Please create an account to participate in the Slashdot moderation system


Forgot your password?
Security The Courts

Anonymous Member Sentenced For Joining DDoS Attack For One Minute 562

jfruh writes "One of the most potent aspects of Anonymous is, well, its anonymity — but that isn't absolute. Eric Rosol was caught by federal authorities participating in a DDoS attack on a company owned by Koch Industry; for knocking a website offline for 15 minutes, Rosol got two years of probation and had to pay $183,000 in restitution (the amount Koch paid to a security consultant to protect its website ater the attack)." The worst part? From the article: "Eric J. Rosol, 38, is said to have admitted that on Feb. 28, 2011, he took part in a denial of service attack for about a minute on a Web page of Koch Industries..."
This discussion has been archived. No new comments can be posted.

Anonymous Member Sentenced For Joining DDoS Attack For One Minute

Comments Filter:
  • by TerminaMorte ( 729622 ) on Wednesday December 04, 2013 @11:52AM (#45595601) Homepage
    no one trusts the "justice" system anymore. One minute of using an automated tool is apparently a worse offense than crashing the economy.
    • by Ian Grant ( 3082979 ) on Wednesday December 04, 2013 @12:00PM (#45595731)
      Where's the "Like" button? There's just something egregiously wrong when you can be fined $183,000 and get two years probation for something like participating in a short-lived denial of service attack. That's a wildly disproportionate punishment!
      • by aeranvar ( 2589619 ) on Wednesday December 04, 2013 @12:23PM (#45596113)
        I wonder how long it will be before a company attempts to make a DoS case against someone for visiting a site once. I could see the prosecutor in the Aaron Swartz case trying this. He was conducting a denial of service attack simply by visiting the download site for those academic journal articles. It just wasn't a very good DoS attack.
      • by mobby_6kl ( 668092 ) on Wednesday December 04, 2013 @12:30PM (#45596235)

        >Where's the "Like" button?

        That's the "Insightful" or "Interesting" option, which you don't have but I do. Oops!

      • ... and this is why people have been trying (unsuccessfully) to get the legislature to do something about the CFAA and such for years. It's massively abused, but nobody wants to fix it.

      • by Guppy ( 12314 )

        That's a wildly disproportionate punishment!

        "Kill the Chicken to Scare the Monkey" -- Chinese Saying

    • by FriendlyLurker ( 50431 ) on Wednesday December 04, 2013 @12:03PM (#45595787)
      The tiered justice system [] is working exactly as intended. Most of us are just on the wrong tier []...
      • Re: (Score:3, Interesting)

        by nucrash ( 549705 )

        When you have lots of cash at your disposal, lobbyists on your payroll, and congressmen in your pocket, all things are legally possible. Even if you used an automated tool. We should use this man as our rallying cry to attack Koch Industries again. Also educate people on how to create civil disobedience and not get caught.

        • by someSnarkyBastard ( 1521235 ) on Wednesday December 04, 2013 @02:26PM (#45597867)

          ...create civil disobedience and not get caught.

          Then you are missing the point of civil disobedience. You are supposed to get caught, especially in places like the US where LEOs like to have a bit of theatricality in perp-walking someone out to the squad car. You want all the attention you can get, that's the point, you are calling attention to something you believe to be wrong.

    • by Thanshin ( 1188877 ) on Wednesday December 04, 2013 @12:05PM (#45595825)

      There are plenty of people who trust the Justice system. Those who have lawyers in retinue.

    • Right? And John Thain still runs free.

    • by Richard_at_work ( 517087 ) <> on Wednesday December 04, 2013 @12:29PM (#45596223)

      How do you make that comparison? Just a few months ago JP Morgan was fined $14Billion by US and UK regulators for its involvement in various dealings leading up to the crash. So far, nearly $100Billion in fines has been handed out across the US and EU for suspect deals that contributed to the financial climate prior to the crash.

      • by GameMaster ( 148118 ) on Wednesday December 04, 2013 @12:49PM (#45596525)

        $100 Billion may sound like a lot to you but that doesn't mean it's meaningful in regards to the actual damages done. More often than not when massive horrible things are done by Corporations (the crash of the financial/real estate markets, the Gulf oil spill, etc.) large corps get hit with penalties that look massive to an individual but actually only represent a small part of the true cost of restitution and only represent a day or two of operating profits at most for the company.

