Anonymous Member Sentenced For Joining DDoS Attack For One Minute

jfruh writes "One of the most potent aspects of Anonymous is, well, its anonymity — but that isn't absolute. Eric Rosol was caught by federal authorities participating in a DDoS attack on a company owned by Koch Industry; for knocking a website offline for 15 minutes, Rosol got two years of probation and had to pay $183,000 in restitution (the amount Koch paid to a security consultant to protect its website ater the attack)." The worst part? From the article: "Eric J. Rosol, 38, is said to have admitted that on Feb. 28, 2011, he took part in a denial of service attack for about a minute on a Web page of Koch Industries..."

And they wonder why...

[TerminaMorte]

no one trusts the "justice" system anymore. One minute of using an automated tool is apparently a worse offense than crashing the economy.

Re:And they wonder why...

[Ian Grant]

Where's the "Like" button? There's just something egregiously wrong when you can be fined $183,000 and get two years probation for something like participating in a short-lived denial of service attack. That's a wildly disproportionate punishment!

Re:And they wonder why...

[aeranvar]

I wonder how long it will be before a company attempts to make a DoS case against someone for visiting a site once. I could see the prosecutor in the Aaron Swartz case trying this. He was conducting a denial of service attack simply by visiting the download site for those academic journal articles. It just wasn't a very good DoS attack.

Re:And they wonder why...

[mobby_6kl]

>Where's the "Like" button?

That's the "Insightful" or "Interesting" option, which you don't have but I do. Oops!

Re:

[VortexCortex]

Unsurprisingly, this is a preemptive measure to prevent DoS of the moderation system.

Re:And they wonder why...

[CohibaVancouver]

That's the "Insightful" or "Interesting" option, which you don't have but I do. Oops!

Not to be confused with the [I Disagree] option, which is labelled "Troll" and/or "Flamebait."

Re:

[X0563511]

... and this is why people have been trying (unsuccessfully) to get the legislature to do something about the CFAA and such for years. It's massively abused, but nobody wants to fix it.

Re:

[Guppy]

That's a wildly disproportionate punishment!

"Kill the Chicken to Scare the Monkey" -- Chinese Saying

Re:And they wonder why...

[AIphaWolf_HK]

That's not justice at all, like the other one said. If police are too incompetent, or it is unfeasible to catch most people who commit a certain crime, they can't (or rather, shouldn't) punish those they do catch much more severely simply because they can't catch other people who commit said crime. Justice > security.

Re:And they wonder why...

[SecurityTheatre]

Oh, you're falling into the Austrian Economics trap of thinking of everything as a rational system.

People aren't rational. People who are violating the law especially aren't rational.

There is ample statistics that show increases in penalties do not have a linear impact on crime on any macro scale and in many cases, increases in punishment result in no net increase in compliance.

They do, however, from a utilitarian view, impact the overall good generated by the justice system.

Therefore increasing penalties shows a diminishing return (and a rather rapid one, in my view).

I view a 1 minute DoS attack as roughly akin to orchestrating one minute of blocking the entrance to a store (or maybe multiple stores). Such an act, while punishable by a trespassing fine, probably on the order of $100-$500, the "online" equivalent of $183,000 and two years probation does not match the act, especially when he was one of only several thousand people doing the same thing.

There are a few countries in the 1960s and 1970s that adopted the policy that there is no social justification for "making an example" of someone, and that the purpose of the justice system is rehabilitation and fair application of rules, rather than vindictive retribution, catharsis for victims, or the attempt to squash crime through draconian punishments.

Those countries (Norway, Denmark, Korea, New Zealand) stand in contrast to those countries who adopted a policy of "tough on crime" during the same period (the US, Britain, France). Looking back, the crime rates in these countries diverged, and today we find those countries with liberal justice systems having seen their crime rate drop much faster than those with draconian justice policy.

Sure, this is anecdote, but I don't buy vengance or harsh deterrence as justified reasons for rolling out the stocks on the few people who are caught at a relatively rare crime.

Boycott == legacy DDOS tech

[Rob Y.]

Well, there's one DDOS attack that's perfectly legal. Boycott Koch Industries and all their products. Of course it'd take some hunting to find out just what Koch does besides drill for oil, foul the environment and inject tons of money to corrupt the political system to their ends.

Re:

[kaladorn]

They refer to it most of the time as 'the legal system' versus the 'justice system'.

