Catch up on stories from the past week (and beyond) at the Slashdot story archive

 



Forgot your password?
typodupeerror
×
The Courts Crime

Finnish Teen Convicted of 50,000 'Hacks,' Receives Suspended Sentence 108

Bearhouse writes: The BBC reports that Julius Kivimaki was found guilty of 50,700 "instances of aggravated computer break-ins." Court documents state that his attacks affected Harvard University and MIT among others, and involved hijacking emails, blocking traffic to websites, and the theft of credit card details.District Court Judge Wilhelm Norrmann noted that Kivimaki had only been 15 and 16 when he carried out the crimes in 2012 and 2013. Because of this, the court gave him a two-year suspended sentence. Contrast this to the treatment meted out to Aaron Swartz, and the Pirate Bay team.
This discussion has been archived. No new comments can be posted.

Finnish Teen Convicted of 50,000 'Hacks,' Receives Suspended Sentence

Comments Filter:
  • by Virtucon ( 127420 ) on Wednesday July 08, 2015 @12:24PM (#50070471)

    Blame the CFAA for the difference in draconian treatment of computer system abusers in the US; therefore blame congress and the administration for not updating the legislation or deferring prosecution. Sure, there are cyber criminals who deserve to be punished but there's also an increasing number of examples where the CFAA has been applied on incidents that don't even belong in court. If you give prosecutors tools like the CFAA, you can sure bet that they'll leverage them to get the maximum conviction possible.

    • by Anonymous Coward
      https://en.wikipedia.org/wiki/... [wikipedia.org]

      Sociology of law professor Håkan Hyden criticised the exceptionally harsh sentence on both the prison time and large amount of compensation awarded,[61] and some legal analysts expect the punishments to be radically lowered in higher courts.[62]

      • by KGIII ( 973947 )

        This is probably going to sound bad but, frankly, I think it needs saying...

        (The first is not so bad.) TPB court case was drama and, frankly, has nothing to do with the CFAA or anything in the US legal system. Was their political influence? I suspect so but my suspicions do not make it so.

        Swartz did not even get to trial. (My displeasure with my alma mater and the whole situation has been aired before.) He did not make it to trial either. At best we can say that the CFAA was going to be used against him.

        The

    • Some crimes that I'd consider worse got least severe punishment but even that is debatable. If a hacker wrecks 50 000 computers, was there more damage to society than the killing of a human being? Lives are possibly wrecked in different ways which in large enough quantities may equal to more damage than the death of a person. After all the justice system is there to protect society, no one specific member of society. When we imprison a murderer, it isn't for revenge but rather to protect the rest of society

      • There's lots of gray areas in the CFAA and some court rulings have expanded the original meaning of the CFAA. For example, you're authorized to access a system but you then republish copyrighted material. You're not only violating copyright but the content owners right to publication. That means you've not only violated the law criminally but are potentially subject to civil prosecution for damages.

        The EFF has quite a bit of information on the CFAA, I suggest reading it here. [eff.org]

        • See, I don't like that. If someone breaks into your house because you left a window open it's still punishable by law. The punishment may be minor but it's still clear cut. Why is it different with unauthorized computer entry?

          • See, I don't like that. If someone breaks into your house because you left a window open it's still punishable by law. The punishment may be minor but it's still clear cut. Why is it different with unauthorized computer entry?

            Bad analogy. An open PC is not like an open house. Firstly you don't "see" a gate, walls, doors and windows. You "knock" on ports and when they open and say welcome, you go inside. If they open and don't welcome you, you ask for different ports or use different credentials to see what and who welcomes you. Putting yourself on the internet is inviting people to come and visit. Even dense people can learn to understand that. If you don't want anyone to visit, the responsibility is yours to close the (ba

            • An open PC is not like an open house

              You can enter both but you do not have the right to vandalize or steal from it. The only difference in the current state of "internet" is that if you enter a house uninvited the authorities can charge you but they can't online.

              Putting yourself on the internet is inviting people to come and visit.

              I didn't suggest that scanning ports should be punishable. Its no different then your neighbor snooping on you. It's when you make uninvited entry that its a problem. Leaving your front door open doesn't suggest strangers should just come in. Put an open house sign and all of a sudden

      • by Anonymous Coward

        If you kill a person on purpose vs. You kill a person by accident, you cause the same amount of damage so should you get the same penalty?

