General discussion

  • Creator
    Topic
  • #2277796

    Appropriate punishment for Netsky author

    Locked

    by Bill Detwiler ·

    Sven Jaschan, the 18-year-old, alleged author of the Sasser worm and several variants of the Netsky virus, was charged with sabotage by German police last week. Jaschan is believed to be responsible for 70 percent of the virus infections in 2004.

    With the cost of virus infections steadily on the rise, what are appropriate punishments for convicted virus authors?

All Comments

  • Author
    Replies
    • #2715490

      punishmment for virus writers

      by alan ·

      In reply to Appropriate punishment for Netsky author

      Crimes against society need punishment that, at least to some degree, represents the impact. The fact that the author is a very young person should be overlooked and an extreme penalty should be applied. The many thousands of dollars spent to recover from and protect against the virus writers should dictate long prison sentences and a ban, even if not enforceable, from ever again writing program code.

      The crook with the gun is more directly threatening but causes far less monetary damage on a much smaller area of impact than a virus writer. Every virus impacts thousands of people. Equate the crime with embezzlement and apply the stiff penalties.

      The knee jerk reaction is “break every finger and make sure they never work again”, which is not a civilized thing to do.

    • #2715035

      Removal

      by oz_media ·

      In reply to Appropriate punishment for Netsky author

      Of hands, ears, eyes, feet, sexual organs, frontal lobe.

      Anything short of that is simply a slap on the wrist. What’s the differece between someone destroying companies and invetments around the world and a terrorist?

      We shoot terrorists without question and with full support, we JAIL virus writers?

      Just send ’em all my way, I’ll sort it out for you.

      • #2714910

        Bring here @ Philippines

        by rnlmush ·

        In reply to Removal

        please bring them here & we will punish him..

        Ricky

        • #2705501

          Reply To: Appropriate punishment for Netsky author

          by montgomery gator ·

          In reply to Bring here @ Philippines

          What happened to the “I Love You” virus writer? I understand he was from the Philippines. Hope he got what he deserved.

        • #3327438

          Reply To: Appropriate punishment for Netsky author

          by rnlmush ·

          In reply to Reply To: Appropriate punishment for Netsky author

          yes. he was! actually he was hired by foreign company abroad. at that time no laws pertaining to cyber hack or spreading virus so, he never punish. but now there will be a law, economic sabotage & be sentence to death.

    • #2714869

      Well I’ll go against most others here

      by hal 9000 ·

      In reply to Appropriate punishment for Netsky author

      Instead of pointing the finger at the particular person who wrote the virus I’d like to see the people responsible for supplying such a mess of an OS held to account.

      Currently M$ has just released its latest Service Pack which allegedly addresses a whole host of “Security” problems in Windows and within 2 week of that being made available there are more to add to the list.

      It is an acknowledged fact that SP2 is expected to break at least 10% of all computers that it is loaded onto as well as remove a lot of existing software from use all of which isn’t Microsoft supplied but we are expected to put up with this at best “Leaks like a Rusty Sieve” OS and then transfer all the blame onto those who take advantage of the holes in the OS of choice by most companies.

      Maybe it’s just me but I think the responsibility for these problems should be passed directly back onto those people responsible for supplying both the original OS and patches as they quite nicely provide a very detailed account of any holes that they find when they release a patch hot fix or whatever else they like to call it. There are very few of us who will willingly apply untested Patches/Hot Fixes to our systems but at the same time we all know exactly what is at risk by not applying them because MS makes the holes well known to justify their new patch.

      To me complaining that someone has taken advantage of these holes is a bit like complaining that someone has used your check book credit card when you left it lying around. Surely we as supposedly IT professionals are supposed to keep our systems secure as possible from outside attack and anything that gets through is more our fault rather then the fault of the person/s who wrote the offending code in the first place.

      Col

      • #2706689

        What!?!?

        by p_piluk ·

        In reply to Well I’ll go against most others here

        There is no logic with this line of thinking. It is still a crime if someone enters your home and robs you blind if you left door unlocked. Would you hold the lock company criminally responsible for any break-ins? And for the record, why would you propose we blame the victum of a crime rather than the person responsible…

        Peter

        • #2706566

          Well lets have a good look at the alleged crime

          by hal 9000 ·

          In reply to What!?!?