Justice system is most often a misnomer. We can rarely provide any worthwhile justice. We can, however, enforce a code of laws.

I think the penalty here is vastly disproportionate. On the other hand, I do think the guy knowingly broke the law and should have suffered a penalty. Probation for two years seems reasonable. The fine should have been more in the $5-10K range as a 'hurts but won't kill you' fine. It has to be bad en

Re:And they wonder why...

[VortexCortex]

deterrence

Prove the deterrence exists, otherwise the equation is irrational: Based zero evidence, and on speculative bullshit instead.

Re:And they wonder why...

[ultranova]

D=P*S-B, or Deterrence = (Probability of getting caught) * (Severity of punishment) - Benefit.

Since very few participants in a DDoS get caught, the punishment must be severe to have much deterrence.

The actualy formula for deterrence (0 - expected utility) is: Deterrence = (Probability of getting caught) * (Severity of punishment) - (Benefit) * (1 - (Probability of getting caught)).

This doesn't actually work for three reasons:

1. 1. People are bad at estimating probabilities, so low probs get rounded to zero.
2. 2. People don't like to think bad things, so the more severe the punishment, the less likely the potential criminal is to imagine it being applied to him - robbing it of much or all of its power.
3. 3. If you are hated, for example because you are perceived to be an unjust tyrant who hands over disproportionate punishments to compensate for incompetent police, the Benefit will go up, since people want to oppose you.

Even ancient Rome, where conservatives demanded criminals be crucified and bleeding-heart liberals merely fed them to lions, never ran out of them.

Another way this is misleading is that the lifetime of debt slavery - what the $183,000 amounts to - is not considered the punishment. 2 years probation is the punishment; $183,000 is "damages". Thus what we have here is an example of a rather nasty loophole in the law, where the main part of a punishment is not subject to normal lawmaking process but is rather ordered by the judge on a case-by-case basis. This leads to exactly this kind of perversions.

Compare: if my dog took a dumb in your lawn, would I be quilty and should I clean it up? Absolutely. If you then spent $183,000 to dog-proof your yard, should I pay for it? Of course not, that's crazy. Except that's exactly what happend here.

Re:And they wonder why...

[jwhitener]

What evidence is there for stricter laws deterring more crime?

What little I can find runs opposite to that notion. Specifically, the 3 strikes you get life laws have been shown to have zero effect deterring crime.

Re:

[Dthief]

That woman got raped in her home....well why didnt she install the better locks BEFORE the rape......

Re:And they wonder why...

[FriendlyLurker]

The tiered justice system [youtube.com] is working exactly as intended. Most of us are just on the wrong tier [startpage.com]...

Re:

[nucrash]

When you have lots of cash at your disposal, lobbyists on your payroll, and congressmen in your pocket, all things are legally possible. Even if you used an automated tool. We should use this man as our rallying cry to attack Koch Industries again. Also educate people on how to create civil disobedience and not get caught.

Re:And they wonder why...

[someSnarkyBastard]

...create civil disobedience and not get caught.

Then you are missing the point of civil disobedience. You are supposed to get caught, especially in places like the US where LEOs like to have a bit of theatricality in perp-walking someone out to the squad car. You want all the attention you can get, that's the point, you are calling attention to something you believe to be wrong.

Re:And they wonder why...

[Thanshin]

There are plenty of people who trust the Justice system. Those who have lawyers in retinue.

Re:

[macbeth66]

Right? And John Thain still runs free.

Re:And they wonder why...

[Richard_at_work]

How do you make that comparison? Just a few months ago JP Morgan was fined $14Billion by US and UK regulators for its involvement in various dealings leading up to the crash. So far, nearly $100Billion in fines has been handed out across the US and EU for suspect deals that contributed to the financial climate prior to the crash.

Re:And they wonder why...

[GameMaster]

$100 Billion may sound like a lot to you but that doesn't mean it's meaningful in regards to the actual damages done. More often than not when massive horrible things are done by Corporations (the crash of the financial/real estate markets, the Gulf oil spill, etc.) large corps get hit with penalties that look massive to an individual but actually only represent a small part of the true cost of restitution and only represent a day or two of operating profits at most for the company.

