)

Wish this was the ancient Greece, where people can be sentenced to death for corrupting the mind of youths.

Re:Corrupting the mind of youths (-1, Troll)

Anonymous Coward | more than 6 years ago | (#21310565)

yeah society would totally be better if death sentences were more frequent. eat shit and die you f!&king nazi

Re:Corrupting the mind of youths (0, Offtopic)

Anonymous Coward | more than 6 years ago | (#21310633)

You're a fucking idiot.

Re:Corrupting the mind of youths (4, Funny)

tftp (111690) | more than 6 years ago | (#21310627)

Unfortunately, ancient Greeks had nothing against corrupting the bodies of youths.

Re:Corrupting the mind of youths (-1, Flamebait)

Anonymous Coward | more than 6 years ago | (#21310743)

Perhaps it is a sign that we make much ado about something that is not really that bad?

Re:Corrupting the mind of youths (0)

Anonymous Coward | more than 6 years ago | (#21310963)

You mean the same ancient Greece where pedophilia was legal and sometimes even encouraged? Additionally, in the case of Sparta, "unfit" newborns were killed or left to die, while all the other kids were put through a military program, whether or not they wanted to.

broken justice? (1, Interesting)

dwater (72834) | more than 6 years ago | (#21310125)

I wonder if this is an instance of someone 'admitting' it just get some reduced sentence.

Just because you admit to something in a court does not mean it's actually true.

Re:broken justice? (0)

Anonymous Coward | more than 6 years ago | (#21310151)

My God! The system is broken!

I've got it: sentence the guy to 100 lashes and make him apologize.

Re:broken justice? (1)

Kopiok (898028) | more than 6 years ago | (#21310257)

Well, if he's admitting guilt, then he probably does not believe a reasonable jury will find him not-guilty. Maybe if it was a smaller sentence, but 60 years? There's no way he wouldn't fight that if he even had a chance of winning.

Re:broken justice? (1)

dwater (72834) | more than 6 years ago | (#21310309)

Yeah, you're probably right. On the other hand, do you get to know the sentence before the plea? I guess he can always appeal, right?

Re:broken justice? (2, Informative)

Kopiok (898028) | more than 6 years ago | (#21310329)

Well, from what I know what happens, the Prosecution gives a sentencing offer and the defendant will agree to plead guilty in order to accept the sentence. Either that or I watched too much Law and Order.

Re:broken justice? (1)

dwater (72834) | more than 6 years ago | (#21310401)

Hrm. I thought the judge determined the sentence (ie the punishment, or how long in jail), and the lawyers determine the charge (ie murder/manslaughter/etc) - though I guess the latter determines the limits for the former.

Re:broken justice? (5, Informative)

RenderSeven (938535) | more than 6 years ago | (#21310389)

I guess he can always appeal, right?

You cant appeal a guilty plea.

Re:broken justice? (2, Funny)

NXIL (860839) | more than 6 years ago | (#21310711)

Thanks Larry. See you in Minnesota...stall 4.

Auditing, Auditing... (4, Interesting)

BoRegardless (721219) | more than 6 years ago | (#21310165)

This is why companies have outside auditors for their accounting departments.

Should not companies now figure out how to audit their IT deparments regularly?

This is NOT that uncommon, after reading some of the stuff written by the forensic snoops hired by private companies (who mostly do not want anyone to know that anything was compromised...shareholders & investors for instance).

Re:Auditing, Auditing... (1)

Blnky (35330) | more than 6 years ago | (#21310285)

Should not companies now figure out how to audit their IT deparments regularly?
That might run the risk of revealing large amounts of incompetence within IT management. Thus it will be avoided. I think it is a good idea in general though.

Re:Auditing, Auditing... (1)

RollingThunder (88952) | more than 6 years ago | (#21310593)

I've certainly come to know the auditor's presence as a normal thing, but that may largely be because of SOX compliance for our American clients, etc. We have to demonstrate (among many other things) paper trails for system access, process and procedures (both defined and verified as followed), etc.

Re:Auditing, Auditing... (3, Interesting)

thatskinnyguy (1129515) | more than 6 years ago | (#21310715)

As it seems from the summary, the companies who fell prey to this malfeasance either don't have IT departments or the budget to support one. I used to work for a company that was an outsourcing service provider for companies' IT needs. It's surprising how many well-established companies don't want to put the resources into a dedicated IT department let alone a special division for auditing the computerized processes and systems that keep the business afloat.

Re:Auditing, Auditing... (1)

Sanat (702) | more than 6 years ago | (#21310937)

"This is why companies have outside auditors for their accounting departments."

Major company I worked for in Australia had the financial comptroller cook the books for 1.75 million Australian dollars. He and his family absconded to England over a holiday weekend. The Managing Director suspected something wasn't right and wanted an outside auditor to check the books but the regional VP said "no"... don't waste the money.

