Forgot your password?
typodupeerror
Botnet Crime Security IT

Four Years Jail For Bredolab Botnet Author 47

Posted by samzenpus
from the do-not-pass-go dept.
angry tapir writes "The creator of the Bredolab malware has received a four-year prison sentence in Armenia for using his botnet to launch DDoS attacks that damaged multiple computer systems owned by private individuals and organizations. G. Avanesov was sentenced by the Court of First Instance of Armenia's Arabkir and Kanaker-Zeytun administrative districts for offenses under Part 3 of the Article 253 of the country's Criminal Code — intentionally causing damage to a computer system with severe consequences."
This discussion has been archived. No new comments can be posted.

Four Years Jail For Bredolab Botnet Author

Comments Filter:
  • by buchner.johannes (1139593) on Thursday May 24, 2012 @05:58AM (#40098067) Homepage Journal

    for the staff in charge of security? (Since there was damage to multiple computer systems, not just unavailability)

    • by gweihir (88907) on Thursday May 24, 2012 @06:32AM (#40098167)

      Nothing. After all, even if you have glass windows, if somebody throws a stone at them you do not share responsibility. Vandalism (and that is what was effectively done) is always 100% the fault of the vandal.

      Now, having inadequate security is something else. But the respective laws are still in their infancy.

      • Re: (Score:1, Interesting)

        by Alex Belits (437) *

        If it was possible to prevent glass windows from being broken by properly maintaining them, having a window broken would indicate professional neglect (what translated into various crimes and civil actions for at least some professions).

        There is no excuse for having an insecure system operating in an insecure manner while there are cheaper ways of having a secure system operating in a secure manner. Just because Microsoft taught people to accept glaring flaws and deficiencies as facts of life, doesn't mean

        • by Anonymous Coward on Thursday May 24, 2012 @07:15AM (#40098303)

          Let me give you a more valid window glass analogy. If you had invested in better glass, the kids rock would not have smashed your window.

          Plus we're talking about DDoS here. That is not trivial to protect against. Your jab at Microsoft is silly.

          • by mcgrew (92797) *

            Your jab at Microsoft is silly.

            No, he raises a good point. Way too many people just shrug and say "you can't write a bug-free program". It's like being brought up in a leaky shack, you'll have the attitude that a poorly constructed shack is "just the way it is." Without all those poorly constructed shacks, and all the people using them who have the attitude "there's nothing we can do about it" DDoSes would be much harder to pull off id Windows wasn't so easy to break into. Remember, the botnet is made up of

        • by flonker (526111) on Thursday May 24, 2012 @08:14AM (#40098547)

          How would you "secure" a system against a DDoS? The only solution is to throw money at the problem. Yes, you can mitigate to some degree, but the numbers get very big very fast regardless.

          Quick google turns up "DDoS attack size broke 100 Gbps for first time" from Feb 2011. The only way to prevent 100 Gbps of traffic from drowning your site is to have *significantly* more than 100 Gbps of bandwidth available to you, or to hire someone who does. And even then, someone must pay for that bandwidth.

          Another hurdle to overcome is if someone is attacking your application layer, you have to throw CPU cycles (and possibly RAM) at the problem to solve it. If you assume a typical HTTP request of 1k, handling or filtering 100M (or even 1M @ 1Gbps) http requests per second is going to require some hefty hardware. A quick google gives the number 3k requests per second for a typical apache server serving blank pages. You would need 300 web servers to handle 1M requests, and 30,000 to handle 100M requests. Numbers are just ballpark figures, and may be off by an order of magnitude or two, but you get the idea.

          In short, protecting against a DDoS is hardly professional neglect. It's a financial decision. Even if you hire someone else to handle it for you, someone eventually pays the price.

          • by gweihir (88907)

            Indeed. Easy DDoS is a consequence of the design of the Internet. Defense is expensive, but entirely possible. Just talk to Akamai, they can tolerate basically anything that can be thrown at them with only local outages.