          Firstly this person was supposed to write code that had an adverse affect on Windows Operating Systems. Now if the company who makes windows didn’t make the problems widely know when found and patches provided he would have had a much harder time of it.

          Incidental I would blame the lock company if they provided details of way to use existing problems in their products that had not been fixed after they released fixes for the problems that they had either been told about or discovered and then went on to tell the world about the problems at the same time as telling everyone that they had a fix available that I had to install and it may or may not cause more problems than it was supposed to fix. It would be even worse if that lock company in question had a virtual monopoly of the lock market and I was forced to use their products as they where all that was available to suit my needs. Although I do think it is a bad analogy I think you’ll get the point.

          Now not only did this person allegedly write a virus that adversely affected a few computers but it is alleged that he was responsible for 70% of all that years virus attacks. Well if he was that good I would put him to productive work filling the holes instead of throwing him in jail and being a drain on society.

          I would do exactly the same with a bugler if he/she was supposed to have broken into 200 homes and ransacked them then I’d be for locking them up and throwing away the key. But if that person had broken into 70% off all buildings within a year it would be a different story as they would have to be on the go all the time all around the world. Now if they where capable of doing that I would want them designing better locking systems to stop people like them from gaining entry to my house.

          The difference here between writing a single virus that affects people/companies and being responsible for 70% of all infections is purely a matter of scale and if they where actually that good I would want them working for me to plug the holes rather than being nonproductive or worse still passing on their ways of doing things to others while being locked up in prison.

          What would you prefer 1 person writing these things that prove such an adverse affect on Windows based computers or having them instruct 5 people who then go on to instruct 5 people each and so on. If that was to happen we would be spending all of our time fighting off attacks instead of doing what we are supposed to be doing.

          Incidental have you as yet tried Service Pack 2 for Windows XP on a network wide installation yet? If you are like me I running into more problems with non core applications than is expected and while it can be argued that these applications are not important there are things like on line banking that have been found to no longer work. But I suppose it is unimportant if a company is unable to access their bank to pay you right?

          What the problem here is not that the person in question actually broke so many computers but that he was able to with relative ease on a system that is universally accepted as the normal for almost all business and home users.

          Do I think he did the right thing? HELL NO!! But anything else is nothing more than a waste of valuable resources that could be better applied elsewhere. Remember the release of 2003 Enterprise Server? e where all told it was the most secure OS that M$ had ever built and that after extensive testing they had been unable to find any holes in it. But 3 weeks after its release there was a patch which was admittedly for IE6 was a problem for 2003 ES and I am certain that it was known about at the release of the product. Now if they had not have pushed the idea that 2003 ES had far better security for e-mail which prevented it from being altered/forwarded or printed without permission it might not have been such a big deal but it was one of their so called features in a core application that had a huge hole in it that has been patched numerous times since as well.

          Currently we have M$ talking about “Trusted Computing” but how are we expected to believe them when we see such things happen in such a short time? Even SP2 was only available for a few days before other patches where required but SP2 was sold as a cure all for everything Windows XP.

          They have a major credibility problem which they seem unwilling to address so I would want someone who was capable of breaking their OS’s with apparent ease on my side rather than working against me making far more work for me to do.

          Col

        • #3312967

          Credibility problem is yours

          by wordworker ·

          In reply to Well lets have a good look at the alleged crime

          To suggest, even in jest, that the little terrorist should be forgiven and integrated back into society, is absurd. To blame Microsoft for selling vulnerable systems is even more absurd. I can crack open the lid on a car’s gas tank, so does that mean Ford should pay for a new engine if I pour sugar into the tank? Maybe the sugar cane processing companies will hire me for my advanced knowledge of sucrose.

    • #2708442

      20 to life

      by cheyra ·

      In reply to Appropriate punishment for Netsky author

      Giving the criminal mind the green light to destroy because someone or something is vulnerable is acceptable? That?s ludicrous.