What happened in the story is so astonishingly unjustly inverted from that scenario because, in contrast, this guy was hit with the entire cost of the damages (even though he was only a tiny contributor to the actual crime, and that penalty probably represents many years worth of profits for him (minus the basic costs of living and taxes). It would be like fining JP Morgan all the Trillions of dollars that were estimated to have been lost throughout the economy because the courts didn't feel that they were likely to be able to clearly identify any of the other big players in the crime. Then, for good measure, make it so that the costs of litigating appeals of that verdict would be so expensive that it was guaranteed to drive the company into complete bankrupts (since even if this guy has a decent job and was able to afford a non-state appointed attorney for this trial it's unlikely he'll be able to hire a highly competent set of lawyers throughout the entire appeals process in the same way major companies to in order to successfully drive down the original, already too small, fines they are hit with).

Re:

[HornWumpus]

It's 100billion more then Freddy of Fanny will pay. You know the government chartered non-profits run by former executive branch big wigs that started the whole mess by buying crap mortgages in a misguided effort to engineer society? Freddy and Fanny.

Re:

[Rakarra]

Don't forget this part: the amount Koch paid to a security consultant to protect its website ater the attack

So if I have no locks on my door, and someone comes in, they need to pay for the locks I decide maybe I should have had on my door?

That's not how computer security works though. This was a DDoS attack. It's more like having a decent lock on your door, but then someone uses a battering ram so you spring for a steel-reinforced door instead.

Re:And they wonder why...

[anagama]

http://www.rollingstone.com/politics/blogs/taibblog/nobody-should-shed-a-tear-for-jp-morgan-chase-20131025 [rollingstone.com]

• First of all, the settlement, as the folks at Better Markets have pointed out, may wipe out between $100 billion and $200 billion in potential liability -- meaning that the bank might just have settled "for ten cents or so on the dollar." ...
• Moreover, the settlement is only $9 billion in cash, with $4 billion earmarked for "mortgage relief." Again, as Better Markets noted, we've seen settlements with orders of mortgage relief before, and banks seem to have many canny ways of getting out of the spirit of these requirements. ...
• There's also the matter of the remaining $9 billion in fines being tax deductible (meaning we're subsidizing the settlement), and the fact that Chase is reportedly trying to get the FDIC to assume some of Washington Mutual's liability.
• But overall, the key to this whole thing is that the punishment is just money, and not a crippling amount, and not from any individual's pocket, either. In fact, the deal that has just been completed between Chase and the state represents the end, or near the end, of a long process by which people who committed essentially the same crimes as Bernie Madoff will walk away without paying any individual penalty. ...
• A few more notes on the deal. This latest settlement reportedly came about when CEO Jamie Dimon picked up the phone and called a high-ranking lieutenant of Attorney General Holder, who was about to hold a press conference announcing civil charges against the bank. The Justice Department meekly took the call, canceled the presser, and worked out this hideous deal, instead of doing the right thing and blowing off the self-important Wall Street hotshot long used to resolving meddlesome issues with the gift of his personal attention.

Re:

[50000BTU_barbecue]

There is no justice system in the sense of a healthcare system like in Canada. There is a legal market where you can buy all the legality you can afford. "Justice"? Not so much.

Re:And they wonder why...

[sycodon]

Not one mention of Republicans in that link.

So, you are just guessing? Hoping? Accusing?

We know you are lying, that's plain to see by visiting the link.

Or, you are just being a dick.

Re:And they wonder why...

[JackieBrown]

He assumes no one will check the link and just go by what he posted (as the modding and other responses demonstrate.)

Re:And they wonder why...

[krygny]

Why is someone who uses legal tax exemptions the one to blame? How about the congresspukes who add 4,000 pages of exemptions, credits and penalties to the tax code every year?

Taxes are not merely intended to take in revenue. You don't need 80,000 pages to do that. The principal purpose of the tax code is to control, or at least influence "behavior". And we all know what the IRS is for.

Importance

[fluffythedestroyer]

1 minute or 15, you were there, your guilty. Plain and simple. so for me thats not the worst part. It seems to be a fair part if you ask me

Re:Importance

[WillAdams]

Financial penalties should be proportional:

  - how many others participated in this DDOS? divide by that number
  - how long were other machines involved in this? divide by that time
  - how fast was his internet connection in comparison to the others? divide by that

He admitted to guilt, but it's not fair to hold him completely financially responsible simply because he was the only person they were able to catch and was honest enough to confess.

