SoylentNews is people
SoylentNews
Submitted via IRC for SoyCow1984
Courts Hand Down Hard Jail Time for DDoS — Krebs on Security
Seldom do people responsible for launching crippling cyberattacks face justice, but increasingly courts around the world are making examples of the few who do get busted for such crimes. On Friday, a 34-year-old Connecticut man received a whopping 10-year prison sentence for carrying out distributed denial-of-service (DDoS) attacks against a number of hospitals in 2014. Also last week, a 30-year-old in the United Kingdom was sentenced to 32 months in jail for using an army of hacked devices to crash large portions of Liberia’s Internet access in 2016.
Daniel Kaye, an Israel-U.K. dual citizen, admitted attacking an African phone company in 2016, and to inadvertently knocking out Internet access for much of the country in the process. Kaye launched the attack using a botnet powered by Mirai, a malware strain that enslaves hacked Internet of Things (IoT) devices like poorly-secured Internet routers and Web-based cameras for use in large-scale cyberattacks.
According to court testimony, Kaye was hired in 2015 to attack Lonestar, Liberia's top mobile phone and Internet provider. Kaye pocketed $10,000 for the attack, which was alleged to have been paid for by an individual working for Cellcom, Lonestar's competitor in the region. As reported by Israeli news outlet Haaretz, Kaye testified that the attack was ordered by the CEO of Cellcom Liberia.
In February 2017, authorities in the United Kingdom arrested Kaye and extradited him to Germany to face charges of knocking more than 900,000 Germans offline in a Mirai attack in November 2016. Prosecutors withheld Kaye's full name throughout the trial in Germany, but in July 2017 KrebsOnSecurity published findings that named Kaye as the likely culprit. Kaye ultimately received a suspended sentence for the attack in Germany, and was sent back to the U.K. to face charges there.
The July 2017 KrebsOnSecurity investigation also linked Kaye to the development and sale of a sophisticated piece of spyware named GovRAT, which is documented to have been used in numerous cyber espionage campaigns against governments, financial institutions, defense contractors and more than 100 corporations.
The U.K's National Crime Agency called Kaye perhaps the most significant cyber criminal yet caught in Britain. A report on the trial from the BBC says Kaye wept as he was taken away to jail.
(Score: 3, Interesting) by zocalo on Tuesday February 05 2019, @10:44PM (2 children)
They are, but they can also be much more than that depending on what you are using the network for, and that can absolutely cross the line into physical harm. A hospital - as in the US case - might use it for ordering essential medical supplies, people run telemetry over various forms of VPNs across the Internet the data from which might be used for things like river water levels that generate flood warnings to give one IRL example I'm aware of, and so on. Yeah, you can argue that's a bad idea (and it is), but that doesn't mean people don't do it and fail to have adequate contingency plans, even when they know the risks. Kaye managed to bring down a national ISP; depending on their setup if they were sharing routers for private MPLS networks and Internet (again, a bad idea but far from uncommon, especially for smaller players) that has the potential for even greater harm.
Someone launching a DDoS like these examples, as opposed to knocking a rival gamer offline say, has no real way of knowing exactly what unforseen effects they might have, which makes it rather a reckless thing to do, especially given the potential for life safety issues with the targets. "Reckless" is often used in sentencing to justify a harsher sentence for other crimes, and there's no reason why it can't do so here, especially if there's any actual evidence of potential or actual knock-on effects.
UNIX? They're not even circumcised! Savages!
(Score: 4, Insightful) by bob_super on Tuesday February 05 2019, @11:01PM (1 child)
True, but if I bump into something when improperly parking my car, triggering a chain of events where the improperly parked gas truck plows into a crowd, blows up, and kill hundreds... Oh wait, bad example, US prosecutors will also bypass the chain of actual responsibilities and load it all on the trigger, unless he's rich enough to defend himself.
Point remains, that if someone is running (literally) vital stuff on a non-redundant unreliable system like a public internet connection, it shouldn't get dumped on the moron who triggers a DDoS and deserves a nice visit to a place he won't even want to go again, but not 10 years on my taxes.
(Score: -1, Troll) by Anonymous Coward on Wednesday February 06 2019, @03:02AM
" if someone is running (literally) vital stuff on a non-redundant unreliable system like a public internet connection, it shouldn't get dumped on the moron who triggers a DDoS"
-
What utter bullshit.
Only an idiot would accept your "reasoning". What you wrote is similar to blaming a person who didn't have high security door locks for his house being burglarized.
Seriously, you're a dumb shit. Do not breed, the world does not want or need children from idiots like you.