
Charges And Pleas In Computer Crime Cases Involving Significant Cyber Attacks - meri_dian
https://www.justice.gov/usao-nj/pr/justice-department-announces-charges-and-guilty-pleas-three-computer-crime-cases
======
nick_g
An unfortunate reason to see a former university classmate of mine in the
news. It always feels strange to see this story come up every so often. I was
never a friend of Jha's, nor was I every really close to him, but I remember
him exactly as his attorney described him: "Paras Jha is a brilliant young man
whose intellect and technical skills far exceeded his emotional maturity." Jha
was not the only former classmate of mine whom I felt lacked emotional
maturity, and it is harrowing to imagine how a command of technology can give
anyone the power to do something like this if he chose.

Jha intentionally used his skills to inconvenience those around him and he was
able to do a great deal of harm to the world at large. While technology makes
us better suited to solve problems and help those less fortunate, it also
amplifies an individual's ability to do harm.

Intentional malice aside, all of us have the ability to greatly effect the
world around us. It is imperative that we consider the impact of our actions.
While I was a student at Rutgers, there was no mandatory ethics class for
computer science, nor do I remember a class on ethics for computer scientists
being offered.

~~~
pishpash
If the department had been in the School of Engineering, pretty sure there
would have been a mandatory ethics class.

~~~
swiley
I've been told the administration at my university plans to move the compsci
department out of the engineering department and in to the business school. I
really haven't heard any pro to that yet other than "it makes the business
people happy and there are more of them."

------
drefanzor
They should have thanked Brian Krebs, though. To be honest. Didn't he call out
Jha long before anyone else knew?

~~~
meri_dian
He did, in this article published in January 2017:
[https://krebsonsecurity.com/2017/01/who-is-anna-senpai-
the-m...](https://krebsonsecurity.com/2017/01/who-is-anna-senpai-the-mirai-
worm-author/)

It's a great read.

~~~
Sniffnoy
Interestingly, in addition to Paras Jha and Josiah White, the justice
department's announcment mentions a guilty plea from Dalton Norman, who isn't
mentioned in Krebs's article. I wonder what the story there is?

~~~
foota
It's buried in the wired article, they found zero days to use to infect hosts.

~~~
Sniffnoy
Sorry, what Wired article is that?

~~~
kibwen
"How a Dorm Room Minecraft Scam Brought Down the Internet"
[https://www.wired.com/story/mirai-botnet-minecraft-scam-
brou...](https://www.wired.com/story/mirai-botnet-minecraft-scam-brought-down-
the-internet/?mbid=social_twitter)

~~~
Sniffnoy
Thanks!

------
drefanzor
Last few lines state how assistance was provided by various regional and
international agencies, and then goes on to list google, coinbase, cloudflare,
etc. Interesting.

~~~
paxy
Coinbase is the surprising one to me, since it is the only one on the list
that operates at the application rather than network level. And there's no
mention of bitcoin theft anywhere in the report, just DDOS.

~~~
sophacles
Bitcoin payments in DDOS for hire, or extortion (as in we'll stop if you pay
us). If they cashed out via coinbase, the authorities can find out who
profited via the paper trail created.

------
dmix
It said he got fined $250k for damages his hack caused...Ive always been
curious how these fines work. Will he be paying that back after he’s out of
jail and employed? Does he have a monthly payment depending on his income? Or
can the equivalent be worked out in some type of community service or more
jail time?

I ask because the guy is only 21 and now a felon...

~~~
slededit
They can garnish his wages after a small livable wage is achieved. Basically
it will be almost impossible to ever get out of subsistence living. With his
skill he may actually have a chance after a decade or two.

~~~
dmix
Wow, the implications of that are quite interesting. The effects of his
sentencing can technically last for decades after he is out of jail. Funny how
you never hear much about that in these trials...

But agreed being a convicted hacker won’t prevent him from being employed.
Even by the government...

~~~
fapjacks
After an incident in my teens in the 90s, I've thought about this at length.
The only conclusion I ever seem to draw is one of more criminal activity. Yes,
I can hear the inbound downvotes, but I'm just being intellectually honest.
How can we expect this kid to reform if we ensure he'll be living without any
kind of reward for decades to come? Seems like some jail time would be much
more productive. A $250k fine is a 10-20 year sentence of subsistence living.
That's probably the worst way to try and give someone the "right" moral
compass. The chances we'll reform someone are slim, compared to getting
someone jaded by the sentence and incentivized to commit more crime just to
get ahead. We won't be rehabilitating this guy with a fine like that.

~~~
meri_dian
It's not about him though. It's about signaling to everyone else that these
crimes are taken seriously and will not be tolerated.

~~~
intralizee
It's not ethical to use a human life for that message.

~~~
SamReidHughes
Do you mean it's not moral? Because that's what would make it bad.

I'd say it's morally wrong _not_ to do so. Part of moral governance is to
protect people from bad guys.

~~~
intralizee
I believe both are the case.

------
alexschnapp
I personally know Paras. Brilliant guy, really fun to hang out with, and
learned a lot of technical knowledge from him. He was my go-to guy (like a lot
of other people in the class) to help me fix the programming problems that I
can't fix quickly.

I think he hacked the school for the lolz.I dont think he even thought it
would be this serious when he did it, with feds and possibly jail time. He
probably just wanted to see what he could do.

Even finding out about his involvement in Mirai today, it still doesnt change
what I think about his character, or his ethics. Knowing this now, I think
he'll become very successful very soon.

~~~
tedivm
That's horribly disappointing. The man hacked thousands of devices and used
them to launch DDoSes. He attacked competing minecraft services to steal
customers and generate a profit. His botnet was also used to attack Brian
Krebs (security researcher) and Dyn.

This isn't up for despute- although Paras originally denied involvement in the
botnet this plea agreement and his confession prove that he is both a liar and
a criminal.

He may end up being a successful person in the long wrong, but that doesn't
make him an ethical person.

~~~
alexschnapp
Yeah he hacked minecraft services to generate a profit when he was 19 or 20, I
wish I could do that when I was 19. I dont think I would have known better at
the time either.

He's as responsible of taking down Dyn as Mikhail Kalashnikov is responsible
for all the people killed by the ak-47. He simply open sourced a tool for
other people to use however they like.

He took the plea to reduce the sentence and the legal expense.

~~~
russelldc
When you were 19/20, you didn't realize creating a botnet to take down
competing businesses would be illegal?

~~~
alexschnapp
Anyone with a brain would know it's illegal, just like anyone would know
selling weed is illegal unless you own a dispensary, and can get a really
harsh sentence.

~~~
meowface
Sure, but selling weed generally doesn't harm anyone, while sabotaging and
extorting a company directly causes harm to its owners, employees,
shareholders, and customers. Not to mention the harm caused by infecting
millions of people's devices to create the botnet in the first place.

------
pm90
Looks like HN effectively DDOS'd justice.gov

------
pacaro
English grammar and orthography are weird and funky, but given that the title
is summarized anyway, can we change “has plead” to “has pleaded” or “pleads”

~~~
meri_dian
Sure, that sounds better

