Finnish Teen Convicted of 50,000 'Hacks,' Receives Suspended Sentence 108
Bearhouse writes: The BBC reports that Julius Kivimaki was found guilty of 50,700 "instances of aggravated computer break-ins." Court documents state that his attacks affected Harvard University and MIT among others, and involved hijacking emails, blocking traffic to websites, and the theft of credit card details.District Court Judge Wilhelm Norrmann noted that Kivimaki had only been 15 and 16 when he carried out the crimes in 2012 and 2013. Because of this, the court gave him a two-year suspended sentence. Contrast this to the treatment meted out to Aaron Swartz, and the Pirate Bay team.
Difference: CFAA in the US (Score:5, Interesting)
Blame the CFAA for the difference in draconian treatment of computer system abusers in the US; therefore blame congress and the administration for not updating the legislation or deferring prosecution. Sure, there are cyber criminals who deserve to be punished but there's also an increasing number of examples where the CFAA has been applied on incidents that don't even belong in court. If you give prosecutors tools like the CFAA, you can sure bet that they'll leverage them to get the maximum conviction possible.
Re: (Score:1)
Sociology of law professor Håkan Hyden criticised the exceptionally harsh sentence on both the prison time and large amount of compensation awarded,[61] and some legal analysts expect the punishments to be radically lowered in higher courts.[62]
Re: (Score:1)
This is probably going to sound bad but, frankly, I think it needs saying...
(The first is not so bad.) TPB court case was drama and, frankly, has nothing to do with the CFAA or anything in the US legal system. Was their political influence? I suspect so but my suspicions do not make it so.
Swartz did not even get to trial. (My displeasure with my alma mater and the whole situation has been aired before.) He did not make it to trial either. At best we can say that the CFAA was going to be used against him.
The
Re: (Score:1)
Why not?
There are worms that sneaked themselves in hundred of thousands of computer. What about the RPC bug in Windows XP that would cause it to reboot? That's a hack too that affected millions of PCs.
Re: (Score:1)
Ah... I used to type in multiple colors in Yahoo's chat. Once in a while I would paste in some colorful text and tell people that if they pressed "CTRL + ALT + DEL" that they could enter a special admin panel that enabled multi-color chat and the ability to kick and ban other users. It was evil. It was fun.
An aside?
During the Mad Cow epidemic I would go to the "Horse Lovers" channels and point out how much I loved horse. I'd go on and on about it until it all reached the climax of, "They taste so delicious,
Re: (Score:1)
Happens? Meh... I meant "ends" but I am functionally, barely, retarded.
Re: (Score:3)
Some crimes that I'd consider worse got least severe punishment but even that is debatable. If a hacker wrecks 50 000 computers, was there more damage to society than the killing of a human being? Lives are possibly wrecked in different ways which in large enough quantities may equal to more damage than the death of a person. After all the justice system is there to protect society, no one specific member of society. When we imprison a murderer, it isn't for revenge but rather to protect the rest of society
Re: (Score:3)
There's lots of gray areas in the CFAA and some court rulings have expanded the original meaning of the CFAA. For example, you're authorized to access a system but you then republish copyrighted material. You're not only violating copyright but the content owners right to publication. That means you've not only violated the law criminally but are potentially subject to civil prosecution for damages.
The EFF has quite a bit of information on the CFAA, I suggest reading it here. [eff.org]
Re: (Score:2)
See, I don't like that. If someone breaks into your house because you left a window open it's still punishable by law. The punishment may be minor but it's still clear cut. Why is it different with unauthorized computer entry?
Re: (Score:1)
See, I don't like that. If someone breaks into your house because you left a window open it's still punishable by law. The punishment may be minor but it's still clear cut. Why is it different with unauthorized computer entry?