        What happened in the story is so astonishingly unjustly inverted from that scenario because, in contrast, this guy was hit with the entire cost of the damages (even though he was only a tiny contributor to the actual crime, and that penalty probably represents many years worth of profits for him (minus the basic costs of living and taxes). It would be like fining JP Morgan all the Trillions of dollars that were estimated to have been lost throughout the economy because the courts didn't feel that they were likely to be able to clearly identify any of the other big players in the crime. Then, for good measure, make it so that the costs of litigating appeals of that verdict would be so expensive that it was guaranteed to drive the company into complete bankrupts (since even if this guy has a decent job and was able to afford a non-state appointed attorney for this trial it's unlikely he'll be able to hire a highly competent set of lawyers throughout the entire appeals process in the same way major companies to in order to successfully drive down the original, already too small, fines they are hit with).

        • Re: (Score:3, Interesting)

          by HornWumpus ( 783565 )

          It's 100billion more then Freddy of Fanny will pay. You know the government chartered non-profits run by former executive branch big wigs that started the whole mess by buying crap mortgages in a misguided effort to engineer society? Freddy and Fanny.

      • by anagama ( 611277 ) <> on Wednesday December 04, 2013 @12:52PM (#45596581) Homepage []

        • First of all, the settlement, as the folks at Better Markets have pointed out, may wipe out between $100 billion and $200 billion in potential liability -- meaning that the bank might just have settled "for ten cents or so on the dollar." ...
        • Moreover, the settlement is only $9 billion in cash, with $4 billion earmarked for "mortgage relief." Again, as Better Markets noted, we've seen settlements with orders of mortgage relief before, and banks seem to have many canny ways of getting out of the spirit of these requirements. ...
        • There's also the matter of the remaining $9 billion in fines being tax deductible (meaning we're subsidizing the settlement), and the fact that Chase is reportedly trying to get the FDIC to assume some of Washington Mutual's liability.
        • But overall, the key to this whole thing is that the punishment is just money, and not a crippling amount, and not from any individual's pocket, either. In fact, the deal that has just been completed between Chase and the state represents the end, or near the end, of a long process by which people who committed essentially the same crimes as Bernie Madoff will walk away without paying any individual penalty. ...
        • A few more notes on the deal. This latest settlement reportedly came about when CEO Jamie Dimon picked up the phone and called a high-ranking lieutenant of Attorney General Holder, who was about to hold a press conference announcing civil charges against the bank. The Justice Department meekly took the call, canceled the presser, and worked out this hideous deal, instead of doing the right thing and blowing off the self-important Wall Street hotshot long used to resolving meddlesome issues with the gift of his personal attention.
    • There is no justice system in the sense of a healthcare system like in Canada. There is a legal market where you can buy all the legality you can afford. "Justice"? Not so much.
  • Importance (Score:5, Insightful)

    by fluffythedestroyer ( 2586259 ) on Wednesday December 04, 2013 @11:52AM (#45595609) Homepage
    1 minute or 15, you were there, your guilty. Plain and simple. so for me thats not the worst part. It seems to be a fair part if you ask me
    • Re:Importance (Score:5, Interesting)

      by WillAdams ( 45638 ) on Wednesday December 04, 2013 @11:55AM (#45595659) Homepage

      Financial penalties should be proportional:

        - how many others participated in this DDOS? divide by that number
        - how long were other machines involved in this? divide by that time
        - how fast was his internet connection in comparison to the others? divide by that

      He admitted to guilt, but it's not fair to hold him completely financially responsible simply because he was the only person they were able to catch and was honest enough to confess.

      • Re:Importance (Score:4, Interesting)

        by Anonymous Coward on Wednesday December 04, 2013 @11:58AM (#45595699)

        Charging the defendants with the cost of 'fixing' their web site is bogus, because they should have had that done in the first place to prevent themselves from being open to attack

        • Re:Importance (Score:5, Insightful)

          by Anonymous Coward on Wednesday December 04, 2013 @12:06PM (#45595843)

          Charging robbers for the cost of replacing doors is bogus, because the home owner should have installed steel vault doors in the first place to prevent themselves from being open to attack.

