According to a CNET News.com report, a German judge issued a
21-month suspended sentence the teenager who admitted creating the Sasser
computer worm. The 19-year-old Jaschan was put on probation for three years and
must complete 30 hours of community service.
While I don't believe Jaschan's crime warrants a lengthy prison
term, the court should have issued a stronger sentence and required him to
spend at least 6 months in jail. Although not an issue in the Sasser case, cybercrime
has shifted from the realm of social activists and academics, to the world of
organized crime. Future sentences should reflect that shift.
Though this shift increases the risk cybercrime posses, it
also lets us combat cybercrime with techniques likely to work against financially
motivated perpetrators. Here's an example:
"The Sasser case is the only success so far for Microsoft's Anti-Virus Reward Program, which was launched
in November 2003. The program has offered a total of $1 million to informants
who help close official investigations into four major viruses and worms,
including Sasser, and has another $4 million earmarked for future rewards."
Financial incentives are more effective when used against individuals
motivated by financial gain. Reward programs haven't been overly successful inthe past, but they will likely produce better results in the future.