Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
Botnet Crime Security Education Spam The Almighty Buck The Courts

Malware Developer Who Used Spam Botnet To Pay For College Gets No Prison Time (bleepingcomputer.com) 57

An anonymous reader writes: The operator of a 77,000-strong spam botnet was sentenced to two years probation and no prison time after admitting his crime and completely reforming his life. The former botnet operator is now working for a cybersecurity company, and admitted his actions as soon as the FBI knocked on his door back in 2013. The botnet operator, a 29-year-old from Santa Clara, California, says he was tricked by fellow co-schemers who told him they were not doing anything wrong by infecting computers with malware because they were not accessing private information such as banking or financial records. Furthermore, the botnet operator escaped prison time because he used all the money he earned in getting a college degree at Cal Poly instead of using it on a lavish lifestyle or drugs. This case is similar to the one that MalwareTech (aka Marcus Hutchins) now faces in the U.S. for his role in developing the Kronos trojan, but also after turning his life around and working as a cybersecurity researcher for years.
This discussion has been archived. No new comments can be posted.

Malware Developer Who Used Spam Botnet To Pay For College Gets No Prison Time

Comments Filter:
  • But hey, it's only a valuable college degree that helped him get a cybersecurity job.
    Not like he's gonna live high on the hog off a job like that. He might as well be working at a gas station!

    • by dave420 ( 699308 ) on Friday November 03, 2017 @09:15AM (#55482349)

      He spent the money on rehabilitating himself, and will pay taxes with his job. Or would you rather the government lock him up, not receive those taxes, and instead spend even more money on his custody?

      • Re: (Score:3, Insightful)

        by Gavagai80 ( 1275204 )

        Yes, in order to avoid encouraging everyone from paying for college with criminal activities.

        • by RingDev ( 879105 )

          From a social impact of the individual's criminality, the threat has passed, hence, there's no need to lock him up at our expense.

          From an economic impact/motivational factor for society, there's civil suits. Let him have his pockets drained until he's repaid the costs he caused others to incur.

      • by Luthair ( 847766 )
        Then you could make the same argument for any illegal activity, e.g. drugs, robbery, pickpocketing, etc. At 25 he was more than old enough to understand what was done was both illegal and understand that the spam was almost certainly sent to perpetuate scams (e.g. online pharmacies).
  • America, F-yeah! (Score:4, Insightful)

    by sinij ( 911942 ) on Friday November 03, 2017 @08:05AM (#55481975)
    You have to turn to crime to just be able to afford tuition.
    • by Anonymous Coward

      You have to turn to crime to just be able to afford tuition.

      Well, that's what happens when government starts giving away shackles, errr, student loans.

      The demand for college goes through the roof, and not having a degree is seen as a sign of failure, further fueling the demand.

      Supply and demand - demand expands, and the cost of college skyrockets.

      It's a classic bubble.

  • Unproven no? (Score:4, Insightful)

    by Luthair ( 847766 ) on Friday November 03, 2017 @08:06AM (#55481985)
    Isn't it still entirely unproven that Hutchins had anything to do with writing kronos? Last I heard the FBI has accused him of it, but he hadn't admitted guilt or lost a trial.
    • by Anonymous Coward

      But Hutchins messed up already deployed NSA malware, so surely he must be convicted of something!

  • by El Cubano ( 631386 ) on Friday November 03, 2017 @08:11AM (#55482005)

    ... says he was tricked by fellow co-schemers who told him they were not doing anything wrong by infecting computers with malware because they were not accessing private information such as banking or financial records.

    I might have believed that claim 30 or so years ago. However, anyone having anything at all even remotely to do with technology would have to be living under a rock in order to not understand that infecting computers that you do not own is considered a serious crime.

    That would be like claiming that you thought it was OK to drive yourself home after 6 drinks because you were careful not hit any parked cars or pedestrians and you made it home.

    I would call that wilful ignorance.

    I was originally going to say that this whole thing sounds like a case of #4 from "The Six Dumbest Ideas in Computer Security" [ranum.com]. Then I reconsidered because it seemed like he had "good" intentions. However, I cannot imagine who would hire this guy after the claim that he made that he did not know what he was doing was wrong. Definitely sounds like a case of #4.

    • I might have believed that claim 30 or so years ago

      Well, seeing as law enforcement and the judicial system still operate like it's 30 years ago, it makes sense.

  • So... crime's OK (Score:4, Interesting)

    by Baron_Yam ( 643147 ) on Friday November 03, 2017 @08:18AM (#55482045)

    Crime is OK if you use the proceeds for education. This seems like a bad precedent to set, especially with computer crime. It's not like we don't already have bunches of script kiddies imagining they're fighting a just cause while committing computer crimes.