          • Re:Importance (Score:5, Insightful)

            by halltk1983 ( 855209 ) <> on Wednesday December 04, 2013 @12:11PM (#45595915) Homepage Journal
            Most robbers don't pay to fix the homeowners homes. Nor do they pay for the homeowners to install security systems, or hire a security guard to patrol the premises.
            • Re:Importance (Score:5, Informative)

              by sumdumass ( 711423 ) on Wednesday December 04, 2013 @12:46PM (#45596489) Journal

              Actually they do. Had a meth head that kept breaking into my fathers garage and stealing tools to pawn. Installed some cameras and actually caught some kid about 15 or so doing it. The judge orderd him to pay for the cameras plus all the tools stolen over the 5 or 6 break ins. We sued his parents and got a judgement for $15k in all.this was around 2000 or so. It covered the instalation of the security system, cameras, and time taken off work to rush homr and see what was stolen this time.

      • Re: (Score:3, Insightful)

        by Etherwalk ( 681268 )

        No, it should be higher than that--you have to multiply it enough that it discourages the behavior. That's how legal penalties work, even in a consequentialist rather than retributivist model. That means you have to take into account the probability of getting caught, which is low.

        • Re:Importance (Score:5, Insightful)

          by jedidiah ( 1196 ) on Wednesday December 04, 2013 @12:16PM (#45596009) Homepage

          Even under that model an absurdly high number is still an absurdly high number. He can never repay it. Thus it will never be repaid. The "punitive benefit" of that number is entirely bogus.

          Justice is never served by an unreasonably high number.

          It's far more likely to increase disrespect for the law.

        • Except that wasn't a fine it was a retribution payment. He is being made to pay for 100% of the damages though he probably represented less than a small fraction of a single percentage of the attack. So what happens if they manage to find another one of the perpetrators, does that person get off without any financial penalties because the retribution has already been allocated to another?

      • Re: (Score:3, Insightful)

        So the best way to discourage a DDoS is to say that the more people you involve in the DDoS, the less punishment you should receive for getting caught?

        I can't think of a better way to encourage DDoS participation to be honest.

        I don't know about anybody else, but I think a DDoS is a form of censorship. A website provides information, effectively making it speech. Even if it is speech you disagree with, you should let it be. Personally, I hate communism more than just about anything, but I wouldn't ever encou

    • You are completely right?

      That's why we need snipers in every building, ready to take down anyone who breaks any law!

      You spit a chewing gum on a public street? BAM! HEADSHOT!

    • by geogob ( 569250 )

      You killed one person or 800'000, you did it, you're guilty of genocide.

      Examples following this lead can be pushed to the absurd... it only shows how this is absurd as well.

    • by Bengie ( 1121981 )
      The CO2 you emit is only killing the world a little bit, so you must be charged with mass genocide. There is a difference between a little and a lot.
    • Re:Importance (Score:5, Interesting)

      by sumdumass ( 711423 ) on Wednesday December 04, 2013 @12:36PM (#45596359) Journal

      I don't know why you were modded down. In my home town, as a prank arouns graduation, the seniors would dump liquid soap in a fountain so it would bubble all over the place. It was visible on the main drag. Another aspect was putting that art celulous over the lights illuminating it to match the school colors (blue and gold). It took about 50 graduates in order to do it without getting picked up by the cameras. One year, they put sensors in the foutain that went off when the soap changed the ph levels enough alerting the city to what was happening. Out of about 100 students that participated 6 where caught- 4 who hadn't even dumped the soap yet and they had to pay for the entiee security theator that ensued for a midemeanor act of mischief. The sad part is that this had happened for so long, everyone thought the city was in on it and we just needed to watch out for the caretaker who would be upset because he had to clean it later.

      I learned then that you aren't 2% guilty. If you participate, you are 100% liable and that liability includes what they spent in response to your actions. This was back in the late 80s early 90s. Nothing new with this kid outside of what was vandalized.

  • These people (Score:5, Interesting)

    by i kan reed ( 749298 ) on Wednesday December 04, 2013 @11:53AM (#45595615) Homepage Journal

    These people need to learn what actual violence against them and their property is, so that proportionate responses have value.