Bad analogy. An open PC is not like an open house. Firstly you don't "see" a gate, walls, doors and windows. You "knock" on ports and when they open and say welcome, you go inside. If they open and don't welcome you, you ask for different ports or use different credentials to see what and who welcomes you. Putting yourself on the internet is inviting people to come and visit. Even dense people can learn to understand that. If you don't want anyone to visit, the responsibility is yours to close the (ba
Re: (Score:2)
An open PC is not like an open house
You can enter both but you do not have the right to vandalize or steal from it. The only difference in the current state of "internet" is that if you enter a house uninvited the authorities can charge you but they can't online.
Putting yourself on the internet is inviting people to come and visit.
I didn't suggest that scanning ports should be punishable. Its no different then your neighbor snooping on you. It's when you make uninvited entry that its a problem. Leaving your front door open doesn't suggest strangers should just come in. Put an open house sign and all of a sudden
Re: Difference: CFAA in the US (Score:1)
If you kill a person on purpose vs. You kill a person by accident, you cause the same amount of damage so should you get the same penalty?
Re: (Score:3)
It depends how 50,000 computers were damaged. If you built a 50 story building but due to a design flaw a truck losing control and hitting the base caused the whole thing to collapse, would you hold the truck driver entirely responsible? The law usually recognizes intent too. There was a case recently in the UK were the local government wasted £8,000 pursuing someone for dropping and then picking up and disposing of a 10mm square bit of orange peel, and lost because it was clear that the person
Re: (Score:2)
Ok, but you understand that infiltrating a computer in itself should be an offence right? At least I believe it should be if you weren't authorized to do so.
It's also the reason I asked the question. Is the punishment fitting for the actual damages. If the damages to the 50 000 computers results in 1000 employees losing their job and then a percentage going through depression and hard times feeding their family was it not vile enough to justify a 10-20 year sentence? Is there a $$ figure of damage measurab
Re: (Score:1)
Ok, but you understand that infiltrating a computer in itself should be an offence right? At least I believe it should be if you weren't authorized to do so.
Nope, wrong. If a machine is connected to the internet, the implication is that the owner wants people to connect to it. If a port is open, the implication is that people can connect to it. Many of these cases are not cases when people hack into a system by brute force, but rather where someone find an open port or other door and simply enters. There are no "don't enter" signs on tcp/ip ports for most services. It's the owner's responsibility to close properly that which he doesn't want entered by.
Re: (Score:2)
Nope, wrong. If a machine is connected to the internet, the implication is that the owner wants people to connect to it. If a port is open, the implication is that people can connect to it.
I can't argue that but can we agree that the port should be used for its intended purpose?
I'll add to this. If I leave my front door open and someone walks in, they'll get a slap on the wrist correct or possibly a trespassing charge? If on the other hand they steal or vandalize my place they are now a criminal and law can punish that.
My arguments were made in the context of the article. In this case he stole and vandalized. That's the real issue. Judgment should be handled the same way as if it happened in
The real difference: POLITICS (Score:3)
The real reason Aaron Schwartz and the Pirate Bay had the book thrown at them is that their "crimes" were political speech and the Powers That Be wanted to make an example of them. The CFAA was merely a convenient tool to enable it.
In contrast, this guy was merely motivated by monetary gain, which the Powers That Be either (a) don't really give a shit about, since his victims were other "little people" or (b) tacitly admire him for, so obviously they're not particularly motivated to punish him.
Re: (Score:2)
depending on where you live, the laws vary but the law is the law. It just so happens that Finland doesn't consider them with the same severity as the US. I do agree with you that the CFAA is an abusive blanket that a federal prosecutor can cover and beat you with. It's too broad, too vague and the penalties too severe. It also doesn't consider fair use doctrine. If I could I'd wipe it off the map and use existing laws such as breaking and entering which in terms of tangible vs. virtual assets there's
Re: (Score:2)
he was a minor when committing the stuff.
if you want to run something like tpb in nordic countries, do it before you're an adult. duh.
That's the way to do it (Score:1)
Just take his stuff, and garnish some wages for a while. The desire to lock people up for this is perverse, in every sense.