Re:Importance

[Anonymous Coward]

Charging the defendants with the cost of 'fixing' their web site is bogus, because they should have had that done in the first place to prevent themselves from being open to attack

Re:Importance

[Anonymous Coward]

Charging robbers for the cost of replacing doors is bogus, because the home owner should have installed steel vault doors in the first place to prevent themselves from being open to attack.

Re:Importance

[halltk1983]

Most robbers don't pay to fix the homeowners homes. Nor do they pay for the homeowners to install security systems, or hire a security guard to patrol the premises.

Re:Importance

[sumdumass]

Actually they do. Had a meth head that kept breaking into my fathers garage and stealing tools to pawn. Installed some cameras and actually caught some kid about 15 or so doing it. The judge orderd him to pay for the cameras plus all the tools stolen over the 5 or 6 break ins. We sued his parents and got a judgement for $15k in all.this was around 2000 or so. It covered the instalation of the security system, cameras, and time taken off work to rush homr and see what was stolen this time.

Re:Websites are public places.

[arth1]

The problem with your analogy is that in the case of murder, if a second person gets caught, he'll face murder charges too. There is no restitution - it's punitive.

But in this case, where the only person who got caught was faced with the entire charge, a second person who gets caught won't have to pay anything because it's already paid. It destroys equality in front of the law.

Either that, or you make the second person pay the same amount, and then you have a victim or court system that profits from him being caught. Which both are even worse alternatives.

The damage he should pay is what damage he caused. Nothing more, nothing less.

Re:Importance

[MikeBabcock]

The charge here is that you stood in front of someone's house and didn't let their friends in.

Lets at least understand the analogy ... no *damage* was done to the home by the criminal in this case. The upgrades were just to prevent the same thing from happening again.

Legally speaking, I'd put this down as "wrong" in the same category as repeatedly ringing someone's doorbell all day to annoy them and not letting people into the driveway by standing in the way.

Re:

[Etherwalk]

No, it should be higher than that--you have to multiply it enough that it discourages the behavior. That's how legal penalties work, even in a consequentialist rather than retributivist model. That means you have to take into account the probability of getting caught, which is low.

Re:Importance

[jedidiah]

Even under that model an absurdly high number is still an absurdly high number. He can never repay it. Thus it will never be repaid. The "punitive benefit" of that number is entirely bogus.

Justice is never served by an unreasonably high number.

It's far more likely to increase disrespect for the law.

Re:Importance

[SuricouRaven]

There's an old expression: Might as well be hung for a sheep as for a lamb.

Roughly meaning: If the punishment for a minor crime is going to ruin you, why stop at minor? Go for something serious. They can't make the punishment any worse.

Re:Importance

[anagama]

A salient example of s/sheep/lamb/ is the drug war which has become ever more violent over time as penalties for getting caught become ever more draconian. If you're going to do a life (or close to it) sentence for getting caught, might as well just kill the person trying to catch you or witnessing what you are doing, and improve your chance of remaining free.

Re:Importance

[HornWumpus]

No. Fear of punishment is the thing that keeps me on my toes when committing serious crimes.

As it should be.

The real problem is there are so many laws and 'serious crimes' that I commit them by accident.

Re:

[JLennox]

My morality stops me from doing what's wrong. Fear of punishment is what stops me from breaking the law.

Laws are very [citation needed] in origin, they're not all based on morality or facts.

Re:

[Whorhay]

Except that wasn't a fine it was a retribution payment. He is being made to pay for 100% of the damages though he probably represented less than a small fraction of a single percentage of the attack. So what happens if they manage to find another one of the perpetrators, does that person get off without any financial penalties because the retribution has already been allocated to another?

Re:

[AlphaWolf_HK]

So the best way to discourage a DDoS is to say that the more people you involve in the DDoS, the less punishment you should receive for getting caught?

I can't think of a better way to encourage DDoS participation to be honest.

I don't know about anybody else, but I think a DDoS is a form of censorship. A website provides information, effectively making it speech. Even if it is speech you disagree with, you should let it be. Personally, I hate communism more than just about anything, but I wouldn't ever encou

Re:Importance

[ganjadude]

Some could argue that a DDoS is nothing more than "freedom of assembly" A modern day sit in if you will

Re:Importance

[MikeBabcock]

A DDoS should be punished with community service; its no different from protesting a store you dislike and making it hard for customers to get in.

Re:Importance

[anagama]

Sorry massa, didn't mean to sit on the whites only seat. I'll go pay the fine I should morally have to pay now for breaking this fine and just law.