    So many talented but ethically-challenged kids out there can look at this and say, "Well, if I don't get caught I'm rich and if I do I get probation. Yay, free tuition!"

    • by azcoyote ( 1101073 ) on Friday November 03, 2017 @08:34AM (#55482139)
      I know! He should have taken up pole dancing to work himself through college, like a respectable person.
      • My local university apparently has a lot of prostitutes, but that's mainly an option for reasonably attractive straight girls and gay men... or those willing to fake it, I suppose.

        As a straight male, I did manual labour from age 16 to save up for university. Maybe crime would have been a better option, but unfortunately I was raised with ethics and morals.

    • by dissy ( 172727 )

      Crime is OK if you use the proceeds for education. This seems like a bad precedent to set, especially with computer crime. It's not like we don't already have bunches of script kiddies imagining they're fighting a just cause while committing computer crimes.

      So many talented but ethically-challenged kids out there can look at this and say, "Well, if I don't get caught I'm rich and if I do I get probation. Yay, free tuition!"

      While I can certainly agree that this would be a bad thing in the hands of people who are always trying to game any and all systems for their own benefit, I'm actually leaning the other way.

      Reading the summary the first thought that went through my head was "What the hell, our justice system is actually trying to find justice and not just revenge as is almost always the case?!"

      The very fact our revenge system is so expected to dole out revenge and ignore justice, such that people actively see justice as a n

      • >The very fact our revenge system is so expected to dole out revenge and ignore justice, such that people actively see justice as a negative thing simply because it is so far from the norm, is a very poor reflection on us as a nation.

        Justice is historically synonymous with 'getting your just desserts' or similar idea. It's all about revenge.

        Fundamentally though, the purpose of the legal system is to ensure the rules are followed to the benefit of the society. Locking someone up punitively doesn't reall

    • This seems like a bad precedent to set

      No this seems like a natural consequence. The bad precedent was set when education became unaffordable in the first place.

  • Does he now earn $50,000 a year in IT in Silicon Valley? I know that guy.
    • by gnick ( 1211984 )

      50k in Silicon Valley will get you a brand new Maytag box in one of the premium alleys. No recycle-bin scrounging for this guy's palace! And prime real-estate next to a restaurant dumpster.

  • time served (Score:5, Funny)

    by fibonacci8 ( 260615 ) on Friday November 03, 2017 @08:34AM (#55482145)
    He got a degree from Cal Poly, the judge decided he'd suffered enough already.
  • Just garnish some of his earnings

  • He voluntarily chooses the easiest path by provoking a damage to others, out of the huge amount of other possibilities. He spends all the money egoistically although in something which a priori seems not that bad. As a result of all that, he gets a career, an education and even some fame within the field. The rest of the society gets spam (at least), further promotion of crap(py attitudes, knowledge, outputs, etc.) within the software development industry, the impression that you can get away with things li
    • by mwvdlee ( 775178 )

      He's been let off way too easy. 2 years probation? So after 2 years he can freely start stealing computer resources again?
      How about docking all his pay until he's paid for his tuition, all cost to the legal system and additional damages?
      Better yet; send him on a no-expenses-paid apology-tour to all 77.000 individuals he stole electricity, bandwidth and CPU resources from?

      • He's been let off way too easy. 2 years probation?

        I am not too familiar with the US penal system (neither with the one in my country as far as I haven't ever been in that situation), but this sounds as a very small punishment for someone being charge with prison time. Correct me if I am wrong, but this will not limit his activity at all and, as far as he seems to already have a solid career, is very unlikely to have a negative impact on his job/client search. This seems almost just publicity and you know what they say about publicity and businesses.

        So after 2 years he can freely start stealing computer resources again?

        For me,

  • by ramriot ( 1354111 ) on Friday November 03, 2017 @09:05AM (#55482279)
    This case is similar to the one that MalwareTech (aka Marcus Hutchins) now faces in the U.S. for his role in developing the Kronos trojan Should say: This case is similar to the one that MalwareTech (aka Marcus Hutchins) now faces in the U.S. for his ALLEGED role in developing the Kronos trojan.
  • by ytene ( 4376651 ) on Friday November 03, 2017 @09:22AM (#55482413)
    I can only hope that the portion of the US Administration that is currently investigating Marcus Hutchins is willing to apply a similar outlook that we see handed down here. The law should be fair for all; whilst I respect the value of allowing judicial discretion in certain circumstances, I do think it is important to be implemented in a neutral way.
  • he and his 'co-schemers' took one of their office printers out into a field and beat the crap out of it.
  • "Never ask for permission, always ask for forgiveness" confirmed.

Physician: One upon whom we set our hopes when ill and our dogs when well. -- Ambrose Bierce

Working...