      • by AmiMoJo ( 196126 )

        It depends how 50,000 computers were damaged. If you built a 50 story building but due to a design flaw a truck losing control and hitting the base caused the whole thing to collapse, would you hold the truck driver entirely responsible? The law usually recognizes intent too. There was a case recently in the UK were the local government wasted £8,000 pursuing someone for dropping and then picking up and disposing of a 10mm square bit of orange peel, and lost because it was clear that the person

        • Ok, but you understand that infiltrating a computer in itself should be an offence right? At least I believe it should be if you weren't authorized to do so.

          It's also the reason I asked the question. Is the punishment fitting for the actual damages. If the damages to the 50 000 computers results in 1000 employees losing their job and then a percentage going through depression and hard times feeding their family was it not vile enough to justify a 10-20 year sentence? Is there a $$ figure of damage measurab

          • Ok, but you understand that infiltrating a computer in itself should be an offence right? At least I believe it should be if you weren't authorized to do so.

            Nope, wrong. If a machine is connected to the internet, the implication is that the owner wants people to connect to it. If a port is open, the implication is that people can connect to it. Many of these cases are not cases when people hack into a system by brute force, but rather where someone find an open port or other door and simply enters. There are no "don't enter" signs on tcp/ip ports for most services. It's the owner's responsibility to close properly that which he doesn't want entered by.

            • Nope, wrong. If a machine is connected to the internet, the implication is that the owner wants people to connect to it. If a port is open, the implication is that people can connect to it.

              I can't argue that but can we agree that the port should be used for its intended purpose?

              I'll add to this. If I leave my front door open and someone walks in, they'll get a slap on the wrist correct or possibly a trespassing charge? If on the other hand they steal or vandalize my place they are now a criminal and law can punish that.

              My arguments were made in the context of the article. In this case he stole and vandalized. That's the real issue. Judgment should be handled the same way as if it happened in

    • The real reason Aaron Schwartz and the Pirate Bay had the book thrown at them is that their "crimes" were political speech and the Powers That Be wanted to make an example of them. The CFAA was merely a convenient tool to enable it.

      In contrast, this guy was merely motivated by monetary gain, which the Powers That Be either (a) don't really give a shit about, since his victims were other "little people" or (b) tacitly admire him for, so obviously they're not particularly motivated to punish him.

      • depending on where you live, the laws vary but the law is the law. It just so happens that Finland doesn't consider them with the same severity as the US. I do agree with you that the CFAA is an abusive blanket that a federal prosecutor can cover and beat you with. It's too broad, too vague and the penalties too severe. It also doesn't consider fair use doctrine. If I could I'd wipe it off the map and use existing laws such as breaking and entering which in terms of tangible vs. virtual assets there's

      • by gl4ss ( 559668 )

        he was a minor when committing the stuff.

        if you want to run something like tpb in nordic countries, do it before you're an adult. duh.

  • Just take his stuff, and garnish some wages for a while. The desire to lock people up for this is perverse, in every sense.

    • No, it's not. Locking somebody up or threatening them with hard jail time because the accessed data in an inconsistent manner that the distributor intended, even though available, is perverse. Guys who hack systems, stealing credit cards or other data that isn't considered fair use, is punishable.

      • ...is punishable

        In a humane fashion! Maybe Finnish prisons are a bit more so than American ones. Most systems are run by sociopaths who like to watch people suffer. I simply find it unacceptable, not that I can do anything about it as long as nobody can be bothered...

        • you've obviously never been the victim of identity theft nor it sounds like you have never had 100s of IP addresses in China, Eastern Europe or the Middle East trying every known vulnerability to access your server on the Internet. There are cyber criminals out there that deserve the full enforcement of law for attempts and illegal access. Copying information that would be normally publicly available or already paid for isn't a crime. There is a difference.

          • by KGIII ( 973947 )

            Perhaps you meant that it is not a crime or that it should not be a crime? I can assure you that it is a crime in this country, he would have been found guilty - there is no doubt. What is debatable is if it should be... Until it is changed it is illegal. It may not be immoral but it is illegal. The illegality is what makes it a crime. Violating Jim Crow laws was a crime. The laws were reprehensible but breaking those laws was still a crime.

  • It all comes down to money. You don't cheat the global money mafia. Screw with the actual mafia, and they might break your legs. Steal their money and they encase you in concrete and dump you off the coast. Same thing here. Same thing with the justice system. Steal a movie from Wal-Mart, get a suspended jail sentence with fines. Fail to pay those fines, and you go to jail till you pay them off. Just think what Wal-Mart would do to you if they had control over your punishment. Always follow the money. It'
  • Aaron Schwartz and the Pirate Bay team were also quite a bit older than 15

    • by Anonymous Coward

      I don't recall Schwartz or the PB team SWATting people, or getting people arrested after framing them for SWATting, DDOSing sites for hire, harassing individuals in just about everyway you can with a computer including posting doxs to forums known to be havens for harassing people. This kid is a full on sociopath and deserves to be jailed.