    If your entire life is going to be ruined for any sort of protest, the natural incentive is to go in for intimidation, murder, arson, whatever to make their lives really hell instead.

    • Not that I'm endorsing DDOSing, just reacting to disproportionate responses.

    • Actual Violence (Score:4, Insightful)

      by SuperKendall ( 25149 ) on Wednesday December 04, 2013 @12:10PM (#45595899)

      These people need to learn what actual violence against them and their property is

      Then you get to learn what ACTUAL violence is, either buy police officer or prison inmate.

      Let me know when you want off the not-so-merry-go-round.

      If your entire life is going to be ruined for any sort of protest, the natural incentive is to go...

      Except that property damage is not protest.

      Actions that will ruin my entire life do not "incent" me to act worse, they in fact very much incent me not to ruin my life. It is possible to protest without damaging anyone or anything, a fact that seems lost on many groups these days.

      • How much does "police officer or prison inmate" cost?

      • Re:Actual Violence (Score:5, Insightful)

        by Hatta ( 162192 ) on Wednesday December 04, 2013 @12:24PM (#45596121) Journal

        Then you get to learn what ACTUAL violence is, either buy police officer or prison inmate.

        His point is that this fellow is learning what ACTUAL violence is, by police officer and prison inmate, for doing nothing more than sending TCP packets.

        Except that property damage is not protest.

        Two things: A DDOS is not property damage. And are you claiming the Boston Tea Party [] was not a protest?

        It is possible to protest without damaging anyone or anything

        It's not possible to effectively protest anything in todays America. You can have your say all you want inside free speech zones, but you'll never be heard. What good is a phone call if you are unable to speak?

      • Okay, I got the sarcastic spelling quibble out of my system. Let me reply a little more seriously to something you said.

        Actions that will ruin my entire life do not "incent" me to act worse, they in fact very much incent me not to ruin my life

        And yet evidence clearly shows people do it anyways. If the consequences are dramatic either way, what really holds them back?

  • by Anonymous Coward

    Doesn't matter if it was for one minute, one hour or one day. You did the crime, you do the crime. If you rape a woman for one minute, you get sentenced for the same as if you raped her for ten minutes.

    This is a stupid and dumb angle to take slashdot. You should be utterly and completely ashamed to even articulate this.

  • What about that curl-loader test I did that lasted for two hours?

    Oh wait, that was at my job. Never mind, carry on...

  • Then wasn't his real crime admitting to being involved? After all, until that point, it could have been someone else using his internet, or spoofing his IP, or that his computer had been compromised and made part of a botnet, etc. And it would seem obvious that the effect on the site would have been no different had he done nothing whatsoever.
  • by SuperKendall ( 25149 ) on Wednesday December 04, 2013 @11:55AM (#45595655)

    Knowingly trying to bring down web sites is a crime. Should we also not arrest people if they only throw one brick through a store window but do not take anything? Should we also not arrest people who kick someone only once when lying on the ground?

    A crime is a crime, and the act of committing a crime takes only the moment you decide you are going to commit it. The duration of the actual crime hardly matters when compared to intent.

    Also, consider the fact that the minute is only the point they could prove what he did, if he was willing to aid in DDOS attacks who knows how many other people he helped attack in the past?

    • by rich_hudds ( 1360617 ) on Wednesday December 04, 2013 @11:58AM (#45595697)
      You don't get fined $183,000 for throwing a brick through a window though.

      It's supposed to be a justice system, and that fine is clearly unjust.
    • by harvestsun ( 2948641 ) on Wednesday December 04, 2013 @11:59AM (#45595715)
      Yes, we should arrest people that throw a brick through a window. But we should fine them the price of the window, not the price of hiring an elite security team to protect the window from future brick attacks.
      • by Shados ( 741919 )

        So every time I break a window, the worse thing that can happen, in the very unlikely event that I get caught, is that I pay to replace the window? Hell, even if you tack on 300% punitive damage, the odds of me getting caught is so damn low, I probably can break the entire city's windows.

        Since when I finally do get caught, they probably won't be able to prove it was me who did all the others (its not the most uncommon of crimes)... so I break 1000 windows, and, including punitive damage, I'm only on the hoo

        • by jedidiah ( 1196 )

          > So every time I break a window, the worse thing that can happen, in the very unlikely event that I get caught, is that I pay to replace the window?

