LulzSec Curb-Stomped

Quote:

---

Originally Posted by CountArach

...the five or six guys who won't be suceptible to your fear tactics are the ones who are going to do your (again hyperbolic) billions of dollars of damage.

---

Better five or six than fifty or sixty.

Quote:

---

Originally Posted by rvg

Better five or six than fifty or sixty.

---

The numbers were just examples - the people with these talents are going to find outlets for them. You aren't goin to deter the people who you actually want to deter, instead you are going to deter the people who just want to poke around a file system of their work intranet or something equivalent that is utterly harmless.

Quote:

---

Originally Posted by rvg

Which makes it even more important to punish to the max those whom we do catch. Fear is a great prevention mechanism: it won't stop the crime entirely, but it will prevent countless would-be-criminals from ever acting on their urges.

---

It's never prevented crime before even for capital offences, I doubt it would work this time either.

These are mostly young often immature and sometimes even minors we should be helping them rvg, if we can get them to see that what they did is wrong there on a good road. They are young enough and smart enough that they can be turned around and made help society instead of causing these nuisances.

Quote:

---

Originally Posted by CountArach

...instead you are going to deter the people who just want to poke around a file system of their work intranet or something equivalent that is utterly harmless.

---

And that is exactly what I'm after: crush them in their infancy. Many criminals started with harmless "poking around".

Quote:

---

Originally Posted by rvg

And that is exactly what I'm after: crush them in their infancy. Many criminals started with harmless "poking around".

---

And you said it yourself, it isn't going to stamp it out. These people enjoy the rush of accessing things that they aren't supposed to and that is going to overwrite whatever minimal fear comes from a handful of people being caught. Because that is what it comes down to - "They slipped up and were caught. But I'll be more careful, I'll be fine. That sort of stuff just doesn't happen to people like me."

Quote:

---

Originally Posted by rvg

And that is exactly what I'm after: crush them in their infancy. Many criminals started with harmless "poking around".

---

This is daft RVG it will never work in the slightest, these young people do not actually believe what they did was wrong. They use the same lines we all use for Pirate Bay and free downloading etc etc, however unlike some ghetto/council estate punk with a bit of work it would be easy turn these lads around.

Quote:

---

Originally Posted by rvg

And that is exactly what I'm after: crush them in their infancy. Many criminals started with harmless "poking around".

---

And after you've killed off all curiosity in children, I imagine you'll import a load of Korean and Indian IT specialists to do the high tech jobs?

~:smoking:

Quote:

---

Originally Posted by CountArach

And you said it yourself, it isn't going to stamp it out. These people enjoy the rush of accessing things that they aren't supposed to and that is going to overwrite whatever minimal fear comes from a handful of people being caught. Because that is what it comes down to - "They slipped up and were caught. But I'll be more careful, I'll be fine. That sort of stuff just doesn't happen to people like me."

---

Just because we can't catch and punish everyone doesn't mean that we should stop adequately punishing those whom we do catch. Singapore has the right idea with executing drug traffickers.

Quote:

---

Originally Posted by rory_20_uk

Are we going to apply the same logic to politicians and bankers? I realise that for them, billions is on the low side.

~:smoking:

---

If these child hackers can provide a benefit to society than yes. They don't produce anything or provide any service.

Quote:

---

Originally Posted by gaelic cowboy

...these young people do not actually believe what they did was wrong...

---

Doing a couple of decades in the clink will correct that.

Quote:

---

Originally Posted by rory_20_uk

And after you've killed off all curiosity in children, I imagine you'll import a load of Korean and Indian IT specialists to do the high tech jobs?

---

Sure, why not? They tend to have exemplary work ethic.

someone please show me where these lost billions are

Quote:

---

Originally Posted by Strike For The South

someone please show me where these lost billions are

---

Nobody can find them. That's why they're lost. :shrug:

Quote:

---

Originally Posted by Strike For The South

someone please show me where these lost billions are

---

Revenue losses.

Europe's youngest app designer expelled after hacking school computer system

I suppose going by previous statements in this thread this wee 14yr old ladeen should get 20yrs in Wakefield in order to crush his obvious evil hacking tendencies.

