The FBI Is Arresting People Who Rent DDoS Botnets

This week the FBI arrested a 26-year-old southern California man for launching a DDoS attack against online chat service Chatango at the end of 2014 and in early 2015 -- part of a new crackdown on the customers of "DDoS-for-hire" services. An anonymous reader writes: Sean Krishanmakoto Sharma, a computer science graduate student at USC, is now facing up to 10 years in prison and/or a fine of up to $250,000. Court documents describe a service called Xtreme Stresser as "basically a Linux botnet DDoS tool," and allege that Sharma rented it for an attack on Chatango, an online chat service. "Sharma is now free on a $100,000 bail," reports Bleeping Computer, adding "As part of his bail release agreement, Sharma is banned from accessing certain sites such as HackForums and tools such as VPNs..."

"Sharma's arrest is part of a bigger operation against DDoS-for-Hire services, called Operation Tarpit," the article points out. "Coordinated by Europol, Operation Tarpit took place between December 5 and December 9, and concluded with the arrest of 34 users of DDoS-for-hire services across the globe, in countries such as Australia, Belgium, France, Hungary, Lithuania, the Netherlands, Norway, Portugal, Romania, Spain, Sweden, the United Kingdom and the United States." It grew out of an earlier investigation into a U.K.-based DDoS-for-hire service which had 400 customers who ultimately launched 603,499 DDoS attacks on 224,548 targets.
Most of the other suspects arrested were under the age of 20.

Re:

[TWX]

Sharma you for that...

hey, how about you don't do that

[SirSlud]

A couple of years sounds good to me. Reform, know that it's serious, and don't any of your freedom for granted. I think we're still decades away from the law and society catching up to finding the balance.

Re:hey, how about you don't do that

[Ol Olsoc]

A couple of years sounds good to me. Reform, know that it's serious, and don't any of your freedom for granted. I think we're still decades away from the law and society catching up to finding the balance.

A couple years is significant, although in the US it seems everyone wants everyone executed for anything. Of course we'd all be dead.

I wonder if we should start teaching civics again in schools. Seems a freaking CS graduate should know better, both socially and technically.

Re:

[ebvwfbw]

I wonder if we should start teaching civics again in schools.

No question about it. That's far better than the liberal BS they replaced it with.

Re:

[Ol Olsoc]

In fact, there is quite a bit of evidence that the chance of being caught at all or rather the perception of it, has a lot more to do with modification of behaviour than harshness of punishment. We have been optimizing the wrong way then wondering why it fails.

The problem with the get tough on crime movement is that it escalates punishment so quickly that it very quicklys makes for people who aren't afraid to die because they have nothing to live for any more. Or become incredibly violent because that is how Law enforcement treats them. Enter the War on Drugs, which drugs have clearly won. Enter Prohibition, which was the best thing ever to happen to organized crime.

Because the "tough on crime" crowd breeds this weird chimera person who wants the most harsh p

Re:hey, how about you don't do that

[wonkey_monkey]

now facing up to 10 years in prison and/or a fine of up to $250,000.

Doesn't mean he's going to get exactly that.

Re:

[CaptainDork]

Those don't matter as much as the long term effects for a young CS graduate.

Re:hey, how about you don't do that

[Gojira Shipi-Taro]

Then perhaps NOT DOING THAT would be a good decision.

"It was just a prank, bro" isn't a valid defense. Ever.

Re:

[CaptainDork]

Fuck valid defense.

I was 26, 45 years ago.

I'm an expert at doing stupid shit.

I just never got caught.

He'll grow up.

Re: hey, how about you don't do that

[Anonymous Coward]

You didn't get caught that's the problem.... it's not an excuse.

I for one would like to see you discovered and punished appropriately (ok maybe a bit more than appropriate would be nice)

The world would have 1 less asshole and be less full of shit.

Re:hey, how about you don't do that

[Gojira Shipi-Taro]

Good for you?

Actions, even mistakes, have consequences.

It affects other people, so it's not harmless.

He'll grow up, but he'll have to suffer the consequences of his own actions and decisions.

I personally managed to never do stupid shit that happened to be a felony. Because you know, I understand the whole consequences thing.

Congratulations for getting away with it, I guess.

Re:

[AmiMoJo]

In EU countries stuff like this is eventually considered "spent", in that you don't have to tell employers or banks about it. The police keep a permanent record but it won't screw up your life forever.