Re: (Score:2)
No, it's not. Locking somebody up or threatening them with hard jail time because the accessed data in an inconsistent manner that the distributor intended, even though available, is perverse. Guys who hack systems, stealing credit cards or other data that isn't considered fair use, is punishable.
Re: (Score:1)
...is punishable
In a humane fashion! Maybe Finnish prisons are a bit more so than American ones. Most systems are run by sociopaths who like to watch people suffer. I simply find it unacceptable, not that I can do anything about it as long as nobody can be bothered...
Re: (Score:3)
you've obviously never been the victim of identity theft nor it sounds like you have never had 100s of IP addresses in China, Eastern Europe or the Middle East trying every known vulnerability to access your server on the Internet. There are cyber criminals out there that deserve the full enforcement of law for attempts and illegal access. Copying information that would be normally publicly available or already paid for isn't a crime. There is a difference.
Re: (Score:1)
Perhaps you meant that it is not a crime or that it should not be a crime? I can assure you that it is a crime in this country, he would have been found guilty - there is no doubt. What is debatable is if it should be... Until it is changed it is illegal. It may not be immoral but it is illegal. The illegality is what makes it a crime. Violating Jim Crow laws was a crime. The laws were reprehensible but breaking those laws was still a crime.
Money, man. (Score:1)
Re: (Score:1)
The best part is - tough on crime only blew the population in prisons out of proportion. This is the only effect it had. Most of other countries of so called Western civilization do this a bit more rationally by which they not only save money but also get most of criminals back into society.
Re: (Score:2)
A suspended sentence really is a very minor punishment
Unless that term means something different in your country, it is still a criminal conviction, it just means that you don't actually go to prison (if you don't re-offend during the term of suspension).
Having a criminal conviction has all sorts of consequences, it is a serious punishment in itself.
And? (Score:2)
Aaron Schwartz and the Pirate Bay team were also quite a bit older than 15
Re: (Score:1)
I don't recall Schwartz or the PB team SWATting people, or getting people arrested after framing them for SWATting, DDOSing sites for hire, harassing individuals in just about everyway you can with a computer including posting doxs to forums known to be havens for harassing people. This kid is a full on sociopath and deserves to be jailed.
Re: (Score:3)
This kid is a full on sociopath and deserves to be jailed.
Yes, let's lock up some kids. I don't think Finland should be looking to adopt the American way of life in prison.
You can't blame a kid for a dysfunctional US society where police forces deploy SWAT teams as if it was sport.
Schwartz was just another victim of crazy US "justice" system.
He would have had a very different treatment in Finland or Sweden.
Re: (Score:1)
Excuses bullshit! He wasn't a kid, he was a 15/16 year old youth and odious little shit who knew exactly what he was fuckin' doing.
Exactly the same... (Score:1)
Re: (Score:1)
Finland does not have a plea bargaining system
I has since January 2015 [merilampi.com].
Re: (Score:3)
Really Bearhouse? (Score:3)
Contrast this to the treatment meted out to Aaron Swartz, and the Pirate Bay team.
Yes, let's contrast the behavior of a teenager to that of adult men and women who are well-aware of any legal repercussions yet engage willingly and knowingly in criminal activity...
Really?