Quote:

---

Originally Posted by rvg

Revenue losses.

---

Those etheric losses that are based mainly on conjecture - if a 14 year old has a copy of Adobe Photoshop CS4, Adobe views themselves as having "lost" c. £1000 to piracy. The "logic" is that if he'd not downloaded it he'd have gone and purchased a copy, not he'd have downloaded the GIMP.

~:smoking:

Quote:

---

Originally Posted by gaelic cowboy

I suppose going by previous statements in this thread this wee 14yr old ladeen should get 20yrs in Wakefield in order to crush his obvious evil hacking tendencies.

---

Hell yeah. Perhaps not 20 years since no monetary damage was done, but a punishment is definitely needed.

Quote:

---

Originally Posted by rory_20_uk

Those etheric losses that are based mainly on conjecture - if a 14 year old has a copy of Adobe Photoshop CS4, Adobe views themselves as having "lost" c. £1000 to piracy. The "logic" is that if he'd not downloaded it he'd have gone and purchased a copy, not he'd have downloaded the GIMP.

~:smoking:

---

No, the losses come from the fact that the targeted companies had their business disrupted.

Quote:

---

Originally Posted by gaelic cowboy

I would still prefer we got summit good out of it, makie them do some good with maybe a year in an open prison just to drive it home.

In this day and age banning them from using a or owning a pc is probably not sustainable, the lines have blured so much lately on what is a pc it's probably not enforceable.

---

I don't see why they can't be banned from owning a PC and at the same time made to work for special branch. The thing these hackers value most is their online reputation, their real life anonymity and their freedom from authority.

So, take away their PC's, make them work for the government and release regular reports to the press praising their role in combating cyber crime.

Either they'll reform, or they'll be in living hell - depending on what kind of person they are.

Quote:

---

Originally Posted by rory_20_uk

Are we going to apply the same logic to politicians and bankers? I realise that for them, billions is on the low side.

~:smoking:

---

Not quite. You see it's alright if you actually cause billions of damage. Then you're just a Neocon/job creator. If you don't actually cause any noteworthy monetary damage at all, you're an anarchist and must be locked away for life.

Seriously though, what's the point of sentencing someone to XX years in the slammer for the digital equivalent of "redecorating" the exterior of your shed?

Quote:

---

Originally Posted by Gelatinous Cube

one of them out-smarts his captors and sets back cyber-security in an epic fashion.

---

Well not so much a set back in terms of (poor) security as a really big heist: Gonzalez.

Quote:

---

Originally Posted by rvg

No, the losses come from the fact that the targeted companies had their business disrupted.

---

Business risk, says I. Should've applied proper configs, shouldn't they?

If the power grid goes down and your company suffers from the "disruption" then that's your problem, too. Should own a couple of 10kVAC diesels if you can't have that. Again, business risk.

Quote:

---

Originally Posted by Tellos Athenaios

Business risk, says I. Should've applied proper configs, shouldn't they?

If the power grid goes down and your company suffers from the "disruption" then that's your problem, too. Should own a couple of 10kVAC diesels if you can't have that. Again, business risk.

---

It does not excuse the hackers. A crime is a crime.

Quote:

---

Originally Posted by rvg

It does not excuse the hackers. A crime is a crime.

---

Yes, it is.

You were saying something about lost billions?

Quote:

---

Originally Posted by Gelatinous Cube

lol, that'll work right up until one of them out-smarts his captors and sets back cyber-security in an epic fashion.

---

Oh really? Then why does the FBI do just this with juvanile Fraudsters, a la "Catch me if you can".

Quote:

---

These folks fall into two kinds of camps: People with no grasp on responsibility and a desire to cause trouble, and people following an ideal zealously. The former is no good to anyone, and the latter can only be dealt with harshly (not because their ideal is no good, but because they knew the consequences of going against the law and it is the only fair outcome). Neither one is suitable for government work.

---

Your first group describes every teenager at some point or another. Think about it, you are looking at maladjusted juvaniles, probably with no social life outside the internet. You take them, you bring them in to the organisation, give them a career path and you send them after the dark net.

Nothing's going to put a hacker off fighting big corporations or governments by having the government send them after kiddy fiddlers and serial rapists.