Re:

[Thanshin]

You are completely right?

That's why we need snipers in every building, ready to take down anyone who breaks any law!

You spit a chewing gum on a public street? BAM! HEADSHOT!

Re:Importance

[Psion]

Yes, but what if one of the snipers breaks a law? Hmmm? Who snipes the snipers?

Re:Importance

[mooingyak]

Who snipes the snipers?

I prefer it in Latin, "Quis snipodiet ipsos snipodes?"

Re:

[geogob]

You killed one person or 800'000, you did it, you're guilty of genocide.

Examples following this lead can be pushed to the absurd... it only shows how this is absurd as well.

Re:

[Bengie]

The CO2 you emit is only killing the world a little bit, so you must be charged with mass genocide. There is a difference between a little and a lot.

Re:Importance

[sumdumass]

I don't know why you were modded down. In my home town, as a prank arouns graduation, the seniors would dump liquid soap in a fountain so it would bubble all over the place. It was visible on the main drag. Another aspect was putting that art celulous over the lights illuminating it to match the school colors (blue and gold). It took about 50 graduates in order to do it without getting picked up by the cameras. One year, they put sensors in the foutain that went off when the soap changed the ph levels enough alerting the city to what was happening. Out of about 100 students that participated 6 where caught- 4 who hadn't even dumped the soap yet and they had to pay for the entiee security theator that ensued for a midemeanor act of mischief. The sad part is that this had happened for so long, everyone thought the city was in on it and we just needed to watch out for the caretaker who would be upset because he had to clean it later.

I learned then that you aren't 2% guilty. If you participate, you are 100% liable and that liability includes what they spent in response to your actions. This was back in the late 80s early 90s. Nothing new with this kid outside of what was vandalized.

Re:

[DaveV1.0]

Don't forget about the felony murder rule [wikipedia.org]. That one is often a shock to people involved in a crime.

Re:

[Zantac69]

Fluffy did have a good point. If you participate in a criminal action - then you are potentially on the line for the whole kit and kaboodle. Running a red light is not even the same sport. I wont get a ticket if I am a passenger in the car that runs a red light, but I sure as shit would if I was driving my car and ran the light along with a long string of others. Now - should Rosol have to pay for the bug fix? Hell no - thats like having a criminal pay for a new type of lock because they picked the oth

Re:

[SJHillman]

The problem with that is they wouldn't ticket you for every car that ran the redlight, only yours. However, you might be on the hook for something like conspiracy to run red lights (it's an imperfect analogy).

Re:

[X0563511]

I like to point people at this nifty bit of reading. [crime-research.org]

These people

[i kan reed]

These people need to learn what actual violence against them and their property is, so that proportionate responses have value.

If your entire life is going to be ruined for any sort of protest, the natural incentive is to go in for intimidation, murder, arson, whatever to make their lives really hell instead.

Re:

[i kan reed]

Not that I'm endorsing DDOSing, just reacting to disproportionate responses.

Actual Violence

[SuperKendall]

These people need to learn what actual violence against them and their property is

Then you get to learn what ACTUAL violence is, either buy police officer or prison inmate.

Let me know when you want off the not-so-merry-go-round.

If your entire life is going to be ruined for any sort of protest, the natural incentive is to go...

Except that property damage is not protest.

Actions that will ruin my entire life do not "incent" me to act worse, they in fact very much incent me not to ruin my life. It is possible to protest without damaging anyone or anything, a fact that seems lost on many groups these days.

Re:

[i kan reed]

How much does "police officer or prison inmate" cost?

Re:Actual Violence

[Hatta]

Then you get to learn what ACTUAL violence is, either buy police officer or prison inmate.

His point is that this fellow is learning what ACTUAL violence is, by police officer and prison inmate, for doing nothing more than sending TCP packets.

Except that property damage is not protest.

Two things: A DDOS is not property damage. And are you claiming the Boston Tea Party [wikipedia.org] was not a protest?

It is possible to protest without damaging anyone or anything

It's not possible to effectively protest anything in todays America. You can have your say all you want inside free speech zones, but you'll never be heard. What good is a phone call if you are unable to speak?

Re:Actual Violence

[Hatta]

Marriage equality in several states.

Fair enough.

Marijuana legalization in several states.

Notice that in both Colorado and Washington these measures were approved by the popular vote, not by legislators.

Stopping anti-union legislation in a few states.

Which states? Didn't help in Michigan or Wisconsin.

