

Student who hacked Bill O'Reilly gets 30 months - labboy
http://www.networkworld.com/news/2010/110910-student-who-hacked-bill-oreilly.html

======
hop
2.5 years in jail for a DDoS attack seems disproportionately steep. He made a
few websites temporarily inoperable, sounds more on the level of a bad prank
than a felony with jail time on par with armed robbery.

~~~
poet
According to the charges that were filed [1], the defendant also played a role
in the creation of the botnet used in the attack. In addition to the DDoS
attack there is the issue of accessing machines he was not authorized to. He
pled guilty [2], so I don't think 2.5 years is that surprising.

[1]
[http://www.justice.gov/usao/ohn/news/2010/Mitchell%20Frost%2...](http://www.justice.gov/usao/ohn/news/2010/Mitchell%20Frost%20Information.pdf)

[2] <http://www.ohio.com/news/break_news/95045294.html>

~~~
marcusbooster
Another shining example of our justice system that uses competition to arrive
at an equilibrium. Of course most encounters match up an opponent with
unlimited resources (the state) versus someone with limited means (in this
case a student).

The prosecution seeks the max, in this case 15 years, to persuade the
defendant to plea the case out. His options are to try and defend himself with
no resources (a public defender is worth next to nothing) or make a deal. The
prosecutor and judge get to look "tough on computer crime" which will help
their resume when looking to advance their careers, and the kid gets to have
the end of his 20's. All that is left out is "justice", and by that I mean let
the punishment fit the crime. And now society must carry the debt, both
economically (housing the kid) and socially - will our streets be safer over
the course of his lifetime once he gets churned out of prison.

~~~
poet
I'm familiar with the general arguments you are presenting but they don't hold
up in this situation. This case is clearcut. It is not some poor kid being
beat down by the system. It is a computer criminal being sentenced to a
punishment that fits his crimes. I suggest you read the references I cited
above and take note of the wide array computer crime the defendant was
involved in.

You're also exaggerating. The defendant does get to have the end of his
twenties. He's going to be out of jail when he's 26.

~~~
marcusbooster
I have read it, and he still has a 3 year probation after his prison term.

When they accuse him of "fraudulently obtaining user names and passwords and
stealing personal identification and financial information" - does that mean
he went after this information, or more likely one of the computers in the
botnet happened to have such information residing on it. It's possible he
didn't know of any financial information and they would throw the book at him
anyway just to get the initial charge and work down from there. We all know
there are differences in _computer crime_ , that our legal system isn't able
to make a distinction does not make an argument.

~~~
poet
_Does that mean he went after this information, or more likely one of the
computers in the botnet happened to have such information residing on it. It's
possible he didn't know of any financial information..._

No it is not possible. Had you actually read the above references as you
claimed you would know that after executing a search warrant the FBI found
credit card numbers and SSNs on computers in his dorm room. It's in Section 12
of the FBI document. Sure, maybe that was a result of a chat room he was
logging. Maybe he didn't specifically go after this information himself. But
at the very least he still chose to retain that information on his computer
and at worst he did indeed go after the information himself.

------
bugsy
It's utterly ridiculous and a waste of resources that these sorts of things
are felony criminal prosecutions at all. Putting people in state prison at a
cost of $70,000 a year in housing costs, PLUS the loss of income and other tax
they would have paid plus the loss of their support of family who then goes on
welfare, this should only be reserved for people who are an actual imminent
threat and danger to the community.

Hacking should be something that gets fines only. Let the hacker pay back the
cost of his damage, but there is no reason for taxpayers to bear hundreds of
thousands of dollars in costs to warehouse these guys with actual hardened
criminals whom they will have to make deals with in order to survive in the
pen. Then, when they get out, they owe favors to actual criminal syndicates
which they formerly had no relation to.

Sheesh.

~~~
tptacek
If you broke into a store, stole a raft of credit card numbers from carbons,
and rigged the registers to feed you more of them in the future, common sense
would inform us that you're a criminal. Similarly, if some jackass broke into
a series of automobiles and drove them to a store's parking lot to
inconvenience or cripple its operations, we'd have no trouble conceiving of
the criminal charges that might result from that.

The only difference between those crime and the crime committed here was the
ease with which the Internet allowed it to be committed.

No doubt, the person running the botnet collecting credit card numbers and
launching DDoS attacks didn't _feel_ like a criminal. He felt like a
prankster. But how is that relevant? I say it isn't relevant. At all. The
Internet has a knack for making reality feel unreal. But there is a reality,
and it does not give a shit about your message board posts.

------
privacyguru
The student didn't "hack" O'Reilly's site, he conducted DDoS attacks. Totally
Different.

~~~
tptacek
From a botnet that he set up. It's actually worse than "hacking O'Reilly's
site".

------
da5e
It's ridiculous how easy it is to go to jail in the USA. It doesn't really
solve anything for lower level non-violent crimes. Surely if they can rehab
for drugs, they can rehab for hacking.

------
donspaulding
Elsewhere, Bill O' Reilly was overheard saying, "F#$k it, we'll give him
life!"

------
mattmaroon
Go Zips!

~~~
mattmaroon
Not too many other HNers who went to Akron U I see.

------
privacyguru
Old news from last week.