Basil Brown was able to get something on all of the major players in the company so it was in the company's best interest to let Basil live free in England. Saw he and his wife at Wimbledon on TV the following year.

One has to live with themselves concerning their lifetime on Earth. Violating the trust of another individual might be easy for some... but difficult for most people I imagine.
         

certification? (2, Funny)

memnock (466995) | more than 6 years ago | (#21310203)

is there some kind of accreditation or certification for security consultants? i understand credentials can be forged, but could an agency for security consultant certification help?

Re:certification? (1)

Dishevel (1105119) | more than 6 years ago | (#21310227)

Certifications are jokes.

Re:certification? (0)

Anonymous Coward | more than 6 years ago | (#21310393)

Agreed. Certifications of various sorts are just money making opportunities for 'schools', etc.

After all, look at all those worthless MSCE types out there...

(Not to say that there aren't clever, talented, competent people who have an MSCE, just that there are many, many more stupid, untalented, incompetent people who have an MSCE :-))

So much for 'certifications'.

Re:certification? (1)

TechyImmigrant (175943) | more than 6 years ago | (#21310259)

Certification to a security consultant usually means X.509, RFC3280bis and a sprinkling of ESP methods.

Re:certification? (1)

memnock (466995) | more than 6 years ago | (#21310373)

well, maybe a standard established by a credible agency might help. that's all i'm saying.

Re:certification? (1)

laurier57 (1181021) | more than 6 years ago | (#21311019)

Well it sounds like the guy knew what he was doing, so a certification probably wouldn't get in the way. What you're thinking of would be an ethics test or an ethical code, neither of which would hinder this guys progress. Possibly a pre-employment pyschological test could have caught his stance on things, but those are far from 100%.

Re:certification? (0)

Anonymous Coward | more than 6 years ago | (#21310267)

Yeah, there is. I'll sell you one that looks really pretty with fishnet engraving all around the edges for only $6,000.00. Oh yeah and you also have to pass my security consultant test -- it primarily involves not bouncing a check for $6,000.00.

Re:certification? (1)

muffel (42979) | more than 6 years ago | (#21310899)

Wow -- are you kidding, or are you actually that ... [insert your favorite adjective]?

Re:certification? (2, Funny)

Paradise Pete (33184) | more than 6 years ago | (#21310949)

Wow -- are you kidding, or are you actually that ... [insert your favorite adjective]?

Peripatetic. But that's neither here nor there.

Personally (-1, Flamebait)

Dishevel (1105119) | more than 6 years ago | (#21310209)

I hope this fucker burns forever. If he ever dose get out I hope to God is is murdered. I know that dosent sound good. However it is how I feel.

Re:Personally (1)

Aladrin (926209) | more than 6 years ago | (#21310287)

I dunno about 'is' being murdered, but you're doing a pretty good job on the English language.

What about Sony (3, Interesting)

31415926535897 (702314) | more than 6 years ago | (#21310239)

If he gets a fine this large and jail time for infecting 0.25 million computers, where's the appropriate sentence for Sony for knowingly infecting millions of computers with the rootkit on their CDs?

Re:What about Sony (1)

Nazlfrag (1035012) | more than 6 years ago | (#21310351)

You're right. If he just incorporated before this event, he could just dismiss himself with a sweet golden handshake to boot.

Re:What about Sony (3, Informative)

Kjella (173770) | more than 6 years ago | (#21310483)

If he gets a fine this large and jail time for infecting 0.25 million computers, where's the appropriate sentence for Sony for knowingly infecting millions of computers with the rootkit on their CDs?
Ah, you can just hear the angry raving mob forming, ready to burn down Sony headquarters.

four felony charges of accessing protected computers to commit fraud, disclosing illegally intercepted electronic communications, wire fraud, and bank fraud.
Maybe when Sony has actually committed anything like this? The only charge that has the slightest whiff of relevance is that the rootkit CDs may be be considered fraudulent, but to legally charge Sony with fraud they must gain some benefit through fraud, and I don't see what that could be. Yes, they should have been slapped under some sort of hacking law but this is comparing apples and oranges.

They're a corporation. (0)

Anonymous Coward | more than 6 years ago | (#21310561)

Sony is a corporation. They don't operate under the same laws people do.

Hell, if you're big enough, you can even buy after-the-fact immunity these days.

"security consultant" John Schiefer (2, Interesting)

pongo000 (97357) | more than 6 years ago | (#21310245)

Please don't insult the thousands of honest security consultants by calling this guy a "security consultant." The title of "con artist" would be far more accurate.

Re:"security consultant" John Schiefer (4, Insightful)

mrbluze (1034940) | more than 6 years ago | (#21310327)

Please don't insult the thousands of honest security consultants by calling this guy a "security consultant." The title of "con artist" would be far more accurate.