An effective protest is one where your opinions are heard and considered fairly

And that happens extremely rarely in the US. Marriage equality is one example, but a fairly trivial one. No one in power stands to gain or lose much when marriage equality is enacted. Try getting your voice heard when those in power are profiting off of the bad policy you are protesting. The overwhelming majority of issues are impossible for the public to affect because of such conflicts of interest.

Re:

[i kan reed]

Okay, I got the sarcastic spelling quibble out of my system. Let me reply a little more seriously to something you said.

Actions that will ruin my entire life do not "incent" me to act worse, they in fact very much incent me not to ruin my life

And yet evidence clearly shows people do it anyways. If the consequences are dramatic either way, what really holds them back?

Re:

[GameboyRMH]

So then what kind of protest against a corporate entity can't be skewed into property damage via "deprivation of business?"

Re:

[Sarten-X]

Damned right!

Let's get together a nice posse, and have ourselves a good ol' lynching! Vigilante justice is the best justice, right?

Re:

[ciderbrew]

Are you making a sarcastic point about disproportionate punishment and there being no difference between vigilante and misrepresentation of 'IN the best interests of the people' regarding corporate corruption of the courts / private companies acting as courts?

You Got Caught, Case Closed

[Anonymous Coward]

Doesn't matter if it was for one minute, one hour or one day. You did the crime, you do the crime. If you rape a woman for one minute, you get sentenced for the same as if you raped her for ten minutes.

This is a stupid and dumb angle to take slashdot. You should be utterly and completely ashamed to even articulate this.

Re:You Got Caught, Case Closed

[GameboyRMH]

This is ridiculous. He didn't rape anyone. He didn't hurt anyone. He rapidly requested web pages for 1 minute, slightly contributing to a computer bogging down. In a less batshit-crazy, less rabidly corporatist world, this would carry a punishment on par with dropping a cigarette butt on the street.

One minute? Oh, my...

[Noryungi]

What about that curl-loader test I did that lasted for two hours?

Oh wait, that was at my job. Never mind, carry on...

The Crime of Admission

[Dialecticus]

Then wasn't his real crime admitting to being involved? After all, until that point, it could have been someone else using his internet, or spoofing his IP, or that his computer had been compromised and made part of a botnet, etc. And it would seem obvious that the effect on the site would have been no different had he done nothing whatsoever.

No, the worst part was joining in the attack

[SuperKendall]

Knowingly trying to bring down web sites is a crime. Should we also not arrest people if they only throw one brick through a store window but do not take anything? Should we also not arrest people who kick someone only once when lying on the ground?

A crime is a crime, and the act of committing a crime takes only the moment you decide you are going to commit it. The duration of the actual crime hardly matters when compared to intent.

Also, consider the fact that the minute is only the point they could prove what he did, if he was willing to aid in DDOS attacks who knows how many other people he helped attack in the past?

Re:No, the worst part was joining in the attack

[rich_hudds]

You don't get fined $183,000 for throwing a brick through a window though.

It's supposed to be a justice system, and that fine is clearly unjust.

Re:No, the worst part was joining in the attack

[harvestsun]

Yes, we should arrest people that throw a brick through a window. But we should fine them the price of the window, not the price of hiring an elite security team to protect the window from future brick attacks.

Re:

[Shados]

So every time I break a window, the worse thing that can happen, in the very unlikely event that I get caught, is that I pay to replace the window? Hell, even if you tack on 300% punitive damage, the odds of me getting caught is so damn low, I probably can break the entire city's windows.

Since when I finally do get caught, they probably won't be able to prove it was me who did all the others (its not the most uncommon of crimes)... so I break 1000 windows, and, including punitive damage, I'm only on the hoo

Re:

[jedidiah]

> So every time I break a window, the worse thing that can happen, in the very unlikely event that I get caught, is that I pay to replace the window?

Pretty much. This is a very basic and OLD legal principle.

It's BIBLICAL even.

You know... all of that "eye for an eye" stuff. It's not just about poking people's eyes out.

But we all know that there's a blatant double standard here. Tort reform for the rich, crime and punishment for the poor.

I am focusing on "worst part" comment

[SuperKendall]

First of all, you'll note I am mainly referring to the comment that the 'worst part" is that he only participated for a minute. You seem to be arguing the worst part is the fine.