Re:

[Wulf2k]

> I personally managed to never do stupid shit that happened to be a felony.

I guarantee that you have, especially if you do anything computer related.

Have you ever sat down at somebody's computer and tried to help them figure out why something on a remote site didn't work? CFAA violation if they were logged in with their own credentials. Unauthorized use of blahblahblah.

Now, go be a stupid kid doing stupid kid stuff in the legal minefield of the internet these days.

May as well just execute this generat

Re:

[gravewax]

prisons are full of people that did stupid shit when they were young, Murder, Rape, assault, theft. Just because you committed felonies and got away with it and realised later it was dumb doesn't mean everyone under 30 now gets a free pass. It is bad enough the free passes given out to most teenagers.

Re:

[CaptainDork]

Shoot 'em all, eh?

Re:

[lactose99]

Renting a botnet to DoS a site isn't just "stupid shit", this should have consequences.

Re:

[Wulf2k]

It is "stupid shit" compared to the sentence he'll get for it.

He'd have been better off committing a violent crime.

Re:

[Anonymous Coward]

A couple of years sounds good to me. Reform, know that it's serious, and don't any of your freedom for granted. I think we're still decades away from the law and society catching up to finding the balance.

It's nice to know you've made that decision based on knowing all the facts of the case contained in a slashdot summary.

Jail is serious. Even the threat of jail can cause reform. He is facing ten years but depending on how much damage the attack actually did, they should let him plead it down to much less, especially if he's a first-time offender. Someone out early on probation who knows that they're going away for five years if they screw up can be more useful to society and more likely to reform than someo

Re:

[Cederic]

they should let him plead it down to much less

Why, so that they get a guilty plea and don't have to actually find, assess and present evidence?

"Plead guilty and we'll only give you two years, or we'll be pushing for the full ten and a fine that you'll be working for another 8 years to pay off."

This isn't justice.

Re:hey, how about you don't do that

[ColdWetDog]

You only get justice if you can afford it.

It's the American way.

Re: pipes and their dreams

[Phusion]

Hi there, I don't have any comment on this argument, but your sig rubbed me the wrong way. I BELIEVE the phrase "pipe dream" is a reference to opium, not hallucinogens. Opium users nod out into a dreamy state, I've seen one picture from China Town in SF in the early 1900's of an opium cart that says "Dreams $5" or something like that... anyway, carry on.

Re:

[ShanghaiBill]

Paperwork you have to file, refile, pay to file, copy and send to someone else to file, etc...

Defendants don't have to pay to file, and the paperwork is not so much. I have represented myself in several cases (civil not criminal) that were too simple to waste money on a lawyer. I would never do that as a plaintiff, but as a defendant it worked out okay. All were settled out of court on reasonable terms.

Re:

[Dutch Gun]

I notice nobody bothered to discuss the bail amount - $100,000! That's outrageous, only people of means could possibly raise that, poor people just rot in prison until their trial eventually happens. In the mean time they can't earn an income and the bills keep coming in.

I guess you're not familiar with bail bonds?

Re:

[PlusFiveTroll]

>Why, so that they get a guilty plea and don't have to actually find, assess and present evidence?

That's not 'completely' true. The DA has to present the plea deal to a judge (in theory the same judge that you would have your trial in front of) and the judge tell the DA the plea is not accepted because of lack of evidence and that it must be brought to trial.

Re:hey, how about you don't do that

[Dutch Gun]

Given that the estimated damage was $5000, I'd hope he just gets a rather stiff fine (maybe five to ten times the estimated damages). There's no need for him to be in prison, as he's not a danger to society, although he does need to be punished. The greater value is in letting people know they can't get away with hiring these services without consequences.

For people wishing for law enforcement to go after the botnets themselves, we just had a story from a week ago about international law enforcement removing a very large botnet. They seem to be attacking the problem from both ends, which seems like a reasonable approach.

Now we just need to figure out how to secure all these damned routers and IoT devices so they can't be used as botnets so easily. This wouldn't be nearly so much a problem if the fruit wasn't quite so low-hanging.

Re:

[mmell]

Require a built-in firewall? After all, how many ports does it take to change colors on an LED light bulb?

Ba-dum bum.

