Forgot your password?
typodupeerror
Security The Courts

Anonymous Member Sentenced For Joining DDoS Attack For One Minute 562

Posted by Unknown Lamer
from the are-you-serious dept.
jfruh writes "One of the most potent aspects of Anonymous is, well, its anonymity — but that isn't absolute. Eric Rosol was caught by federal authorities participating in a DDoS attack on a company owned by Koch Industry; for knocking a website offline for 15 minutes, Rosol got two years of probation and had to pay $183,000 in restitution (the amount Koch paid to a security consultant to protect its website ater the attack)." The worst part? From the article: "Eric J. Rosol, 38, is said to have admitted that on Feb. 28, 2011, he took part in a denial of service attack for about a minute on a Web page of Koch Industries..."
This discussion has been archived. No new comments can be posted.

Anonymous Member Sentenced For Joining DDoS Attack For One Minute

Comments Filter:
  • These people (Score:5, Interesting)

    by i kan reed (749298) on Wednesday December 04, 2013 @11:53AM (#45595615) Homepage Journal

    These people need to learn what actual violence against them and their property is, so that proportionate responses have value.

    If your entire life is going to be ruined for any sort of protest, the natural incentive is to go in for intimidation, murder, arson, whatever to make their lives really hell instead.

  • Re:Importance (Score:5, Interesting)

    by WillAdams (45638) on Wednesday December 04, 2013 @11:55AM (#45595659) Homepage

    Financial penalties should be proportional:

      - how many others participated in this DDOS? divide by that number
      - how long were other machines involved in this? divide by that time
      - how fast was his internet connection in comparison to the others? divide by that

    He admitted to guilt, but it's not fair to hold him completely financially responsible simply because he was the only person they were able to catch and was honest enough to confess.

  • But your honor! (Score:4, Interesting)

    by tacroy (813477) on Wednesday December 04, 2013 @11:57AM (#45595675)
    But your honor, I only pulled the trigger for 1 second, 2 tops! While the fine seems FREAKING large I can appreciate that it was tied directly too a purpose. i.e. the amount paid to hire someone to secure the site. But I feel attaching it to the actual value lost (5k) would have been more fair, maybe with a bit extra to be punitive? I imagine that if they caught more people the fine would have been spread out among them? But I don't understand why intent to do harm would in any way be lessened because "I only did the bad thing for a short period of time."
  • Re:Importance (Score:4, Interesting)

    by Anonymous Coward on Wednesday December 04, 2013 @11:58AM (#45595699)

    Charging the defendants with the cost of 'fixing' their web site is bogus, because they should have had that done in the first place to prevent themselves from being open to attack

  • by jellomizer (103300) on Wednesday December 04, 2013 @11:58AM (#45595705)

    1. It is ineffective. The Koch brothers stance that there is some Liberal Conspiracy going on, hacking them and creating a DOS only proves their paranoia, and only makes them more resolved to continue.

    2. It could hurt the wrong people. Are you hitting only their data center, or is that data center shared with other organizations as well. I had a job at a placed that hosted Electronic medical records. We had an external hosting site... They also hosted a big evil bank. They DOS the Bank but they also DOS thousands of doctors EMR systems. Granted we had a backup route, but that may not be the case.

    3. You put your views on the moral low ground. Are your point so week and irrational that you need to jump into a technological bulling to get your point across.

  • by Ian Grant (3082979) on Wednesday December 04, 2013 @12:01PM (#45595751)
    Proportionality is important, too. His punishment was wildly out of proportion to the offense.
  • Reply (Score:1, Interesting)

    by Anonymous Coward on Wednesday December 04, 2013 @12:19PM (#45596061)

    But I thought Republicans are stupid. How could they possible bring down a website created by the genius Democrats, who are so much smarter than everyone else, and know best how we should all live our lives?

  • by aeranvar (2589619) on Wednesday December 04, 2013 @12:23PM (#45596113)
    I wonder how long it will be before a company attempts to make a DoS case against someone for visiting a site once. I could see the prosecutor in the Aaron Swartz case trying this. He was conducting a denial of service attack simply by visiting the download site for those academic journal articles. It just wasn't a very good DoS attack.
  • by Richard_at_work (517087) <richardprice.gmail@com> on Wednesday December 04, 2013 @12:29PM (#45596223)

    How do you make that comparison? Just a few months ago JP Morgan was fined $14Billion by US and UK regulators for its involvement in various dealings leading up to the crash. So far, nearly $100Billion in fines has been handed out across the US and EU for suspect deals that contributed to the financial climate prior to the crash.

  • Re:Importance (Score:5, Interesting)

    by SuricouRaven (1897204) on Wednesday December 04, 2013 @12:36PM (#45596357)

    There's an old expression: Might as well be hung for a sheep as for a lamb.

    Roughly meaning: If the punishment for a minor crime is going to ruin you, why stop at minor? Go for something serious. They can't make the punishment any worse.

  • Re:Importance (Score:5, Interesting)

    by sumdumass (711423) on Wednesday December 04, 2013 @12:36PM (#45596359) Journal

    I don't know why you were modded down. In my home town, as a prank arouns graduation, the seniors would dump liquid soap in a fountain so it would bubble all over the place. It was visible on the main drag. Another aspect was putting that art celulous over the lights illuminating it to match the school colors (blue and gold). It took about 50 graduates in order to do it without getting picked up by the cameras. One year, they put sensors in the foutain that went off when the soap changed the ph levels enough alerting the city to what was happening. Out of about 100 students that participated 6 where caught- 4 who hadn't even dumped the soap yet and they had to pay for the entiee security theator that ensued for a midemeanor act of mischief. The sad part is that this had happened for so long, everyone thought the city was in on it and we just needed to watch out for the caretaker who would be upset because he had to clean it later.

