Forgot your password?
typodupeerror
The Courts Government The Internet News

British Teen Cleared in "E-mail Bomb" Case 155

Posted by samzenpus
from the whatever-I-do-what-I-want dept.
legaleagll writes "According to this article , a British Judge has ruled that a teen who sent approximately 5,000,000 e-mails to his former employer was not in violation of the U.K.'s Computer Misuse Act. It appears that the Computer Misuse Act is a bit outdated being that it was created 15 years ago when a number, perhaps most, of the current methods for misuse of computers were not contemplated."
This discussion has been archived. No new comments can be posted.

British Teen Cleared in "E-mail Bomb" Case

Comments Filter:
  • 'editors' heh (Score:3, Informative)

    by Neil Blender (555885) <neilblender@gmail.com> on Thursday November 03, 2005 @12:42AM (#13938546)
    Summary says 3 million, the article clearly, even hyperlinked so it's highlighted, says 5 million.
  • by Anonymous Coward on Thursday November 03, 2005 @01:10AM (#13938652)
    And then it spawns more and more processes to process the mail, eating up ram, at which point any other services on the box may be overloaded and deprived of resources.

    The default configuration of sendmail and many other common MTAs is to delay and stop accepting email to prevent exactly that.
  • by CyricZ (887944) on Thursday November 03, 2005 @01:24AM (#13938715)
    There are numerous ways to limit the excessive resource misallocation you mention. Again, any half decent mail server can do that, as can any half decent operating system.

    And a thrashing server is not a crashed server by any means. If it's running a decent operating system (most UNIX-like systems, for instance), it should be working just fine within a short amount of time. Yes, it may not be the most responsive system for a little while, but it sure hasn't crashed.

  • Re:spam (Score:3, Informative)

    by sr180 (700526) on Thursday November 03, 2005 @02:02AM (#13938868) Journal
    He had a previous relationship with the company concerned, them being his employer, so it could not be classified as spam.
  • by Fulcrum of Evil (560260) on Thursday November 03, 2005 @02:38AM (#13939001)

    And then it spawns more and more processes to process the mail, eating up ram, at which point any other services on the box may be overloaded and deprived of resources.

    No, the mail server is a dedicated box, and thee are limits to how many processes it will spawn. What it will do is queue a bunch of messages and work through the backlog. I can build a $3k box (plus the cost of a storage array if needed) that will handle a 20Mbit stream of mail all day long. This isn't rocket science.

  • by WIAKywbfatw (307557) on Thursday November 03, 2005 @03:41AM (#13939176) Journal
    Let's see, small 5-man company with basic ISDN (128Mbit/s) or ADSL (512Mbit/s)internet access used for everything including email, web access, etc that has no dedicated IT professional and whose business grinds to a halt because they can't do anything while their server is heavily attacked.

    Don't assume that everyone has full-time IT professionals to hand. Also, don't assume that the messages were small: they could have been 10KB each, but they could easily have been 2MB each, 2,000 times larger than your guess.

    Also remember that the crime in question took place at least two years ago, when internet access would have been slower, disk space would have been more expensive, etc, etc. The average business today has better resources now than would have been available then, at least from a bang-per-buck point of view, if nothing else.

    Of course, if you're implementing IT strategy for a large corporation then DOS contingency planning will be part of your job description, but if you're running a small company, one where the guy who looks after the PCs is the same guy who puts out the rubbish at the end of the day, then DOS attacks probably won't be on your radar.
  • by Fulcrum of Evil (560260) on Thursday November 03, 2005 @04:11AM (#13939251)

    See, there are other people in the world than yourself. And, while it's not hard to put together a Linux/sendmail server that can handle a 20 Mb stream, building one that also runs, oh, say, a web server, WebDAV, SQL, and a few other services useful to a small business may lead you to places where it's not true anymore.

    Anybody that runs production hardware like that deserves what they get. There are serious security problems with running all-in-one solutions; if your needs are really so small, get a site-hosting arrangement for $25/mo. I was referring to any company large enough to run their own stuff.