          Pretty much. This is a very basic and OLD legal principle.

          It's BIBLICAL even.

          You know... all of that "eye for an eye" stuff. It's not just about poking people's eyes out.

          But we all know that there's a blatant double standard here. Tort reform for the rich, crime and punishment for the poor.

      • by SuperKendall ( 25149 ) on Wednesday December 04, 2013 @12:17PM (#45596017)

        First of all, you'll note I am mainly referring to the comment that the 'worst part" is that he only participated for a minute. You seem to be arguing the worst part is the fine.

        I partly agree, however I would also say that computers allow us to magnify actions beyond what we can do physically - just as we can send a message to millions via computer, we can also easily do millions of dollars in damage via computer to. I can't say what the right fine would be but it's probably not proportional to what someone would think one persons fine should be...

      • by TheCarp ( 96830 )

        Exactly. The price of fixing the window is the price the malcontent causes them. The extra security and upgrades to the window to deal with future bricks is.... their choice. I mean, if I destroy your dodge neon. Its perfectly fair to say I need to to pay you its replacement value; and probably more if it was malicious; Its replacement value is not the cost of the Ferrari you decided you wanted to upgrade to since you had to get a new car anyway.

      • by DarkOx ( 621550 ) on Wednesday December 04, 2013 @12:32PM (#45596261) Journal

        Two things should happen when you toss a brick through a store window. First the owner or perhaps the state on the owners behalf should initiate a civil proceeding against you where minimally upon being found liable be compelled to pay the full replacement and installation costs of a new window. Additional you might reasonably be expected to compensate the owner for the temporary loss of use of his property while the windows is being repaired. You must compensate for the harm to the owners property.

        Then a criminal charges should be brought against you because its not in societies interest to have people thinking they can go around and break windows. Given throwing bricks through plate glass in public places has a high probability of injuring others that penalty too should be not insignificant. When its all said and does committing a senseless destructive act of vandalism like that should set you back a few thousand dollars; in the interest of justice.

        Now lets think about the DDOS attack. Its vandalism pretty similar; but unless you are DDOS a hospital, public utility, or some government sites and similar there is basically no probability of anyone getting hurt as a direct consequence. So if anything the harm is automatically much lower. Unlike the window your computer is still perfectly fine once the DDOS is over and done with. So we are really down to society wanting to discourage vandalism and the short term loss of the use of property. Seems to me the penalty might be tied to the revenue the site nominally generates during the period for the owners and a little wrist for society to remind you not to be a prick.

        183K is way out of line for 60 of participation in a DDOS, even if your hitting a site like Amazon.

    • by Ian Grant ( 3082979 ) on Wednesday December 04, 2013 @12:01PM (#45595751)
      Proportionality is important, too. His punishment was wildly out of proportion to the offense.
      • by jedidiah ( 1196 )

        The real problem is that he's likely never going to be able to repay it. This fine is a fiction. Such fiction undermines the law and respect for same.

        Something sane that this person could actually pay would have been much more meaningful in terms of law and order.

    • And if 8,000 people threw the brick, don't charge each person with the entire cost. He's guilty and should be charged, but the punishment is not proportional to the crime.
    • Yes, a crime is a crime, but if we are going to build analogies with real world crimes they should at least be correct.

      Obviously many DDOS attacks are not carried out by volunteers. They are instead vast hijacked zombie farms under the control a few people. In those cases the term "attack" makes more sense. From my understanding this DDOS attack was carried out by volunteers though. It should really be considered a protest.

      What if this guy was part of a real world flash mob that formed in front of a Koch's

  • by ikedasquid ( 1177957 ) on Wednesday December 04, 2013 @11:56AM (#45595663)
    and the MPAA issues a successful DMCA takedown (automated) for something they do not own the rights to....nothing happens.
  • But your honor! (Score:4, Interesting)

    by tacroy ( 813477 ) on Wednesday December 04, 2013 @11:57AM (#45595675)
    But your honor, I only pulled the trigger for 1 second, 2 tops! While the fine seems FREAKING large I can appreciate that it was tied directly too a purpose. i.e. the amount paid to hire someone to secure the site. But I feel attaching it to the actual value lost (5k) would have been more fair, maybe with a bit extra to be punitive? I imagine that if they caught more people the fine would have been spread out among them? But I don't understand why intent to do harm would in any way be lessened because "I only did the bad thing for a short period of time."
  • by jellomizer ( 103300 ) on Wednesday December 04, 2013 @11:58AM (#45595705)

    1. It is ineffective. The Koch brothers stance that there is some Liberal Conspiracy going on, hacking them and creating a DOS only proves their paranoia, and only makes them more resolved to continue.