Re:

[dwillden]

While going after botnets should be part of the plan. Going after those who hire the botnets also needs to be part of the equation. Botnets need to be attacked from both ends, both those who create them and those who use them, a botnet that never does anything wrong isn't really a problem, it could be used as a distributed computer to process complex problems with all those wasted processor cycles out there on IoT enabled devices. Only if used for DDOS or similar attacks do they become problematic. If n

Re:

[AmiMoJo]

Prison is completely unsuitable for a first offence of this nature. It won't provide him with the skills to live a reformed life afterwards, he already has those it seems. A fine seems like the best option, because he could keep his career going and build a life to move past what he did and be a productive contributor to society, but still be punished and deterred from doing it again.

Re:

[TWX]

Now we just need to figure out how to secure all these damned routers and IoT devices so they can't be used as botnets so easily. This wouldn't be nearly so much a problem if the fruit wasn't quite so low-hanging.

Stronger product liability laws and rulings against manufacturers or distributors would probably be a good start. Make the source responsible for the ability to compromise the device, with financial penalities based on install base when vulnerabilities are not discovered. Use the recall process like most other products are subject to as well.

If it hurts their bottom lines, companies will actually start paying attention to security.

Re:

[Dahamma]

Jail is serious.

So it depriving a business of their livelihood. Someone walking into a store with a gun and robbing the cash register does a LOT less financial damage than these A-holes, but no one argues that armed robbers should be let off with a warning.

That said, I agree that no 18 year old should get multiple years in jail for a first time computer crime that didn't cause human harm. But there needs to be some SERIOUS repercussion, possibly including some (brief) jail time or everyone is going to think you get one g

Re:

[Dutch Gun]

I'd say a better analogy would be burglary instead of armed robbery, as threatening someone with a gun is serious because of the implied threat to human life. Also, it's a bit strange that he supposedly brought down this chat site for two months, yet damages are valued at $5000. One can only draw the conclusion that this was not a large, money-making operation.

I'm not making light of this, but this was the equivalent of some small time burglary or shoplifting, not some masterful hack bringing down million

Re:

[Dahamma]

I'd say a better analogy would be burglary instead of armed robbery, as threatening someone with a gun is serious because of the implied threat to human life. Also, it's a bit strange that he supposedly brought down this chat site for two months, yet damages are valued at $5000. One can only draw the conclusion that this was not a large, money-making operation.

Ok, sure. Felony burglary can get you 10-20 years in many states. Though it usually doesn't unless there are other circumstances. Still, breaking into someone's house and stealing $5000 is most definitely a felony (if the state wants to prosecute it as such). I'm just saying if you are going to give a black teenager 3 years for felony burglary, give a white teenager the same sentence for felony computer hacking. Or decide neither is worth that.

Re:

[mrchaotica]

I'm just saying if you are going to give a black teenager 3 years for felony burglary, give a white teenager the same sentence for felony computer hacking. Or decide neither is worth that.

In my jurisdiction, at least, they don't. Black teenage burglars get time served and probation. We've got some local criminals who've gotten arrested literally ninety-plus times, and still can't get the judge to put them in actual prison for any significant length of time.

Re:

[Dahamma]

Anecdotes are useless in this case. And why should I even believe you have any idea what the real stats are? I prefer to trust actual research...

http://www.nytimes.com/2016/12... [nytimes.com]

Re:

[mrchaotica]

I didn't say black burglars weren't getting treated more harshly (i.e., unfairly) than white burglars, just that they were getting time served and probation instead of three years in prison. It's hard to tell though, because there aren't any white burglars around here to begin with (or maybe there are, but they don't even get arrested).

Re:

[Megol]

IMHO: Someone robbing a place at gunpoint should be sentenced to attempted murder, OTOH I think people that attempt to kill someone should be sentenced as if they succeeded.

Re:

[SirSlud]

Ah yes, money is more important than the threat of physical violence.

Re:hey, how about you don't do that

[Dahamma]

Sure depends on the amount of each. I'd sure prefer a threat of physical violence over some douche bag stealing my life savings from an investment account, and would gladly argue the latter should pay more.

Re:

[Anonymous Coward]

Prison isn't punishment. Prison is a training ground for future criminal behavior.

Re:

[ChoGGi]

Not a punishment? You're fine with going to jail tomorrow then?

Re:

[Rakarra]

Sending criminals to hard labour with poor conditions makes them more productive.

Instead of making iPhones in China we should make them in the US prisons with the same pay and working conditions with anti suicide nets to ensure there is no escape from punishment.

