Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Comments
Should LulzSec Suspect Face Life In Prison?
Newest First  |  Oldest First  |  Threaded View
StygianAgenda
100%
0%
StygianAgenda,
User Rank: Strategist
1/2/2013 | 9:37:38 PM
re: Should LulzSec Suspect Face Life In Prison?
From the perspective of an Ethical Hacker, employed currently by the government, I have mixed feelings about this.

While I believe that this is a total misuse of intelligence, to call any hacker a moron is to invite an avalanche of cyber-attacks. Most *real* hackers (not script kiddies) are extremely intelligent people, although often more than just a bit anti-social.

My personal issue with this sort of activity is the harm it causes to others beyond the target, such as theft of credit card numbers that result in individual lives being affected due to ruined credit and all the nastiness that comes with that.

On the flip-side of this, I also feel that in this day and age of cyber-warfare, the rise of the surveillance-state, the loss of personal liberties (that were really privileges, not rights), and the intrusiveness of state-actors in the ongoing (so-called) war on terror... hacking skills are tantamount to survival skills in some ways... basically an evolution of self protection. But, that's where it all falls down because most of the people that have the skills that in turn use those skills to commit crimes are more often than not, doing so for personal gain (financial, glory, or what-have-you).

More often than not, law enforcement tends to handle hackers like they are mass-murderers, until it gets around to sentencing, and the perpetrator serving out their sentence... since these people are generally non-violent offenders, they tend to do less actual time than their sentence implies. But, the social effect carries over to the public mindset, effectively bringing out types like "OldUberGoober" (go figure) that are practically screaming "Burn the heretic!". The witch-hunt mentality at its finest.

So, no... I don't believe any hacker should face life imprisonment, unless their activities cause actual loss of life. Now... apply that to the creators of StuxNet, or any other government sponsored cyber warfare suite designed to cripple enemy infrastructure. Do you think that those employees or contractors at the NSA, CIA, and MOSAD deserve life imprisonment for creating those tools? What if those tools save millions of lives due to crippling a very anti-social regime's nuclear program? How is that any different than someone who is disenfranchised and oppressed, using the same types of tools and attacks to infiltrate what they perceive as their enemy? What? Is the common man any less important than the imposed government that oppresses him? No... while I don't believe we should give these people a pat on the back, or a slap on the wrists, I don't think we should treat their crimes along the same lines that we use for prosecuting physical world crimes. Unfortunately, this tit-for-tat warfare only serves the purposes of those who would oppress everyone's freedoms that much farther, because it gives justification for more and more draconian laws to be passed.

"Naturally, the common people don't want war, but they can always be brought to the bidding of the leaders. Tell them they are being attacked, and denounce the pacifist for lack of patriotism and endangering the country. It works the same in every country." - Herman Goering, Hitler's Reichsmarschall at the Nuremberg Trials
jaysimmons
50%
50%
jaysimmons,
User Rank: Apprentice
12/31/2012 | 8:29:16 AM
re: Should LulzSec Suspect Face Life In Prison?
Generally hackers are given a few years in prison, and then when released go into consulting where they do very similar to what you suggested. That being said, I believe more focus should be put on how he was able to carry out the attacks rather than who hacked the systems. If the FBI really wants to crack down on hacking, they need to be more fair with their punishments. The leader (Sabu/Hector Xavier Monsegur. Monsegur) has already been released after serving just a few months in prison. Sure he cooperated with authorities, but you shouldn't serve such a small punishment for someone that arguably has done more damage and then a 30 year penalty to someone simply because they hit a company with the proper connections.

Jay Simmons
Information Week Contributor
Andrew Hornback
50%
50%
Andrew Hornback,
User Rank: Apprentice
12/11/2012 | 3:55:34 AM
re: Should LulzSec Suspect Face Life In Prison?
Someone, somewhere (referring to the judges) has to make an example out of a guy like this. Period.

What happens if you attack an Arizona DPS brick and mortar office? Wouldn't it be reasonable to apply the same sort of sentencing guidelines here?

What happens if you steal a corporate credit card number, without the use of a computer, and run up nearly 3/4ths of a million dollars in charges? Wouldn't it make sense for the same sentencing guidelines to apply here?

If you're smart enough to run a computer and perform these kinds of acts, I believe you're smart enough to know the difference between right and wrong. That said, this guy should spend the better part of his remaining natural born life in Leavenworth turning large rocks into small rocks, 16 hours a day, period.