    And, since SCSI drives are expensive, you'll typically see a smaller (maybe 20 GB) drive on it on your small business, entry level server that's a year or two old.

    If it's entry level, then it's probably IDE, and 80GB is easy for a small server 1.5 years old. Sorry, but your numbers aren't really credible.

    Plus, your "20 Mb stream" server doesn't take into account anything at all resource-intensive, such as SpamAssassin, anti-virus, greylisting, or most of the other, processor-intensive functions now in common use. In reality, your baseline "20 Mb stream" server only proves that a modern SCSI drive can read/write data at a rate greater than 20 Mbps.

    Any modern disk can do 20Mb/sec. SCSI is no longer necessary for much aside from SAN apps. Regardless of the tasks performed, my point was that no properly configured server should choke on mail. This is a solved problem.

  • Re:'editors' heh (Score:4, Informative)

    by Tim C (15259) on Thursday November 03, 2005 @04:32AM (#13939325)
    I thought it had been established long ago that the slashdot editors don't edit as such, they just approve and reject stories. No checking for factual accuracy, grammar, spelling, or any other things real editors would do is performed - it's even in the FAQ.

    That said, that was fine when this was a hobbyist site; it's somewhat irksome now that it's a commercial venture. Not that I pay anything for it, other than the time spent frequenting and contributing of course...
  • by ultranova (717540) on Thursday November 03, 2005 @05:56AM (#13939589)

    For all you know, the company concerned might have no more than a handful of employees, so a mail server capable of handling 5 million emails in a short space of time would be totally inappropriate.

    When a mail server gets messages faster than it can handle them, the proper thing to do is store the extra messages to a queue and handle them when it has time. When the queue gets full, or the server is getting messages faster than it can put them to the queue, the proper thing to do is to start refusing connections. Simply eating more and more resources - by allocating more and more memory, by starting more and more subprocesses or threads, by opening more and more files or network connections, or by using more and more diskspace for the queue or temporary files - until the computer runs out and then crashing is never the proper thing to do.

    A server that crashes under load is simply buggy. Not small-scale, not only suitable for small companies, but just plain buggy and unsuitable for anything.

    In short, if this server was incapable of handling 5 million messages in a short period of time, then it should only have accepted as many as it can handle and rejected the rest.

  • Let's see - 5M messages at 10k each = 50GB. If it were a small company, they may have only had a 1.5Mb line, so that 50GB would take about 50GB/150K/3600 = 92 hours to complete. Any mail server can handle that, and any competent admin should be able to block the messages within four days!

    If, on the other hand, they have a 10 megabit line (possibly shared with other companies in the building), it would only take about 4 hours to fill a 20GB hard disk (i.e. overnight -- even for a 60GB drive) -- which isn't unreasonable for a small company with a 4 year old server that's been serving them fine (with only software updates needed).

    50 Gig worth of email would also make the server useless for most users of the system... If you've got 200,000 emails in your mailbox, it could take your email program a few hours to download, store and index before it shows you a screen. Even if the email server actually survived, it would look like it was down when nobody managed to open their email box after 1/2 hour of waiting.

    And, of course, with 20 users each trying to index a mailbox with 1/4million emails, the server is going to thrash itself into oblivion -- making the process take even longer.

    Even for a small to medium company (or division) with a reasonably well set-up email server, 5 million unexpected emails are likely to turn most reasonable email servers into an unusable pig for the next couple of days.

    That's not to say that I couldn't build a server that could eat 5 million emails, burp and wait for more, but I'd have a hard time justifying building it for most small - to -medium size businesses with mimimal email requirements.

    And, it's not just large businesses that will hire a kid for work experience. Sometimes a company with 10-20 workers will hire a summer or work experience student out of a sense of community comittment and/or to get a bit of extra work done for cheap.

Facts are stubborn, but statistics are more pliable.

Working...