It seems strange, but here in the US we have some sort of stigma against laws that set up slave labor or "indentured servitude."
Wonder why. Must be some relic of the past.

Re: hey, how about you don't do that

[dyeazel]

I thought the purpose of prison was deterrence? Give the guy a heavy fine and criminal record to make an example of him. The damages were low--why should my tax dollars support this guy while he's in jail?

Re:

[TWX]

There's no one point of prison. Everyone has their own views on what it's supposed to accomplish and even then, many people have amorphous or at least shifting views on it.

The only thing that is generally agreed upon is that prison separates the convicted from the rest of society. Beyond that, whether it's used to punish, or to rehabilitate, or to act as a deterrent, or as a form of cheap labor, or to "enforce the underclass" to maintain a population that must do the menial jobs that no one wants to ot

Re:

[SirSlud]

When you commit a crime, you deserve to be punished.

This means nothing. You've committed crimes.

Wait - I have a better idea . . .

[mmell]

We don't need to take any legal action other than seizing the botnet for more appropriate use. D'ya suppose Trump's allies in Moscow would appreciate the simple irony in being attacked by literally hundreds of thousands of thermostats, light bulbs, baby monitors, security cameras, smart TV's, DVR's - it would be the ultimate proletarian protest, most of it done by devices made in China!

Re:

[Coren22]

Love the sig.

It would be funny to attack Russia, but what would it accomplish? If they really did perform the hack, what are you going to charge them with? All they did was expose the truth, what a horrible crime.

Re:

[swillden]

A couple of years sounds good to me.

Keep in mind that "a couple of years" has a tremendous lifetime impact. The problem is that any crime that carries a maximum sentence of one year or more is a felony. Felonies dog you for life, and in many cases make you unemployable in your chosen profession.

For Rent?

[freeze128]

If you can rent botnets, then maybe that would be useful to large corporations who do not want to be DDOSed. They rent the botnet, then don't use it. That way, those millions of bots aren't being used to attack their site.

Re:

[91degrees]

It could be useful. But the bots are still going to be hijacked PCs. Still breaking the law by using other peoples devices without their consent.

Re:

[wisnoskij]

Still breaking the law by using other peoples devices without their consent.

The question here is, is it still breaking the law by NOT using other peoples devices without their consent?

Re:

[ls671]

Great idea! It seems legit. So, we will me setting multiple botnets shortly to take advantage of this great market opportunity. Shouldn't cost much either since the bots will never be used!

Thanks you!

Re:

[93 Escort Wagon]

If you can rent botnets, then maybe that would be useful to large corporations who do not want to be DDOSed. They rent the botnet, then don't use it. That way, those millions of bots aren't being used to attack their site.

Yes, I'm sure the people who control these botnets would not notice they weren't being used; or would notice but feel bound by their sense of ethics to not take advantage and simultaneously rent the botnet to someone else.

Re:

[mmell]

Rent botnet A to attack botnet B. Simultaneously rent botnet B to attack botnet A.

Sit back and enjoy the show.

Re:

[v1]

that's not how botnets generally work. They're more like timehare services, and typically you can even get time on just a specific number of machines at a time - you pay by the hour by the cpu time. So if you rent a botnet and don't use it, you're just throwing your money away and someone else will use your time and pay for it too, making the bot herder more money.

This article is a little surprising in that it sounds like the FBI going after these people is a *new* thing. I thought it was part of their ma

Re:

[fredgiblet]

So essentially pay a permanent bribe to not be attacked.

Re:

[Dahamma]

Sounds like extortion to me. The mob uses the same strategy - "hey, pay us to protect you and we don't destroy your business".

Re:

[John.Banister]

I think the problem with a successful botnet protection racket is turf. When a gang runs a protection racket on the stores in a neighborhood, the understanding is that they're the only gang with access to that neighborhood. Unless there's a successful way for one botnet to counter another botnet, protection from paying a botnet not to attack won't work unless you're paying every botnet not to attack.

Danegeld

[liquid_schwartz]

I see you've never heard of thisDanegeld. Here's a citation: https://en.wikipedia.org/wiki/... [wikipedia.org]

Isn't that rather like paying blackmail?

[mmell]

Besides, if a major corporation were to rent a botnet, what makes you think they wouldn't use it?