    2. It could hurt the wrong people. Are you hitting only their data center, or is that data center shared with other organizations as well. I had a job at a placed that hosted Electronic medical records. We had an external hosting site... They also hosted a big evil bank. They DOS the Bank but they also DOS thousands of doctors EMR systems. Granted we had a backup route, but that may not be the case.

    3. You put your views on the moral low ground. Are your point so week and irrational that you need to jump into a technological bulling to get your point across.

  • Follow the rules (Score:3, Insightful)

    by mtrachtenberg ( 67780 ) on Wednesday December 04, 2013 @12:06PM (#45595837) Homepage

    The rules of modern day America are pretty simple. You have liberty to do whatever you like, but DON'T FUCK WITH THE OWNERS.

  • ... for offending our rich libertarian overlords.

    Bow down before your masters, peon.

  • We DDOS web sites all the time here and it's usually for more than 1 minute.
  • "An law school professor and former criminal defense attorney tells you why you should never agree to be interviewed by the police. " []

    It is an old clip and I've never been to sure about the UK use of this information regarding the Silence gives consent maxim of common law.
  • by xxxJonBoyxxx ( 565205 ) on Wednesday December 04, 2013 @12:20PM (#45596083)

    Remember when people burned the books and pamphlets of their political opponents? How well did that work?

    If you're annoyed at someone, please don't (D)DOS their site - it just strengthens their point and conviction.

  • by Zontar_Thing_From_Ve ( 949321 ) on Wednesday December 04, 2013 @01:21PM (#45596965)
    I'm American, so I speak from experience. The US legal system allows punitive damages. Eric Rosol didn't have to actually go to jail - that was the fair part of the sentence. But US verdicts with insane monetary awards are not unusual. There's the infamous "McDonald's coffee" case which eventually got settled out of court for a never disclosed amount after a jury awarded what almost everybody in the US considered an unreasonable and probably insane amount of money in punitive damages. Jammie Thomas, the last person you'd ever want to fight the RIAA, has gotten a series of shocking judgements against her, far in excess of any real damage that was done by her. I served on a jury once that awarded punitive damages and they're meant to send a lesson to the guilty party and others (this part is key) that there are very real financial costs to certain actions. In this case, the message is clear that people should not do DOS activities or they too may be facing ruinous financial penalties. I haven't followed this case at all, so for all I know like Jammie Thomas, Rosol may be his own worst enemy and perhaps his demeanor in court led to this outcome. Juries really don't like arrogant defendants who insist that they did nothing wrong when the jury feels otherwise. I can tell you from experience that the vast majority of jurors are non-techies and some are actually tech hostile. These kinds of people also get easily swayed by prosecutor arguments that some great evil just happened that must be prevented in the future because they don't really understand what happened. Juries also sometimes get this subgroup of people (roughly 10% of the population by my estimation) who see the entire world in black and white and are obsessed with punishing rule breakers as they see them. These are the people who want draconian punishments for trivial offenses (ie. they'd support the death penalty for people who let a parking meter expire as "That will teach them not do that again!"). Sometimes on juries they are adamant that the "evil doer" has to get a very harsh sentence and if the other jurors really don't care, want to go home, and agree at least that the defendant really is guilty, the other jurors will just agree to large punitive damages so they can get on with their lives. It's difficult to get punitive damages reduced and there's no incentive in the US system for juries to really find a fair verdict. The system just wants them to all agree on the verdict and if 11 people give in to 1 stubborn crazy person, the US system accepts this as the cost for how the system works. The prevailing dogma that gets drilled into all law students and the American public in general is that the US jury system is the greatest of all possible systems and is the cornerstone of our democracy, so nobody on the legal side dares to question whether it really works as it is supposed to or not.

They are called computers simply because computation is the only significant job that has so far been given to them.