Ok, but what is a security consultant? I have a friend who is a colour consultant but she has no education and drives around in a small car telling people what curtains to buy and clothes to wear. Another colour consultant I met almost made me buy pink curtains... whew, lucky I checked her credentials. She was colour blind!

These days, using the word "consultant" outside of strictly regulated industries (eg: medical field) is just a method of social 'privilege escalation', as far as I'm concerned.

Re:"security consultant" John Schiefer (5, Funny)

Anonymous Coward | more than 6 years ago | (#21310867)

Quoth dogbert, "I like to con people. And I like to insult people. If you combine con & insult, you get consult!"

Re:"security consultant" John Schiefer (4, Funny)

cmacb (547347) | more than 6 years ago | (#21311037)

These days, using the word "consultant" outside of strictly regulated industries (eg: medical field) is just a method of social 'privilege escalation', as far as I'm concerned.


If you need any help telling the real consultants from the phony ones, just contact me, I'm a Consultant Consultant, although our industry association is considering a name change to "Consultant 3.0".

Thx

Re:"security consultant" John Schiefer (2, Funny)

dangitman (862676) | more than 6 years ago | (#21311025)

Please don't insult the thousands of honest security consultants

Wait, do you mean to tell me that such people actually exist? Doesn't sound plausible to me.

They never say how they were caught (1)

kryten250 (1177211) | more than 6 years ago | (#21310283)

I suspect he registered the domains he purchased with the stolen paypal accounts in his own name, or the items he bought with the accounts he had to delivered to his house.

punishment (1)

resfilter (960880) | more than 6 years ago | (#21310323)

it's so hard to make the punishment fit the crime with these people

there almost needs to be special jails to punish obscene internet abusers

i won't try to describe such a facility for you, let us hope that your imagination is as good as mine

Re:punishment (1)

Sanat (702) | more than 6 years ago | (#21310961)

How about something like spending the rest of their lifetime in Athens, Ohio

And for the really bad ones... Youngstown, Ohio

Crime and Punishment (3, Interesting)

Synonymous Bosch (957964) | more than 6 years ago | (#21310361)

There's nothing constructive to derive from this post but pointless speculation. Let that take care of the concerns of the trolls and critics right off the bat, nothing to see here, move along.

Anyways, I've been doing a bit of thinking about this issue.

You often hear about 'white collar' criminals being given massive sentences. They could be organisers of international software piracy rings, super electronic fraudsters (like the one mentioned in the original parent article), whatever. The numbers of years they are sentenced to and dollars they are fined just seem to get bigger and bigger each time i hear a new story.

New laws are increasingly being passed to raise the penalties for electronic crimes. These harsher penalties don't seem to be acting as much of a deterrent, however.

The economic damage caused by internet and computer crime is staggering, the number of victims (as seen in the article) in the hundreds of thousands, potentially even millions. Could there come a time where these crimes could incur capital punishment?

disclaimer: i come from a country without the death penalty, and personally don't understand the necessity for it, so don't read this as my supporting the idea. This isn't about my personal philosophy.

Murder is already a capital crime in a number of US states. People are already being executed in many countries for crimes other than murder. Drug trafficking, serious sexual offences, could it be a relatively a small step for internet crimes to escalate into capital territory?

The internet being international as it is and the victims of these crimes often being selected so indiscriminately, could it be a matter of time before an american committing e-fraud is indicted in a country where his crimes are of a capital nature?

Extrapolating ludicrously, could a european citizen not subject to capital punishment be indicted by an america where their internet-based crime warrants the death penalty?

It's controversial enough when a citizen of a country that doesn't have the death penalty is sentenced to death in one that does. Imagine if the crime they committed was something we might look at as being comparatively trivial in nature.

Re:Crime and Punishment (4, Informative)

despisethesun (880261) | more than 6 years ago | (#21310467)

Extrapolating ludicrously, could a european citizen not subject to capital punishment be indicted by an america where their internet-based crime warrants the death penalty?
It's worth noting that most countries without the death penalty will not extradite you to a country with the death penalty if you're facing that punishment when you get there. They generally require assurances that you will face life without parole if convicted instead.

Re:Crime and Punishment (1)

Synonymous Bosch (957964) | more than 6 years ago | (#21310485)

Having a sentence of death over your head in a foreign country does kinda remove it from your list of potential holiday destinations, however :)

Or connecting international flights...

Re:Crime and Punishment (3, Informative)

AceCaseOR (594637) | more than 6 years ago | (#21310545)

Murder is already a capital crime in a number of US states. People are already being executed in many countries for crimes other than murder. Drug trafficking, serious sexual offences, could it be a relatively a small step for internet crimes to escalate into capital territory?
I'm going to say this isn't very likely. At least in the US, people are only executed for crimes where they cause direct physical harm to another person (generally murder and occasionally rape). For other offences you generally get a life sentence, or defacto life sentence (say 135 years in the clink).