Man wants a mission? Give him a mission.

Quote:

---

Originally Posted by Tellos Athenaios

Yes, it is.

You were saying something about lost billions?

---

No, it does not. They caused the loss of money. If it was my money I'd flay them alive.

Quote:

---

Originally Posted by rvg

No, it does not. They caused the loss of money. If it was my money I'd flay them alive.

---

I believe the expression is "what is this I don't even". I'm not sure what you're understanding of DDOS or site defacement entails, but in my mind this is roughly in the order of (a) "Knock, Knock, Ginger" and (b) vandalism. Naughty, yes, out of bounds, yes, monstrously evil causing billions worth of "damages"? In your dreams.

Now this is quite distinct from leaking login details/credit card details and so on. That's simply not on, whichever way you look at it. However, the simple fact that they were even able to access those details constitutes a failure on the part of the business owners towards their customers. This may not be entirely obvious in the land of whish-it-was-two factor authentication, but the security of your customer's sensitive data is your responsibility and you don't get to play the poor victim card when everything goes to hell in a handbasket on account of shoddy security practices. I mean, SQL injections in 2012... So what about the perps then: tresspass & theft, and that's it. Add identity theft/fraud in the case of social engineering; add the usual sale & receiving of stolen goods if the perpetrators tried to make money off their exploits.

Now when it comes to DDOS this is simply how the Internet works: peak loads are to be expected. (Slashdot, reddit, or customer demand.) Either you take time to set up appropriate counter measures (not that hard, well trodden path by now) or you grin and bear it.

For the record, I quite agree that just because the businesses failed to maintain or audit their sites properly doesn't grant the Lulzsec types a pass on their misdeeds. It's just that "billions of damages" is utterly preposterous and any such demands for "compensation" should be rejected on the grounds of being straight out of fantasy land.

Arguably, systemic failure to properly audit & administrate their systems is a much graver "offence"/dereliction of duty on the part of business owners towards their customers. My reasoning for this is based on notions about (lack of) professional competence. Consider it the digital equivalent of dumping chemical waste products straight into the local river rather than disposing of it properly.

Quote:

---

Originally Posted by Tellos Athenaios

I believe the expression is "what is this I don't even". I'm not sure what you're understanding of DDOS or site defacement entails, but in my mind this is roughly in the order of (a) "Knock, Knock, Ginger" and (b) vandalism. Naughty, yes, out of bounds, yes, monstrously evil causing billions worth of "damages"? In your dreams.

Now this is quite distinct from leaking login details/credit card details and so on. That's simply not on, whichever way you look at it. However, the simple fact that they were even able to access those details constitutes a failure on the part of the business owners towards their customers. This may not be entirely obvious in the land of whish-it-was-two factor authentication, but the security of your customer's sensitive data is your responsibility and you don't get to play the poor victim card when everything goes to hell in a handbasket on account of shoddy security practices. I mean, SQL injections in 2012... So what about the perps then: tresspass & theft, and that's it. Add identity theft/fraud in the case of social engineering; add the usual sale & receiving of stolen goods if the perpetrators tried to make money off their exploits.

Now when it comes to DDOS this is simply how the Internet works: peak loads are to be expected. (Slashdot, reddit, or customer demand.) Either you take time to set up appropriate counter measures (not that hard, well trodden path by now) or you grin and bear it.

For the record, I quite agree that just because the businesses failed to maintain or audit their sites properly doesn't grant the Lulzsec types a pass on their misdeeds. It's just that "billions of damages" is utterly preposterous and any such demands for "compensation" should be rejected on the grounds of being straight out of fantasy land.

Arguably, systemic failure to properly audit & administrate their systems is a much graver "offence"/dereliction of duty on the part of business owners towards their customers. My reasoning for this is based on notions about (lack of) professional competence. Consider it the digital equivalent of dumping chemical waste products straight into the local river rather than disposing of it properly.

---

I guess we'll just have to agree to disagree on this issue.

Quote:

---

Originally Posted by rvg

No, it does not. They caused the loss of money. If it was my money I'd flay them alive.

---

https://i.imgur.com/IUSQi.jpg