I partly agree, however I would also say that computers allow us to magnify actions beyond what we can do physically - just as we can send a message to millions via computer, we can also easily do millions of dollars in damage via computer to. I can't say what the right fine would be but it's probably not proportional to what someone would think one persons fine should be...

Re:

[TheCarp]

Exactly. The price of fixing the window is the price the malcontent causes them. The extra security and upgrades to the window to deal with future bricks is.... their choice. I mean, if I destroy your dodge neon. Its perfectly fair to say I need to to pay you its replacement value; and probably more if it was malicious; Its replacement value is not the cost of the Ferrari you decided you wanted to upgrade to since you had to get a new car anyway.

Re:No, the worst part was joining in the attack

[DarkOx]

Two things should happen when you toss a brick through a store window. First the owner or perhaps the state on the owners behalf should initiate a civil proceeding against you where minimally upon being found liable be compelled to pay the full replacement and installation costs of a new window. Additional you might reasonably be expected to compensate the owner for the temporary loss of use of his property while the windows is being repaired. You must compensate for the harm to the owners property.

Then a criminal charges should be brought against you because its not in societies interest to have people thinking they can go around and break windows. Given throwing bricks through plate glass in public places has a high probability of injuring others that penalty too should be not insignificant. When its all said and does committing a senseless destructive act of vandalism like that should set you back a few thousand dollars; in the interest of justice.

Now lets think about the DDOS attack. Its vandalism pretty similar; but unless you are DDOS a hospital, public utility, or some government sites and similar there is basically no probability of anyone getting hurt as a direct consequence. So if anything the harm is automatically much lower. Unlike the window your computer is still perfectly fine once the DDOS is over and done with. So we are really down to society wanting to discourage vandalism and the short term loss of the use of property. Seems to me the penalty might be tied to the revenue the site nominally generates during the period for the owners and a little wrist for society to remind you not to be a prick.

183K is way out of line for 60 of participation in a DDOS, even if your hitting a site like Amazon.

Re:No, the worst part was joining in the attack

[Ian Grant]

Proportionality is important, too. His punishment was wildly out of proportion to the offense.

Re:

[jedidiah]

The real problem is that he's likely never going to be able to repay it. This fine is a fiction. Such fiction undermines the law and respect for same.

Something sane that this person could actually pay would have been much more meaningful in terms of law and order.

Re:

[oodaloop]

And if 8,000 people threw the brick, don't charge each person with the entire cost. He's guilty and should be charged, but the punishment is not proportional to the crime.

Re:

[BaronAaron]

Yes, a crime is a crime, but if we are going to build analogies with real world crimes they should at least be correct.

Obviously many DDOS attacks are not carried out by volunteers. They are instead vast hijacked zombie farms under the control a few people. In those cases the term "attack" makes more sense. From my understanding this DDOS attack was carried out by volunteers though. It should really be considered a protest.

What if this guy was part of a real world flash mob that formed in front of a Koch's

Re:

[Sarten-X]

Yes, yes it was.

That's what made it civil disobedience, and that's why people were arrested and fined for it, until the Supreme Court [wikipedia.org] overturned the law.

But when the situation is reversed....

[ikedasquid]

and the MPAA issues a successful DMCA takedown (automated) for something they do not own the rights to....nothing happens.

Re:But when the situation is reversed....

[real gumby]

Your subject line raises an interesting point: I'd never before recognized that the Koch brothers' advertising and astroturfing is just a DDoS of the airwaves (and public discourse).

I already knew it is evil, but this takes it to a new level!

But your honor!

[tacroy]

But your honor, I only pulled the trigger for 1 second, 2 tops! While the fine seems FREAKING large I can appreciate that it was tied directly too a purpose. i.e. the amount paid to hire someone to secure the site. But I feel attaching it to the actual value lost (5k) would have been more fair, maybe with a bit extra to be punitive? I imagine that if they caught more people the fine would have been spread out among them? But I don't understand why intent to do harm would in any way be lessened because "I only did the bad thing for a short period of time."

Well stop trying to hack people!

[jellomizer]

1. It is ineffective. The Koch brothers stance that there is some Liberal Conspiracy going on, hacking them and creating a DOS only proves their paranoia, and only makes them more resolved to continue.

2. It could hurt the wrong people. Are you hitting only their data center, or is that data center shared with other organizations as well. I had a job at a placed that hosted Electronic medical records. We had an external hosting site... They also hosted a big evil bank. They DOS the Bank but they also DOS thousands of doctors EMR systems. Granted we had a backup route, but that may not be the case.