      • by jopsen ( 885607 )

        This kid is a full on sociopath and deserves to be jailed.

        Yes, let's lock up some kids. I don't think Finland should be looking to adopt the American way of life in prison.
        You can't blame a kid for a dysfunctional US society where police forces deploy SWAT teams as if it was sport.

        Schwartz was just another victim of crazy US "justice" system.
        He would have had a very different treatment in Finland or Sweden.

        • by Anonymous Coward

          Excuses bullshit! He wasn't a kid, he was a 15/16 year old youth and odious little shit who knew exactly what he was fuckin' doing.

  • So: 1) He was a child. 2) He didn't break into any physical structure. 3) He probably agreed to the plea bargain. Yes, exactly the same. :/
  • by Swift Kick ( 240510 ) on Wednesday July 08, 2015 @12:33PM (#50070567)

    Contrast this to the treatment meted out to Aaron Swartz, and the Pirate Bay team.

    Yes, let's contrast the behavior of a teenager to that of adult men and women who are well-aware of any legal repercussions yet engage willingly and knowingly in criminal activity...

    Really?

    • legality is not necessarily morality

      they mostly overlap, but where the two have the most problems is disproportionate punishment: massive jailtime for smoking marijuana cigarette or crushing financial ruin for downloading a file for example

      it was illegal for a black person to ride in a section reserved for white people. until last week it was illegal for gays to marry. it is illegal to smoke marijuana in most of the usa, but that will change soon too

      aaron swartz downloaded files. the pirate bay team shared files

      for this they are treated with more severity than actual murders

      this is not morality and not a legal status quo that requires your respect nor ensures your compliance

      where the punishments are massively more brutal than the crimes, you have a legal area itself which is immoral. for example (i'm not saying they are same, it's an analogy for you to understand the topic) in some places that practice sharia law, you chop off a person's hand for stealing, or stone them to death for adultery. this brutality means the legal status quo in that society is actually more immoral than the crimes they are punishing, and such societies do not actually prevent immoral and illegal acts. in fact, they simply convince citizens to treat each other and the authorities with as much cruelty as the authorities deliver to its citizens. we see areas of the world where brutality is proscirbed by authorities creating societies where violence and brutality reign as normal

      again, i'm not saying that file downloading is exactly like daesh, i am trying to make you understand how brutal punishments are not respectable and in fact result in worse social conditions

      in the same way, there is no respect due to the punishments that western countries like the usa proscribe for file sharing on the internet

      the proper response to the legal status quo is to defy and defile the illegitimate and immoral laws wherever and whenever you can, until there is enough of a fire that society demands a rethinking of the laws to be proportional to the actual moral severity of the crimes in question

      rather than the agenda of the corporations who have bribed the government to make the punishments so cruel, which is what you are really defending with your words: not morality, but corruption

    • Yeah, really.
      It was an open question, not a statement.
      In most places "maturity" is defined as somewhere between 18 and 21.
      In some parts of the USA - you can drive a car, fly a plane, buy and own a gun...at 16.

      Sure, Swartz was well aware of what he was doing - and probably the consequences - while pursuing his agenda.
      TPB boys were also pretty arrogant, even abusive to their critics, while confident of what they thought were their "rights" under Swedish law.

      Does that mean that they deserved to be driven to su

      • by KGIII ( 973947 )

        You are not driven to suicide. You choose to suicide. Evidence: All the people in prison with vastly larger sentences than he was likely to receive. They did not kill themselves. He opted to kill himself. As much as I support his ideals he is still a coward.

        • by dave420 ( 699308 )
          Judging people without all the evidence. Classy guy. You have no idea what was going through his head. You really have no idea, and yet decide to call him a coward for committing suicide. It can be argued that suicide is a lot braver than languishing in jail too cowardly to end it on your own terms. But whatever - you seem quite happy condemning people by your opinions.
    • It's legal for bankers to take mortgage loans, bundle with insurance and then speculate on a private market with little to no oversight, meanwhile they can print money.

      Get back to me when a white hat hacker trying to blow the whistle or a script kid defacing a website reach this level of impact on our lives.