Re:Really Bearhouse? (Score:5, Insightful)
legality is not necessarily morality
they mostly overlap, but where the two have the most problems is disproportionate punishment: massive jailtime for smoking marijuana cigarette or crushing financial ruin for downloading a file for example
it was illegal for a black person to ride in a section reserved for white people. until last week it was illegal for gays to marry. it is illegal to smoke marijuana in most of the usa, but that will change soon too
aaron swartz downloaded files. the pirate bay team shared files
for this they are treated with more severity than actual murders
this is not morality and not a legal status quo that requires your respect nor ensures your compliance
where the punishments are massively more brutal than the crimes, you have a legal area itself which is immoral. for example (i'm not saying they are same, it's an analogy for you to understand the topic) in some places that practice sharia law, you chop off a person's hand for stealing, or stone them to death for adultery. this brutality means the legal status quo in that society is actually more immoral than the crimes they are punishing, and such societies do not actually prevent immoral and illegal acts. in fact, they simply convince citizens to treat each other and the authorities with as much cruelty as the authorities deliver to its citizens. we see areas of the world where brutality is proscirbed by authorities creating societies where violence and brutality reign as normal
again, i'm not saying that file downloading is exactly like daesh, i am trying to make you understand how brutal punishments are not respectable and in fact result in worse social conditions
in the same way, there is no respect due to the punishments that western countries like the usa proscribe for file sharing on the internet
the proper response to the legal status quo is to defy and defile the illegitimate and immoral laws wherever and whenever you can, until there is enough of a fire that society demands a rethinking of the laws to be proportional to the actual moral severity of the crimes in question
rather than the agenda of the corporations who have bribed the government to make the punishments so cruel, which is what you are really defending with your words: not morality, but corruption
Re: (Score:3)
i stopped reading there
that has nothing to do with the point
the point is the harshness of the punishment fitting the crime or not
if you can't understand the simple point that the punishment massively overreacts to the "crime", you are not worth interacting with
Re: (Score:3)
The trouble with folks like you is that you lack the power of conversation but not the power of speech.
Good luck in your endeavours.
Re: (Score:2)
you completely misrepresented my point or showed that you did not understand it
meaning you failed to read my comment or you failed to understand my comment
you can't make accusations about anyone else's conversational acumen if you lack the intellectual honesty or intellectual ability to even have a fucking coherent conversation
Re: (Score:2)
you completely missed the fucking point
i never said what he did wasn't a crime. i was speaking to the brutality of the punishment
jaywalking is a crime
murder is a crime
should jaywalking and murder have the same punishment?
no?
then ask yourself: did aaron's punishment fit his crime?
do you understand the point now?
Re: (Score:2)
jaywalking is a crime
murder is a crime
should jaywalking and murder have the same punishment?
They shouldn't, and they don't.
However, let's use this analogy for a second.
A jaywalking ticket is about $40-$100 in NYC (let's assume it's about the same in Brooklyn, where Aaron lived). If he had purposefully jaywalked a few thousand times because he was fighting jaywalking legislation and was hit with fines for each instance when he finally got caught, should he not be punished for each offense?
then ask yourself: did aaron's punishment fit his crime
What punishment? He killed himself before he was punished, so we'll never know.
What we do know is that he w
Re: (Score:2)
why are you commenting when you don't even understand the fucking topic?
http://thinkprogress.org/justi... [thinkprogress.org]
http://reason.com/archives/201... [reason.com]
http://www.newyorker.com/news/... [newyorker.com]
it helps to understand the bare basic facts of a topic before you open your ignorant mouth
please educate yourself first next time, then talk
Re: (Score:1)
Let me try to clarify my statements a little, hopefully you'll understand what I'm trying to say if I use your tone.
Look here, fuckstick:
I understand the "fuckin' topic" just fine. You're simply ignoring everything that doesn't fit into your "OMG AARON SWARTZ WAS SO DREAMY!@#@!#ONE!!ELEVN!@" posterboy-for-lesser-penalties bullshit.
Quoting articles friendly towards Swartz that make false comparisons doesn't help your point. I mean, the ThinkProgress article refutes its own title in the second-to-last parag
Re: (Score:2)
i got to fuckstick my eyes glazed over and i just couldn't anymore
sorry, you're too remedial, just not worth the effort
Re: (Score:2)
> i was speaking to the brutality of the punishment
What brutality? He got a suspended sentence for over 10,000 illegal acts.
Re: (Score:2)
the comment you are replying to was talking about aaron swartz, or at least brutal excessive punishment for internet "crimes"
Re: (Score:2)
Except that neither case received brutal punishment. Aaron was never convicted. Given his other cases of abuse of abuse of copyright, such as his abuse of PACER, his attempts at concealment, and his use of and interference with another school's systems, he knew he was doing illegal if not criminal things. Charges had merely been filed, and there is no sign that he wasn't guilty. But they hadn't even held the first day of trial. It's difficult to call that "excessive punishment".