Re:

[rhazz]

That's self-defeating. More people renting botnets leads to higher demand for botnets which leads to people creating more botnets because it's lucrative. While there is a theoretical limit to the amount of hardware out there that can be recruited into botnets, we are pretty far from that limit so things can get a lot worse.

It's the same reason any civil society should ban paying ransoms to terrorists etc. While you may personally benefit, society loses because you are funding the problem.

Re:

[Anomalyst]

LEO should rent the botnets and attack a honeypot, record the attacking IP addresses and require the ISP to notify/filter the owners.

Re:Grown Up Children

[93 Escort Wagon]

The immaturity of some of these graduate students is astonishing, they're essentially grown up children.

Modern society is such that people aren't often forced to grow up until their 20s or 30s.

Re:

[Anonymous Coward]

Or, if they (which is to say, their parents) have money, they don't have to grow up at all.

Re:

[ls671]

The immaturity of some of these graduate students is astonishing, they're essentially grown up children.

Every adult is a grown up child! ;-)

https://english.stackexchange.... [stackexchange.com]

Re:

[sunking2]

Clearing these grad students are spoiled and have too much extra cash laying around if they are spending money on such things.

How about targeting the source?

[Anonymous Coward]

Busting a few users sounds like the same failure that is the War On Drugs. They should go after the purveyors of these DDoS/stresser/booter services. Check out this recent list of them, all serviced by CloudFlare in the last year. This is who they need to arrest.

alphastress.com, anonymous-stresser.net, aurastresser.com, beststresser.com, boot4free.com, booter.eu, booter.org, booter.xyz, bullstresser.com, buybooters.com, cnstresser.com, connectionstresser.com, crazyamp.me, critical-boot.com, cstress.net, cyberstresser.org, darkstresser.info, darkstresser.net, databooter.com, ddos-fighter.com, ddos-him.com, ddos.city, ddosbreak.com, ddosclub.com, ddostheworld.com, defcon.pro, destressbooter.com, destressnetworks.com, diamond-stresser.net, diebooter.com, diebooter.net, down-stresser.com, downthem.org, exitus.to, exostress.in, free-boot.xyz, freebooter4.me, freestresser.xyz, grimbooter.com, heavystresser.com, hornystress.me, iddos.net, inboot.me, instabooter.com, ipstresser.co, ipstresser.com, jitterstresser.com, k-stress.pw, layer-4.com, layer7.pw, legionboot.com, logicstresser.net, mercilesstresser.com, mystresser.com, netbreak.ec, netspoof.net, networkstresser.com, neverddos.com, nismitstresser.net, onestress.com, onestresser.net, parabooter.com, phoenixstresser.com, pineapple-stresser.com, powerstresser.com, privateroot.fr, purestress.net, quantumbooter.net, quezstresser.com, ragebooter.net, rawlayer.com, reafstresser.ga, restricted-stresser.info, routerslap.com, sharkstresser.com, signalstresser.com, silence-stresser.com, skidbooter.info, spboot.net, stormstresser.net, str3ssed.me, stressboss.net, stresser.club, stresser.in, stresser.network, stresser.ru, stresserit.com, synstress.net, titaniumbooter.net, titaniumstresser.net, topstressers.com, ts3booter.net, unseenbooter.com, vbooter.org, vdos-s.com, webbooter.com, webstresser.co, wifistruggles.com, xboot.net, xr8edstresser.com, xtreme.cc, youboot.net

If CloudFlare would stop providing bulletproof hosting for criminals and spammers, the internet would be a better place. But CloudFlare apparently loves its criminal customers and the FBI loves CloudFlare. DDoS purveyors [ipaddress.com], terrorist websites [theepochtimes.com], malware distributors [malwareurl.com], CloudFlare seems to welcome them all to its hive of scum and villainy. Maybe it's time to revive the concept of the Usenet Death Penalty and apply it to all traffic to and from CloudFlare. They're the sewer of the internet and should be null routed and de-peered.

Re:

[Anonymous Coward]

This might be an unpopular comment, but CloudFlare also hosts prominent private bittorrent sites, and I'm glad that they do. Piracy is a problem, but the dysfunction we've had in government (in the US) means that copyright isn't going to be meaningfully reformed anytime soon. Without piracy sites, I doubt that services like Netflix or Apple Music would exist -- they exist now because competition made the business model of the music and film labels / studios obsolete. I think this is a good thing. Piracy

Re:

[mmell]

Pendulum swings hard left - we get a "Wild West" internet where nothing can be trusted.

