| title |
|---|
The Hackers |
Paras Jha, Josiah White, Dalton Norman - Mirai
One of the most publicly discussed security incidents of recent years is Mirai. This worm used vulnerabilities in devices like networked cameras rather than traditional computer systems, and gave its controllers the pwoer to send enormous amounts of traffic to target sites. The amount of traffic was enough to take down web servers in what is known as a "denial of service attack", or DOS.
Interestingly, the vulnerabilities were not too complex and mostly involved knowing certain manufacturers used default passwords and usernames for their devices.
The three creators initially wanted to use the worm to cause problems for their opponents in minecraft, but ended up creating something that took down websites, knocked hundreds of thousands of people off-line and cost various people large sums of money with an estimated total of around $100,000,000.
The creators were fined $127,000. This was considered by many to be a very low fine, but takes into account the creators' willingness to assist the FBI. Since their arrest, they have spend around 1,000 hours of unpaid time assisting the FBI.
https://www.wired.com/story/mirai-botnet-minecraft-scam-brought-down-the-internet/
Hamza Bendelladj, AKA Bx1 - SpyEye
Hamza is also thought to have cost the world public around $100,000,000 through his exploits. Known as Bx1, Hamza engaged in stealing money electronically from bank accounts using the SpyEye trojan he created. The same software was also used by may other hackers, leading to estimates of up to $1bn in losses due to the tool.
It appears the money Hamza stole was donated to Palestinian and African charities.
Hamza, an Algerian, was prosecuted in the USA and sentenced to 15 years imprisonment.
Lewys Martin, AKA sl1nk
Lewys Martin, who referred to himself as "sl1nk" was given two years in prison for causing disruption to local police force servers and web servers at Oxford and Cambridge universities. He caused around half an hour of down-time for one server, slow running over a number of days and used up around 35 days of police time.
The judge said that "the sentence passed must reflect society’s distaste for this type of crime."
https://www.kentonline.co.uk/deal/news/computer-hacker-jailed-860/
Activity
Read the articles linked above and decide if you think the sentencing in each case is equitable considering the crime committed. You might like to consider sentencing of other crimes and decide if you feel any of the above were harsh or lenient in comparison.
In the case of Lewys Martin, the investigating officer went on record to say that "cyber attacks are a nuisance and cause aggravation as well as costs to countless private and public organisations up and down the country. Most websites have systems in place to prevent them being compromised, and none of those attacked in these instances suffered any more than a temporary disruption. However, those who try to carry out these attacks will be traced and brought before the courts, like Martin, to face the consequence of their actions."
Now consider the numbers of convictions in the UK under the Computer Misuse Act, which can be found here: https://www.gov.uk/government/publications/foi-releases-for-april-2017
The condensed version is below, and shows that although 2013 saw a total of 13 guilty verdicts, the average is less than 7 between 2010 and 2015.
| Region | 2010 | 2011 | 2012 | 2013 | 2014 | 2015 |
|---|---|---|---|---|---|---|
| Guilty Verdicts | 9 | 5 | 3 | 13 | 4 | 5 |
Contrast this with estimates of yearly losses in the UK of £11bn (https://www.financierworldwide.com/cyber-crime-in-the-uk-is-it-is-bad-as-they-say-or-worse). Do you think the UK is adequately prepared for the current and future levels of cyber crime?