This student got off very, ve
Re: (Score:1)
i stopped reading there. yeah, he was never convicted because he committed suicide you dumb fuck
and to assert that aaron swartz didn't face brutal punishment makes you either an asshole, a moron, or both
http://thinkprogress.org/justi... [thinkprogress.org]
http://reason.com/archives/201... [reason.com]
http://www.newyorker.com/news/... [newyorker.com]
read the above. educate yourself. then open your ignorant mouth
Re: (Score:1)
"i[sic] stopped reading..."
"...ignorant..."
Wow. Just, wow. "Hi! I am willfully ignorant. I am going to call you ignorant."
I noticed you used the same exact tactic (including quoting yourself) above. Why would somebody wallow in ignorance instead of being honest? Why is that?
Yeah, yeah... I know. You won't read because you will not think. Children and their tirades are not best if ignored or corrected. They are best when scorned. So... Look at how silly you look! Your drooling on yourself as you try harder t
Re: (Score:2)
you misrepresented basic facts of a subject matter you chose to speak on
so don't be mad, just educate your *ignorant* self before injecting yourself into a topic you are ill-prepared for, next time
good luck kid
Re: (Score:1)
Yip. Right on cue. (I did not misrepresent facts. I posted what you posted. Unless you are saying that your posts were not factual...)
Re: (Score:2)
wait... you're not even the guy i was originally interacting with
are you lonely? you have some pathetic need to get emotional 7 comments deep in a conversation you have nothing to do with?
do you actually have anything substantive to say on the topic or do you just require remedial social interaction?
Re: (Score:1)
Oh no. I was just pointing out that you are an idiot on the off chance that someone had missed it. The most beautiful part was your attempt to justify your reply. No, you can not just ignore someone and then call them ignorant and not expect someone to call you out on it. You are not having a private conversation - you are on an open website that facilitates discussion with all comers.
Sometimes we see things like abject stupidity. At that point we chime in and point out the idiocy. You, and everyone here, h
Re: (Score:2)
I read more than enough reports at the time, but your references aren't. They're opinion pieces, written by people saddened by the tragedy. They don't reflect the criminal realities of Aaron's case. The prosecuting attorneys were aggressive and listed every reasonable charge separately, with maximum sentences. No judge would inflict all that, and the prosecuting attorneys clearly expected him to plea bargain. But as best I can tell from the _news_ articles at the time, Aaron refused to accept _any_ felony
Re: (Score:2)
Yeah, really.
It was an open question, not a statement.
In most places "maturity" is defined as somewhere between 18 and 21.
In some parts of the USA - you can drive a car, fly a plane, buy and own a gun...at 16.
Sure, Swartz was well aware of what he was doing - and probably the consequences - while pursuing his agenda.
TPB boys were also pretty arrogant, even abusive to their critics, while confident of what they thought were their "rights" under Swedish law.
Does that mean that they deserved to be driven to su
Re: (Score:1)
You are not driven to suicide. You choose to suicide. Evidence: All the people in prison with vastly larger sentences than he was likely to receive. They did not kill themselves. He opted to kill himself. As much as I support his ideals he is still a coward.
Re: (Score:2)
Re: (Score:2)
It's legal for bankers to take mortgage loans, bundle with insurance and then speculate on a private market with little to no oversight, meanwhile they can print money.
Get back to me when a white hat hacker trying to blow the whistle or a script kid defacing a website reach this level of impact on our lives.
"Oh it's CRIMINAL behavior!" What's the going rate to pass legislation making bad things legal and good things illegal these days?