      Is a terminal patient with internal cancer less ill than a bleeding arm for all to see? Because the damage isn?t visible to the viewer doesn?t make it less.

      This person is responsible for an internal (to coin a phrase) weapon of mass destruction, costing companies and individuals world wide millions of dollars, not to mention the personal stress suffered for many.

      This was an intentional criminal act. If 70% of virus infections for 2004 are his responsibility, then 70% of his life should be taken. Anyone with the intelligence to do this kind of damage knows right from wrong regardless of age.

      I feel 20 years without parole, to life, would be JUST. In his case life!

      • #2708436

        Or Perhaps

        by hal 9000 ·

        In reply to 20 to life

        This person should be recruited by the writers of the software affected to plug their holes. If he was really responsible for 70% of the infections in 2004 a brain like that would be wasted in jail or refused access to a computer.

        While I’d make the little “SOB” work his guts out I would at least have him doing constructive work rather than being another drain on the community that he has so badly affected.

        After all wouldn’t you like people like him on your side rather than being on the other side constantly finding ways to attack our systems?

        Col

        • #2708527

          Help from Him, no thanks

          by nostaff ·

          In reply to Or Perhaps

          I equate giving this kid a high paying job to paying a murderer for his life story for a movie! First, jail time and then 75% of all of his future earnings to a new fund to re-imburse companies for expenses related to battling these morally irresponsible criminals.

          I’m sick of people who want to forgive inexcusable behavior because it’s really someone elses fault. You contribute to the problem by forgiving the crime without punishment.

        • #2712679

          But if it wasn’t for people like this

          by hal 9000 ·

          In reply to Help from Him, no thanks

          What work would we have to do?

          Sure we could run defrag on all our servers daily but I already have scripts to automatically perform these utilities.

          Exactly what would be left for us to really do other than the constant trial of trying to prevent users loading software that isn’t authorized on their workstations.

          Come on it would be a very boring time if that was all we had to do. After all this person hasn’t done anything more than expose existing weaknesses in the systems that we are always trying to keep secure and if it was only one example that he was accused of you would may be be correct but if he really was responsible for 70% of all virus attacks is it right to waste him in such a position.

          I once pulled a 16 year old out of jail for breaking into what was supposed to be a very secure network and downloading a file on a Commodore Vic 20. He managed to break in over 16,000 times on a monitored line without being detected. The only way he was caught was he used what he had downloaded as a science project and it was published in a school newspaper other wise no one would have been any the wiser and that was something that was not acceptable to me or my department.

          Col

    • #2705503

      Public Flogging

      by montgomery gator ·

      In reply to Appropriate punishment for Netsky author

      Virus writers should be taken to the square and flogged in public. After they heal up, give them the Abu Ghraib treatment. Then bury them in fire ant mounds for a day. After healing up from that, send them to Devil’s Island in French Guiana (reopen the prison just for them), for about 20 years.

    • #2708016

      Jaschan hired by security firm

      by Bill Detwiler ·

      In reply to Appropriate punishment for Netsky author

      German firewall company Securepoint has hired Sven Jaschan, the 18-year-old who is thought to be behind the Netsky virus and is currently awaiting trial for writing the Sasser worm, as a full-time trainee programmer.

      Read the whole story:
      http://www.virusthreatcenter.com/article.aspx?articleId=4

      Read Securepoint’s defense of the offer:
      http://www.virusthreatcenter.com/article.aspx?articleId=1

      Would you give Jaschan a second chance within your organization?

      • #2707935

        If he was actually responsible for everything

        by hal 9000 ·

        In reply to Jaschan hired by security firm

        He has been accused of I would in a heart beat. As anything less is nothing more than a waste of a very valuable resource. But by the same token I would have him under some very tight controls as well.