            That said, even if the target could easily tolerate the DDoS done, the criminal doing it should still be punished.

        • by gweihir (88907)

          That is nonsense. It is possible to have unbreakable windows, but it is generally recognized that properly designed windows break only due to accidents or malicious intent. Liability comes into play for example for windows that break too easily, or, for car-glass, windows that break into large shards.

          Now, what exactly the standards are that are acceptable in IT security is still in flux, but just because an attack was easy does not make the action of attacking any less malicious. Well, maybe lower in crimin

        • If it was possible to prevent glass windows from being broken by properly maintaining them, having a window broken would indicate professional neglect (what translated into various crimes and civil actions for at least some professions).

          There is no excuse for having an insecure system operating in an insecure manner while there are cheaper ways of having a secure system operating in a secure manner. Just because Microsoft taught people to accept glaring flaws and deficiencies as facts of life, doesn't mean that there should be no responsibility for having them.

          I take it you never had to work for enterprise customers before? Try supporting 300 apps in 10 countries with different configurations for each tree in the forest on the AD? Now imagine a single piece of software in that configuration that requires all XP SP 2 desktops to have time frozen on March 2008 on a Tuesday or else megaCrap wont support the product?

          You have over 120 updates for Windows 7 according to my desktop which includes the early 2009 version of Windows 7 if I rebuild it to make it modern to 2

  • Spam Flood (Score:4, Interesting)

    by MRe_nl (306212) on Thursday May 24, 2012 @08:14AM (#40098545)

    "Never in the history of Slashdot have so many spam posts been posted by so few in such a short time".

    Winston Smith.

    (Perhaps triggered by "botnet author" in the articles title?)

  • by nurb432 (527695) on Thursday May 24, 2012 @09:28AM (#40098991) Homepage Journal

    How does one *damage* a system via a DoS?

    Sure, it's uncool and he needs to be in jail, but propagation of false concepts is just as dangerous, if not more...

    ( reminds me of the 'copyright infringement is theft' propaganda )

    • by Mashiki (184564)

      By making it shit electrons all over itself. I hear that's quite a mess.

    • by tehcyder (746570)

      How does one *damage* a system via a DoS?

      Sure, it's uncool and he needs to be in jail, but propagation of false concepts is just as dangerous, if not more...

      If my entire system becomes unusable because some fuckwits are DoSing it, then it has been damaged..If it is a business, there will be direct, real monetary losses You are just thinking about physical damage to the hardware, which is irrelevant.

      ( reminds me of the 'copyright infringement is theft' propaganda )

      It reminds me of a drooling retard with a one track mind, but hey ho.

  • by Zontar_Thing_From_Ve (949321) on Thursday May 24, 2012 @10:44AM (#40099653)
    I am not claiming to personally be the greatest expert on Slashdot of the ex-USSR. However, I do speak Russian reasonably well and I have traveled in the ex-USSR so I do think it's fair to say that I'm more familiar with the CIS countries and the people that live there than most people. I admit to being a bit puzzled to read that Armenia jailed someone. Armenia is seemingly uninterested in joining NATO and the EU and as far as I know they get along pretty well with Mother Russia. Outside of the Baltic Countries (Estonia, Lithuania, Latvia) who are fully integrated into the EU and NATO, laws are weak and corruption is high. I was wondering "Why would Armenia bother to prosecute this guy and jail him, given that in the past the entire CIS has basically never been interested in such?". There doesn't seem to be any political reason (ie. no sucking up to the EU or NATO) at work here. Surely this guy would have been smart enough to just bribe his way out of trouble. Then I noticed this in the article:

    One of the attacks that Avanesov was found guilty of instrumenting took place on Oct. 1, 2010, and targeted a Russian telecommunication company called Macomnet.

    Ah. He foolishly attacked Mother Russia. Now I understand why he was convicted.
  • That's right, you give him four years of free room and board, three square meals a day, free access to health and dental and psychiatric care. That'll show him who's boss.

Are we running light with overbyte?

Working...