Re: (Score:1)
"Other people do illegal things and they are worse!" -- not a valid point
fix the contrast (Score:4, Insightful)
Contrast this to the treatment meted out to Aaron Swartz
Why contrast this to Arron Swartz? This crook committed real crimes (the "theft of credit card details" that presumably were used or sold). As far as I know (and I could be wrong) Swartz committed no real crime, was just the victim of over zealous prosecution. Not that I have any love or respect for Swartz, I think he was an asshole and that may well have contributed to his over enthusiastic prosecution.
Re: (Score:2)
Because this criminal did a strictly worse thing, and the outcome for him was strictly better. That makes for an easy comparison between how two jurisdictions handle criminal justice.
Two things scuttle the comparison:
1. This guy committed crimes as a minor. Whether or not you think that should be important, it makes the comparison uneven.
2. Swartz was threatened with insane sentences to induce him to plea-bargain, but AFAIK didn't actually get sentenced. I don't know whether plea bargains are a thing i
50,000? Whaaat? (Score:2)
So... he's a teen... which means he's somewhere between 15-19... lets assume he was only hacking for at most 3 years... which means also whomever he was hacking had shit security because a newbie hacker busted their security...
but going with 3 years... 50,000/3=16667 hacks per year... or 46 a day every day for 3 years.
I'm going to assume without reading further that the number of hacks is either coming from some malware the little shit appropriated that ultimately compromised 50k machines or something simil
Re: (Score:2)
Why would you assume no damage when the article is linked and describes damages in the hundreds of thousands of dollars, as well as his purchases using stolen credit cards?
Ryan, Zeekill (Score:2)
https://krebsonsecurity.com/2014/12/whos-in-the-lizard-squad/
For those of you, who can read Finnish, here is a short profile of the guy:
http://nyt.fi/a1305912430161
Re: (Score:3)
For those of you, who can read Finnish...
No-one can read Finnish. I have my doubts even about the Fins. I guess they just want to hide the fact that they decrypt the meaning of the message from scent signals in the paper, instead of the random text on the page. At least, that's my take. How they do it over the web, I guess we'll never know.
So tender an age.... (Score:2)
.District Court Judge Wilhelm Norrmann noted that Kivimaki had only been 15 and 16 when he carried out the crimes in 2012 and 2013. Because of this, the court gave him a two-year suspended sentence. Contrast this to the treatment meted out to Aaron Swartz, and the Pirate Bay team.
I know the geek doesn't take it well when one of his own gets more than a slap on the wrist. But arguments like this are ridiculous.
Court documents state that his attacks affected Harvard University and MIT among others, and involved hijacking emails, blocking traffic to websites and the theft of credit card details.
Evidence shown to the court included orders for champagne and shop vouchers.
[The court] confiscated his PC and ordered him to handover ($6,588 US) worth of property obtained through his crimes.
Kivimaki was also accused of being involved in a money laundering scheme involving the virtual currency Bitcoin, which he was said to have used to fund a trip to Mexico.
The security blogger Brian Krebs had previously linked Kivimaki to a notorious hacking group called Lizard Squad, which was involved in a separate, later series of attacks on Sony and Microsoft.
However, Lizard Squad's activities were not mentioned in the court documents.
Why The Slap On The Wrist? (Score:2)
What I want to know is why Kivimaki got a slap on the wrist.
This guy was a member of Lizard Squad. He's responsible for heaps of economic damage - not the least of which includes DDoSing services to take them down - along with credit card fraud, botnet creation/operation, not to mention all of the data he stole from the targets he hacked. And none of that includes the even more serious crimes such as swatting an Illinois family [dailydot.com], which put them at great physical risk, and then for good measure committed iden
Re: (Score:3)
Because he is just a kid.
Finland doesn't prosecute kids as adults.
not sure if swatting was part of the charges, but then again if it was then that would be a pretty minor thing in Finland (it's just prank calling from a finnish perspective. you see, in Finland the cops don't come busting through the door shooting everything that moves until it doesn't move so calling the cops on someone is a pretty minor thing..)
plus, he was arrested for a while at the start of the investigation, which counts quite highly a
50,000 Hacks?? (Score:1)
Too easy (Score:1)
No good! (Score:1)