Andrew Hornback
InformationWeek Contributor
Mathew
50%
50%
Mathew,
User Rank: Apprentice
12/3/2012 | 4:15:08 PM
re: Should LulzSec Suspect Face Life In Prison?
Interesting questions. So, there isn't any minimum sentence associated with these particular types of charges, and to be honest, the current norms are "it depends." If Hammond's case goes to trial, and a jury finds him guilty on one or more of the counts, at sentencing the judge could be lenient, or the judge could decide to set an example. The related sentencing guidelines are only guidelines.
macker490
50%
50%
macker490,
User Rank: Ninja
12/3/2012 | 11:44:13 AM
re: Should LulzSec Suspect Face Life In Prison?
hacking is a serious problem . but the larger problem is the insecure software that facilitates hacking . i would put him on probation with the terms being that he has to teach hacking at our universities . classes for students and practical demonstrations for professors and staff in what vulnerabilities are and how to build protection .

we generally agree that hack proof systems are going to be hard to build . but at the same time we observe the truth in this classic comment :

"Security is a function of the resources your adversary is willing to commit," said Julian Sanchez, an attorney with the Cato Institute in Washington, D.C.

perhaps we can't eliminate hacking but we should be able to reduce it to the point where it isn't a concern for those of us who choose to use the proper tools . if you think about this it is a critical sea change for us . corporations are pushing hard for e/commerce . without basic computer security all that e/commerce will do is exacerbate the hacking problem .

before you roast me here remember : hacking and hacking tools are sold on the "dark net" by the bad guys . only a fool refuses elightenment .
MyW0r1d
50%
50%
MyW0r1d,
User Rank: Apprentice
11/30/2012 | 10:14:40 PM
re: Should LulzSec Suspect Face Life In Prison?
The article indicates 30 to life as the maximum but fails to give the minimums he may be subject to. Other examples cited shows that the maximum will clearly be unlikely. And rather than comparing apples to oranges what was the day trader for the French bank that lost $7 billion, the Madoff ponzi scheme, or the UBS and Goldman Sachs losses of $2.2 billion each? These would seem to fit better than comparisons against rape, child molestation, murders, etc. I'm not a lawyer so tell us if these are offences for which concurrent sentences are the norm. The ill gotten gain needs to be striped, but the crime itself, well big business makes its profits exploiting weaknesses in competitors and in vague laws. Give him a sentence commensurate with others for the same offenses (if guilt is confirmed) and hope he will direct his talents more constructively in the future. Preska is most likely hoping for this result.
rjones2818
50%
50%
rjones2818,
User Rank: Strategist
11/30/2012 | 6:56:24 PM
re: Should LulzSec Suspect Face Life In Prison?
If the hacker's convicted, he should be sentenced to whatever the general going sentence is. It's just a shame that the IT people who weren't able to protect their online assets can't be tried and convicted as well.
Bryan K
50%
50%
Bryan K,
User Rank: Apprentice
11/30/2012 | 6:35:18 PM
re: Should LulzSec Suspect Face Life In Prison?
Lock the subhuman bastard up and throw away the key! Death to hackers!
UberGoober
50%
50%
UberGoober,
User Rank: Apprentice
11/30/2012 | 6:25:50 PM
re: Should LulzSec Suspect Face Life In Prison?
These jerks should have punishment commensurate with their crimes, and the costs to society caused by morons like this are astronomical. Punish them severely, and perhaps a few less will think its worth the risk. If you can't do the time, don't do the crime, as the old saying goes.

BTW, if AnonymousRC wants rapists and child molesters to be be punished more severely than hackers, I'm 100% OK with that too, but the solution is to increase their punishment rather than decrease the punishment of hackers.


5 Ways to Up Your Threat Management Game
Wayne Reynolds, Advisory CISO, Kudelski Security,  2/26/2020
Google Adds More Security Features Via Chronicle Division
Robert Lemos, Contributing Writer,  2/25/2020
Cybersecurity Industry: It's Time to Stop the Victim Blame Game
Jessica Smith, Senior Vice President, The Crypsis Group,  2/25/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
6 Emerging Cyber Threats That Enterprises Face in 2020
This Tech Digest gives an in-depth look at six emerging cyber threats that enterprises could face in 2020. Download your copy today!
Flash Poll
State of Cybersecurity Incident Response
State of Cybersecurity Incident Response
Data breaches and regulations have forced organizations to pay closer attention to the security incident response function. However, security leaders may be overestimating their ability to detect and respond to security incidents. Read this report to find out more.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-9463
PUBLISHED: 2020-02-28
Centreon 19.10 allows remote authenticated users to execute arbitrary OS commands via shell metacharacters in the server_ip field in JSON data in an api/internal.php?object=centreon_configuration_remote request.
CVE-2020-5247
PUBLISHED: 2020-02-28
In Puma (RubyGem) before 4.3.2 and 3.12.2, if an application using Puma allows untrusted input in a response header, an attacker can use newline characters (i.e. `CR`, `LF` or`/r`, `/n`) to end the header and inject malicious content, such as additional headers or an entirely new response body. This...
CVE-2020-9447
PUBLISHED: 2020-02-28
The file-upload feature in GwtUpload 1.0.3 allows XSS via a crafted filename.
CVE-2019-10064
PUBLISHED: 2020-02-28
hostapd before 2.6, in EAP mode, makes calls to the rand() and random() standard library functions without any preceding srand() or srandom() call, which results in inappropriate use of deterministic values. This was fixed in conjunction with CVE-2016-10743.
CVE-2019-8741
PUBLISHED: 2020-02-28
A denial of service issue was addressed with improved input validation.