Mariposa Botnet Authors Unlikely To See Jail Time 163
krebsonsecurity writes "Three Spanish men were arrested last month for allegedly building an international network of more than 12 million hacked PCs that were used for everything from identity theft to spamming. But according to Spanish authorities and security experts who helped unravel the crime ring, the accused may very well never see the inside of a jail cell even if they are ultimately found guilty, due to insufficient cyber-crime legislation in Spain. 'It is almost impossible to be sent to prison for these kinds of crimes in Spain, where prison is mainly for serious crime cases,' said Captain Cesar Lorenzana, deputy head technology crime division of the Spanish Civil Guard. ... Spain is one of nearly three dozen countries that is a signatory to the Council of Europe's cybercrime treaty, but Spanish legislators have not yet ratified the treaty by passing anti-cybercrime laws that would bring its judicial system in line with the treaty's goals."
Re:There SHOULD be existing laws that cover this (Score:5, Informative)
You didn't really undestand the summary. Prison's in Spain are for those who are a physical danger to society. Conning someone out of their money wouldn't land you in jail either, nor would pickpocketing or unnarmed theft. They are non-violent offenders, and there are certainly punishments for those kinds of offenders, it's just that they don't generally involve prison time.
Re:There SHOULD be existing laws that cover this (Score:3, Informative)
That's a poor analogy. They have laws against fraud. The article says it will take longer to gather evidence and proof of wrong-doing to put them in jail, rather than being able to short-cut and just tie them to a bunch of hacked IP addresses to put them in the slammer. If you bash somebody with an object, it's pretty easy to identify the victim and get prints off the object. The article implies that the digital forensics in this instance is hard work.
Maybe a better analogy is gun or knife control. In the US, carrying a gun or knife (I know each State has difference laws, but in general) is legal. If somebody is murdered, you then have to find the weapon, the perpetrator, and circumstantial evidence or witnesses. In the UK we short-cut this and just assume anybody carrying a gun or knife is guilty, either having committed a crime or is about to, and we put them directly in jail if anybody is found in the streets to be carrying one. A botnet, ignoring abusing somebody else's resources, could in theory be used to try and find a cure for cancer. In practice it will probably be used by spammers. So do you ban the tool or punish the ultimate crime? There is no clear cut answer, it is very much influenced by democratic ideals vs police resources.
I personally disagree with either jail time or simply a fine. Many hours of community services, tidying pavements or painting over graffiti, seems a more appropriate punishment.
Phillip.