3. You put your views on the moral low ground. Are your point so week and irrational that you need to jump into a technological bulling to get your point across.

Follow the rules

[mtrachtenberg]

The rules of modern day America are pretty simple. You have liberty to do whatever you like, but DON'T FUCK WITH THE OWNERS.

Re:

[account_deleted]

Comment removed based on user account deletion

Slashdotting == DDOS?

[stevegee58]

We DDOS web sites all the time here and it's usually for more than 1 minute.

Don't talk to the poilce

[ciderbrew]

"An law school professor and former criminal defense attorney tells you why you should never agree to be interviewed by the police. "
http://www.youtube.com/watch?v=6wXkI4t7nuc [youtube.com]

It is an old clip and I've never been to sure about the UK use of this information regarding the Silence gives consent maxim of common law.

(D)DOS is the "burning books" of current century

[xxxJonBoyxxx]

Remember when people burned the books and pamphlets of their political opponents? How well did that work?

If you're annoyed at someone, please don't (D)DOS their site - it just strengthens their point and conviction.

It's how US justice works

[Zontar_Thing_From_Ve]

I'm American, so I speak from experience. The US legal system allows punitive damages. Eric Rosol didn't have to actually go to jail - that was the fair part of the sentence. But US verdicts with insane monetary awards are not unusual. There's the infamous "McDonald's coffee" case which eventually got settled out of court for a never disclosed amount after a jury awarded what almost everybody in the US considered an unreasonable and probably insane amount of money in punitive damages. Jammie Thomas, the last person you'd ever want to fight the RIAA, has gotten a series of shocking judgements against her, far in excess of any real damage that was done by her. I served on a jury once that awarded punitive damages and they're meant to send a lesson to the guilty party and others (this part is key) that there are very real financial costs to certain actions. In this case, the message is clear that people should not do DOS activities or they too may be facing ruinous financial penalties. I haven't followed this case at all, so for all I know like Jammie Thomas, Rosol may be his own worst enemy and perhaps his demeanor in court led to this outcome. Juries really don't like arrogant defendants who insist that they did nothing wrong when the jury feels otherwise. I can tell you from experience that the vast majority of jurors are non-techies and some are actually tech hostile. These kinds of people also get easily swayed by prosecutor arguments that some great evil just happened that must be prevented in the future because they don't really understand what happened. Juries also sometimes get this subgroup of people (roughly 10% of the population by my estimation) who see the entire world in black and white and are obsessed with punishing rule breakers as they see them. These are the people who want draconian punishments for trivial offenses (ie. they'd support the death penalty for people who let a parking meter expire as "That will teach them not do that again!"). Sometimes on juries they are adamant that the "evil doer" has to get a very harsh sentence and if the other jurors really don't care, want to go home, and agree at least that the defendant really is guilty, the other jurors will just agree to large punitive damages so they can get on with their lives. It's difficult to get punitive damages reduced and there's no incentive in the US system for juries to really find a fair verdict. The system just wants them to all agree on the verdict and if 11 people give in to 1 stubborn crazy person, the US system accepts this as the cost for how the system works. The prevailing dogma that gets drilled into all law students and the American public in general is that the US jury system is the greatest of all possible systems and is the cornerstone of our democracy, so nobody on the legal side dares to question whether it really works as it is supposed to or not.

Re:

[UnknowingFool]

How does it set a dangerous precedent? He admitted to participating in the attacks and plead guilty not that his computer was taken over by a botnet.

Re:

[nicholasjay]

The length of time spent doing something illegal shouldn't absolve guilt that it was illegal in the first place. In my mind it's the same as the mob mentality that overtakes people during riots. Just because everyone else was looting more expensive goods doesn't excuse stealing something cheap.

And he wasn't just sending some traffic to a website. He was participating in a DDoS attack and full well knew what he was doing and what the group was trying to accomplish.

If you're going to break the law to try to

and they are part owners of private prisons

[Joe_Dragon]

and they are part owners of private prisons so they even make bank off of the prison time as well.

Re:

[Zaiff Urgulbunger]

and they are part owners of private prisons so they even make bank off of the prison time as well.

Yeah, they should be sued for insider trading! or something!

Seriously though, is $183K a reasonable price for what they needed doing? It sounds a tad expensive to me, so it would be interesting to know who created that invoice.