    I learned then that you aren't 2% guilty. If you participate, you are 100% liable and that liability includes what they spent in response to your actions. This was back in the late 80s early 90s. Nothing new with this kid outside of what was vandalized.

  • by HornWumpus (783565) on Wednesday December 04, 2013 @12:54PM (#45596603)

    It's 100billion more then Freddy of Fanny will pay. You know the government chartered non-profits run by former executive branch big wigs that started the whole mess by buying crap mortgages in a misguided effort to engineer society? Freddy and Fanny.

  • Re:Importance (Score:5, Interesting)

    by anagama (611277) <obamaisaneocon@nothingchanged.org> on Wednesday December 04, 2013 @01:05PM (#45596711) Homepage

    A salient example of s/sheep/lamb/ is the drug war which has become ever more violent over time as penalties for getting caught become ever more draconian. If you're going to do a life (or close to it) sentence for getting caught, might as well just kill the person trying to catch you or witnessing what you are doing, and improve your chance of remaining free.

  • by nucrash (549705) on Wednesday December 04, 2013 @01:05PM (#45596713)

    When you have lots of cash at your disposal, lobbyists on your payroll, and congressmen in your pocket, all things are legally possible. Even if you used an automated tool. We should use this man as our rallying cry to attack Koch Industries again. Also educate people on how to create civil disobedience and not get caught.

  • by Zontar_Thing_From_Ve (949321) on Wednesday December 04, 2013 @01:21PM (#45596965)
    I'm American, so I speak from experience. The US legal system allows punitive damages. Eric Rosol didn't have to actually go to jail - that was the fair part of the sentence. But US verdicts with insane monetary awards are not unusual. There's the infamous "McDonald's coffee" case which eventually got settled out of court for a never disclosed amount after a jury awarded what almost everybody in the US considered an unreasonable and probably insane amount of money in punitive damages. Jammie Thomas, the last person you'd ever want to fight the RIAA, has gotten a series of shocking judgements against her, far in excess of any real damage that was done by her. I served on a jury once that awarded punitive damages and they're meant to send a lesson to the guilty party and others (this part is key) that there are very real financial costs to certain actions. In this case, the message is clear that people should not do DOS activities or they too may be facing ruinous financial penalties. I haven't followed this case at all, so for all I know like Jammie Thomas, Rosol may be his own worst enemy and perhaps his demeanor in court led to this outcome. Juries really don't like arrogant defendants who insist that they did nothing wrong when the jury feels otherwise. I can tell you from experience that the vast majority of jurors are non-techies and some are actually tech hostile. These kinds of people also get easily swayed by prosecutor arguments that some great evil just happened that must be prevented in the future because they don't really understand what happened. Juries also sometimes get this subgroup of people (roughly 10% of the population by my estimation) who see the entire world in black and white and are obsessed with punishing rule breakers as they see them. These are the people who want draconian punishments for trivial offenses (ie. they'd support the death penalty for people who let a parking meter expire as "That will teach them not do that again!"). Sometimes on juries they are adamant that the "evil doer" has to get a very harsh sentence and if the other jurors really don't care, want to go home, and agree at least that the defendant really is guilty, the other jurors will just agree to large punitive damages so they can get on with their lives. It's difficult to get punitive damages reduced and there's no incentive in the US system for juries to really find a fair verdict. The system just wants them to all agree on the verdict and if 11 people give in to 1 stubborn crazy person, the US system accepts this as the cost for how the system works. The prevailing dogma that gets drilled into all law students and the American public in general is that the US jury system is the greatest of all possible systems and is the cornerstone of our democracy, so nobody on the legal side dares to question whether it really works as it is supposed to or not.
  • by ultranova (717540) on Wednesday December 04, 2013 @03:01PM (#45598371)

    D=P*S-B, or Deterrence = (Probability of getting caught) * (Severity of punishment) - Benefit.

    Since very few participants in a DDoS get caught, the punishment must be severe to have much deterrence.

    The actualy formula for deterrence (0 - expected utility) is: Deterrence = (Probability of getting caught) * (Severity of punishment) - (Benefit) * (1 - (Probability of getting caught)).

    This doesn't actually work for three reasons:

    1. 1. People are bad at estimating probabilities, so low probs get rounded to zero.
    2. 2. People don't like to think bad things, so the more severe the punishment, the less likely the potential criminal is to imagine it being applied to him - robbing it of much or all of its power.
    3. 3. If you are hated, for example because you are perceived to be an unjust tyrant who hands over disproportionate punishments to compensate for incompetent police, the Benefit will go up, since people want to oppose you.

    Even ancient Rome, where conservatives demanded criminals be crucified and bleeding-heart liberals merely fed them to lions, never ran out of them.

    Another way this is misleading is that the lifetime of debt slavery - what the $183,000 amounts to - is not considered the punishment. 2 years probation is the punishment; $183,000 is "damages". Thus what we have here is an example of a rather nasty loophole in the law, where the main part of a punishment is not subject to normal lawmaking process but is rather ordered by the judge on a case-by-case basis. This leads to exactly this kind of perversions.

    Compare: if my dog took a dumb in your lawn, would I be quilty and should I clean it up? Absolutely. If you then spent $183,000 to dog-proof your yard, should I pay for it? Of course not, that's crazy. Except that's exactly what happend here.

  • by jwhitener (198343) on Wednesday December 04, 2013 @03:23PM (#45598769)

    What evidence is there for stricter laws deterring more crime?

    What little I can find runs opposite to that notion. Specifically, the 3 strikes you get life laws have been shown to have zero effect deterring crime.

There are worse things in life than death. Have you ever spent an evening with an insurance salesman? -- Woody Allen

Working...