Pendulum swings hard right - we get AOL, the sanitized (government?) internet where nothing can be trusted.

Who should be less mistrusted - the left or the right? Self-regulation hasn't worked. Government regulation has seldom been any better. Perhaps the solution is to hold manufacturers of IOT devices accountable? General purpose computers, no - those are managed by people and those people should be held to account

Re:

[Rakarra]

Without piracy sites, I doubt that services like Netflix or Apple Music would exist

Netflix is an example of where we've slid backwards -- lost freedom compared to what we had before. Strongly-controlled DRM platform, streaming that's not on your terms, no ownership by the end user, and high fees from the content companies.

Don't get me wrong, I like me some Netflix, but online streaming is an example of a power grab by the content companies that worked.

Agreed 110% & thanks (me?)

[Anonymous Coward]

See subject: For providing 102 means to FURTHER "arrest operations" of 8 botnets this week by your providing those DDoS'ing sites to block via custom hosts files (the means I use to protect others online as well as speed them up + make their connections more reliable & more anonymous)

* MOD WHO I REPLIED TO UP TO +5 FOLKS!

(I may or MAY NOT have had those already but it never hurts to build those into hosts for tonite's build as blocked here if not)

APK

P.S.=> Per my subject's termination above? This is

Re:

[ChoGGi]

Free speech means taking the good with the bad.

Re:

[ChoGGi]

I never said it did, I meant Cloudflare.

Re:

[Anonymous Coward]

The war on drugs is significantly different in that drugs are addictive. The users of drugs are victims of a sort themselves.
Arresting a botnet renter is much more like arresting people who try to hire hit-men. Both the purchaser and the purveyor should be arrested and treated harshly in these scenarios.

Actual Charges

[Anonymous Coward]

Transmission of a Program, Information, Code, and Command to Cause Damage to a Protected Computer. -- Felony

Maximum Term 10 year. Maximum Fine $250,000

Re:

[CaptainDork]

So no guns (legally) for this dude.

Unauthorised Access is already a US felony

[redelm]

Doh! Accessing a computer without the owners permission is a felony under 18 USC 1030 . Even if the vendors did not access/test their botnet, they are accessories-before-the-fact. DDoS on open, public ports may or may not be covered as contrary to 18 USC 1030 , however accessing all the little 'bots most certainly is.

Chatango

[DaMattster]

I have to wonder why Sharma chose Chatango as a target. It looks like a pretty worthless target to me. There has to be more to this story than meets the eye so I'm left wondering if he was part employed by Chatango, got screwed by them, and decided to exact some revenge. If it was the case that Sharma got screwed by Chatango, I fail to see the problem here. I don't automatically think that just because someone is arrested or charged with a crime that they are guilty.

Re:

[93 Escort Wagon]

He probably got kicked off Chatango for harassing some woman.

New ways to attack politicians

[John.Banister]

or anyone else you don't like. If I'm a hacker in a non-extradition country, I gain access to someone's system and I want them in jail, I just make it look like I'm selling (if I can't get access to their bank account, I can always create a promise of assistance with trafficking) them the use of my botnet, which I then use to attack their rivals. OTOH, if I want to buy the services of a botnet, then I want to first try and piss off hackers online, so I can later claim that my purchase was actually their doi

Requires remuneration and public service

[ebusinessmedia1]

People like this should be made to pay back every penny of damage, and then put into a MANDATORY public service program for 2 years where they spend WEEKENDS (no weekends off!) teaching kids in poor neighborhoods how to code, or some other socially redeemable task. For every weekend he misses, he has to make up two more - and there is no financial remuneration. If he does it again, jail!

So how did he get caught?

[Denis Goddard]

What did he do, pay with a credit card? Or with a BTC address publicly connected to himself?

Re:

[mmell]

Probably cash - a bag full of used twenties slipped under the men's room stall.

What?

[Gumbercules!!]

The FBI estimate his attacks cost Chatango about $5,000.... so bail is set at $100,000 and fines are around $250,000 with 10 years in prison? What?!? Surely a payment of say - $5,000 or maybe even $10,000 to the effected company would be a more suitable response?

Re:

[gravewax]

his maximum fine is 250,000 with 10 years prison. That is simply what the maximum is for the crime he committed, the judge then has between 0-250,000 to play with if he is found guilty. FYI, $5000 or $10,000 would be way to small in my opinion, the fine does need to be orders or magnitude greater. I would be thinking more $25k-$50k with 1-2 years jail.