Re:Crime and Punishment (1)

IdolizingStewie (878683) | more than 6 years ago | (#21310891)

Not quite true. Treason and espionage are punishable by death (see the Rosenbergs [wikipedia.org] ), as is desertion in wartime (see Eddie Slovik [wikipedia.org] ). These are, however, the most recent examples, so for all intents and purposes the parent is true.

I warned him. (0)

Anonymous Coward | more than 6 years ago | (#21310391)

I warned him, god dammit. Got the FBI sent to my house over this shit.

what should happen (1)

FudRucker (866063) | more than 6 years ago | (#21310525)

he should be fined for everything he has, 100% of his money in all banking accounts, have all his property taken away, real estate, valuables = gold, jewelry, computers, TVs, stereos, etc... everything he owns, and given a long prison sentence of 40 years...

Re:what should happen (1)

tftp (111690) | more than 6 years ago | (#21310657)

What's the point of such a sentence? He'd get out when he is 65 years old, without money, without home and obviously without work. The first rational thing he'd do is to jump off of a bridge. Why then did you, a taxpayer, housed and fed him for most of his life? You should either give him a reasonable sentence (not more than 5-10 years, allowing rehabilitation) or instant death.

Re:what should happen (1)

Belacgod (1103921) | more than 6 years ago | (#21310687)

Sentence him to 50% wage garnishment for life.

Re:what should happen (1)

icebrain (944107) | more than 6 years ago | (#21310851)

"...and given a long prison sentence of 40 years in Federal Pound-Me-In-The-Ass prison..."

There, fixed that for you.

THIS is why u never hire a blackhat (0)

Anonymous Coward | more than 6 years ago | (#21310539)

ONCE a blackhat, ALWAYS a blackhat -rite foyoder?

Security Fix has an exclusive interview (2, Informative)

tsu doh nimh (609154) | more than 6 years ago | (#21310763)

from the story:....Schiefer said he and his friends spread the bot programs mainly over AOL Instant Messenger (AIM). By using malicious "spreader" programs such as Niteaim and AIM Exploiter, Schiefer and his co-conspirators spammed out messages inviting recipients to click on a link. Anyone who took the bait had a "Trojan horse" program downloaded to their machine, an invader that then tried to fetch the malicious bot program." Read more at this link here [washingtonpost.com] .

The Russian Business Network are laughing at his (1)

XNine (1009883) | more than 6 years ago | (#21310817)

stupid ass right about now... How do you say "n00b" in Russian?

60 years, not long enough (0)

Anonymous Coward | more than 6 years ago | (#21310869)

If my math is correct, serving 60 years for infecting 250,000 PCs is roughly 2.1 hours of jail time per infection. I've had a headache last longer than that. I think for starters, he needs to write "I will not infect other people's computers with password stealing viruses" 250,000 times, with a poorly sharpened pencil. I then think he should be made to eat every last page.

Approx 2 hrs jail time (max) per machine (0)

Anonymous Coward | more than 6 years ago | (#21310941)

according to my math

Hard punishment? Hardly. (4, Interesting)

Opportunist (166417) | more than 6 years ago | (#21311013)

I'm the last person to support insane prison time and fines as a deterrent. It ain't one. It never has been and never will be. Look at the insane punishments we got today for copyright infringement. And I'm not even talking about the civil suits for "damages" (or as I like to call it "the MI's new business model"). We now got 10 years prison time for that as a maximum sentence. For the same penalty, I could rob a bank, hold people hostage for a few hours and wreck a getaway card into a school.

This isn't just a "simple" criminal using malware to steal IDs. He was the guy who was supposed to disallow exactly that. He was the one people trusted to keep them clean from malware. Now, he didn't just fail in his job and allow it despite his attempts, he deliberately and intentionally infected his clients' computers.

That's why I don't think this punishment is overdone. We're talking about the maybe most insidious way of breaking a law: Getting people's trust, getting them to believe you you're going to keep them save from just what you want to do to them. It's like a cop breaking into your home or your babysitter ... ok, no thinkofthechildren examples. But you get the idea.

This is NOT the punishment I'd see as adequate for a "normal" malware attacker (even though I would love to see them dangling from their dangling bits, but that's my personal opinion).

As for those that expect him to get out after 5 years and have a great job then, I can tell you this: I can't say anything about his time, but his job opportunities are going to be slim. The security industry isn't big. People know each other. People like this are going to be not known, they are infamous. And nobody will willingly touch him with a 10 foot pole.

his ONLY mistake (0)

Anonymous Coward | more than 6 years ago | (#21311027)

was not being a giant multinational corporation. (sony)

then it's 'ok' to infect people.

learn the lesson. incorporate before you do the crime.
Load More Comments
Slashdot Login

Need an Account?

Forgot your password?

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>