        Col

    • #3312781

      NEW WAY TO GET A JOB

      by aaron a baker ·

      In reply to Appropriate punishment for Netsky author

      Didn’t you know?.It’s all the Rage. Thanks to Amoral Firms that hire [In effect reward] this scum for writing and causing all of the damage.It has become the new thing to do in an ever increasing world of too many Techs, not enough Jobs.So, Warped Logic dictates that the ones who can write these little bits of genius are naturally the ones who will be considered first as they have proven themselves already capable.SCREWED UP THINKING Huh? But this is exactly what has happened and it’s thanks to these “Security Firms” who obviously have no real integrity or regard for how their actions affect others. I get virus attempts on a daily basis from various [ @edu ] addresses.Why? WHo am I?”Nobody”,so why attack me? To impress these idiot firms who reward this vermin with jobs.
      That’s the same as saying, “You screwed us up,caused a lot of inconvenience and damage, not to mention vasts money wasted in repairing your dirty little handy work, WELL DONE,WE WANT YOU” To me that says everyting about the level of integrity in these firms and it is they, who should be treated as they deserve.Once the word get’s out that they have hired a virus writer, they should be Dumped on the grounds of having failed to live up to thier commitment High Standard Security. After all,how Secure are you when the firm you deal with has has virus writers on staff? Makes you feel real secure and cushy Huh?
      I wouldn’t touch a virus writer with a ten foot pole and the same would apply to the firms that hire them.I would immediately have my lawyers Enact a Breach of Peace clause {My Peace and Trust in them} and dump them. Who knows, maybe lawsuits should be considered. One thing remains the same, regardless of the “Reasons” there is “No Excuse” for hiring something as scurilous and vile, as a virus writer.All the @edu’s notwhitstanding.
      None whatever.
      My apologies for the lenght.
      Thank you for your attention.
      AaB

      • #3312665

        Now I understand your reasoning

        by hal 9000 ·

        In reply to NEW WAY TO GET A JOB

        Instead of controlling the really good ones and place them in a position where they have to fight these little nasties you think it is better to leave them out in the cold where they can share their knowledge so eventually together with others they write a “Super Virus” that trashes everything before it can be detected and destroys the hardware as well.

        I can really understand your reasoning we really need these people together out of control don’t we?

        Sorry I forgot we already have them that way in a company called Microsoft!

        Col

        • #3345013

          Obviously your way is better

          by aaron a baker ·

          In reply to Now I understand your reasoning

          Your Right. Let’s reward these creeps with jobs on the basis of “Keeping them under Control” Yup.Works for me. “I feel safer already”, knowing that this kind of thinking is exactly what got us into this mess in the first place. After Five years in jail, This guys will have a job for the rest of his life.Sounds like a plan.Now back to reality, no Matter which way you cut it, the Only way is to meet these creeps head-on and give them hard Jail, this also would assure that we’re safe “yes?” and it would go a much longer way if the Security people avoided them like the plague that they are. The end result would be that there would be no point anymore, nobody rewards anynmore and if you get caught , a huge chunk of your life is wasted away. This is the inevitable eventual thinking, not what we have now. Secure Point deseves to be dumped. If they have no problem hiring this guy, all the Saintly excuses notwhistanding, they are no longer be trustworthy. Same as thier word has come to mean very little now, just like thier integirty right. So yes by all means,let’s placate this scum and in the process encourage more up and cummings to attacks in even greater number just to get noticed by unscrupulous firms who Dare pass themselves off as Firms of Integrity.
          Let’s just do that, and then we can create careers based on doing nothing but playing hide and seek with this vermin. Sorry I can’t go there. I worked too hard and long to have anyting but utter contempt for the likes of these guys and even more for the firms who hire and reward them.
          Not with you on this one, sorry.
          Aaron A Baker

    • #3312626

      Hang him by his feet and feed him…

      by wordworker ·

      In reply to Appropriate punishment for Netsky author

      …chocolate oatmeal Ex-Lax laced cookies for a week.

      Seriously he should be barred from ever touching a computer the rest of his life. He should be forced to serve food in homeless shelters, mop the floors in hospital wards, and do public service the rest of his natural life. There is no way he can ever fully compensate the many victims of his criminal activity, so let him pay his penance on a daily basis, helping others.

Viewing 7 reply threads