Re:

[Gumbercules!!]

Hence me saying "or maybe even $10,000...." - but a x70 increase (fine and penalties combined) plus jail seems OTT, to me.

Computers hijacked for botnet

[khz6955]

What's the penalty for those allowing their 'computers' to be hijacked and used as part of a botnet?

OMG, Arresting people that break the law...

[melting_clock]

There are very few applications for a DDoS attack that could be considered legal. The FBI, and other law enforcement agencies, should be arresting those that break the law. Maybe that will leave them less time to spy on the rest of us...

There are more victims in a DDoS attack than the target. They can include:
* The people or organisations with infected devices that launch the attack that can have actual costs due to the use of their connections.
* Internet service providers.
* The rest of us that just want to be able to surf the net without reduced performance.
* Those that have a legitimate reason and right to access the target of the attack.

I can't see any reason to feel sympathetic towards the customers of DDoS for hire that get caught. Lock them up like any other criminal.

Hey how about

[siamesevodka]

DON'T DO THE CRIME IF YOU CAN'T DO THE TIME. I don't feel sorry for this guy.He is twenty five years old. What do you want him to have? A participation certificate instead. The reason I shell out good money for malware and anti-virus every year, is to keep assholes like this from messing up my computer. Put him in jail with Rachel from cardholder services. I used to think used car salesman were the bottom feeders, but telemarketers and people that just want to ruin things like this guy are the new bottom fe

Re:

[siamesevodka]

Also this guy ends up in prison with hardened criminals he may find out there is an entirely new meaning to denial of service.

Re:

[siamesevodka]

Then it's amazing to me they start whining when they do get caught that your being unfair to them. What you are saying in essence is everyone is a felony criminal everyday and this is being unfair to the one's who get caught. The reason they punish people is to be a deterrent to other people. In the end this fellow ruined his life, not society. You are always taking a risk of getting caught if you ignore the laws. If you don't feel you should be punished then don't do it. The big misconception with crime is

Misleading Title/Summary

[coofercat]

So as I read this, you get busted for *using* a botnet, not just renting one. If you fancy renting a botnet to dos yourself to collect the IPs so you contact all the participants to help them fix their stuff, I think you'd be okay ;-)

Re:

[JustAnotherOldGuy]

P.S.=> It's NOT easy being "world-class"... apk

Maybe that's why you've never managed to achieve such a status, except in terms of "being a spammer".

Hey - good to see you here!

[mmell]

Hate to admit it, but you're dead-bang right here.

Don't get me wrong - DNS is not the cause and your solution is not the cure for all ills (and has practically no application in the IOT), but with Windows systems being only somewhat more secure than the average baby monitor, it might be a start. Hell, I can even think of a couple of major players who could benefit from something like this. I can't name 'em, but I've worked at a couple of major tech-sector firms which still use hostfiles because DNS can't

Re:

[another_twilight]

You're dismantling yourself YETI

Only you think so, and that's only because you cannot read and ignore the points that are made. You've addressed nothing in my posts, just repeated your usual claims.

The speedup of resolving a name via a hosts whitelist vs DNS cache is below human perception in most cases. The difference between operating in kernelmode vs usermode is imperceptible in most cases. You keep ignoring the fact that your big selling point - increased efficiency and speed is trivial for most users these days. It's unnoticeable. I

Re: Multiple identical posts (only two so far)

[mmell]

You do have to stop reposting the same thing over and over. Combined with your immediate resort to personal attacks, this only serves to blunt and dilute your message.

Change will only come gradually - a lot of people here (especially the older /.'ers) will see an A/C post with "APK" in the body as a sign that you're not to be taken seriously. Easy, man! Lay off the spambardment and the personal attacks and soon you'll be able to post without fear of being ostracized. In this area, you've definitely got

*Sigh*

[mmell]

This sort of behavior got Herr Drumpf elected, but it isn't doing you any good here. If you will insist on dwelling on the past, we of the present will be more than happy to leave you there.

If this is your only use for an olive branch, I'll be more than happy to stop offering it. However, I doubt very seriously that you will find anyone else here even remotely interested in giving you even this much benefit of the doubt. Really - my comments were the closest I've seen here (aside from your own) to even