      "Oh it's CRIMINAL behavior!" What's the going rate to pass legislation making bad things legal and good things illegal these days?

  • fix the contrast (Score:4, Insightful)

    by frovingslosh ( 582462 ) on Wednesday July 08, 2015 @12:35PM (#50070573)

    Contrast this to the treatment meted out to Aaron Swartz

    Why contrast this to Arron Swartz? This crook committed real crimes (the "theft of credit card details" that presumably were used or sold). As far as I know (and I could be wrong) Swartz committed no real crime, was just the victim of over zealous prosecution. Not that I have any love or respect for Swartz, I think he was an asshole and that may well have contributed to his over enthusiastic prosecution.

    • Because this criminal did a strictly worse thing, and the outcome for him was strictly better. That makes for an easy comparison between how two jurisdictions handle criminal justice.

      Two things scuttle the comparison:

      1. This guy committed crimes as a minor. Whether or not you think that should be important, it makes the comparison uneven.
      2. Swartz was threatened with insane sentences to induce him to plea-bargain, but AFAIK didn't actually get sentenced. I don't know whether plea bargains are a thing i

  • So... he's a teen... which means he's somewhere between 15-19... lets assume he was only hacking for at most 3 years... which means also whomever he was hacking had shit security because a newbie hacker busted their security...

    but going with 3 years... 50,000/3=16667 hacks per year... or 46 a day every day for 3 years.

    I'm going to assume without reading further that the number of hacks is either coming from some malware the little shit appropriated that ultimately compromised 50k machines or something simil

    • Why would you assume no damage when the article is linked and describes damages in the hundreds of thousands of dollars, as well as his purchases using stolen credit cards?

  • It appers to be to the same guy, who acted as a spokesman for LizardSquad, when they crashed the PSN - according to Brian Krebs:
    https://krebsonsecurity.com/2014/12/whos-in-the-lizard-squad/

    For those of you, who can read Finnish, here is a short profile of the guy:
    http://nyt.fi/a1305912430161

    • For those of you, who can read Finnish...

      No-one can read Finnish. I have my doubts even about the Fins. I guess they just want to hide the fact that they decrypt the meaning of the message from scent signals in the paper, instead of the random text on the page. At least, that's my take. How they do it over the web, I guess we'll never know.

  • .District Court Judge Wilhelm Norrmann noted that Kivimaki had only been 15 and 16 when he carried out the crimes in 2012 and 2013. Because of this, the court gave him a two-year suspended sentence. Contrast this to the treatment meted out to Aaron Swartz, and the Pirate Bay team.

    I know the geek doesn't take it well when one of his own gets more than a slap on the wrist. But arguments like this are ridiculous.

    Court documents state that his attacks affected Harvard University and MIT among others, and involved hijacking emails, blocking traffic to websites and the theft of credit card details.

    Evidence shown to the court included orders for champagne and shop vouchers.

    [The court] confiscated his PC and ordered him to handover ($6,588 US) worth of property obtained through his crimes.

    Kivimaki was also accused of being involved in a money laundering scheme involving the virtual currency Bitcoin, which he was said to have used to fund a trip to Mexico.

    The security blogger Brian Krebs had previously linked Kivimaki to a notorious hacking group called Lizard Squad, which was involved in a separate, later series of attacks on Sony and Microsoft.

    However, Lizard Squad's activities were not mentioned in the court documents.

  • What I want to know is why Kivimaki got a slap on the wrist.

    This guy was a member of Lizard Squad. He's responsible for heaps of economic damage - not the least of which includes DDoSing services to take them down - along with credit card fraud, botnet creation/operation, not to mention all of the data he stole from the targets he hacked. And none of that includes the even more serious crimes such as swatting an Illinois family [dailydot.com], which put them at great physical risk, and then for good measure committed iden

    • by gl4ss ( 559668 )

      Because he is just a kid.
      Finland doesn't prosecute kids as adults.

      not sure if swatting was part of the charges, but then again if it was then that would be a pretty minor thing in Finland (it's just prank calling from a finnish perspective. you see, in Finland the cops don't come busting through the door shooting everything that moves until it doesn't move so calling the cops on someone is a pretty minor thing..)

      plus, he was arrested for a while at the start of the investigation, which counts quite highly a

  • Give this fine young man a job!! ;)
  • Only shows that it is apparently way to easy to hack into systems...even kids can do that. So which sentence was given to those who obviously did not properly secure their systems?
  • We have to teach those scumbags a lesson: https://lockerdome.com/6724408... [lockerdome.com]

To be is to program.

Working...