Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Comments
Should LulzSec Suspect Face Life In Prison?
Newest First  |  Oldest First  |  Threaded View
StygianAgenda
100%
0%
StygianAgenda,
User Rank: Strategist
1/2/2013 | 9:37:38 PM
re: Should LulzSec Suspect Face Life In Prison?
From the perspective of an Ethical Hacker, employed currently by the government, I have mixed feelings about this.

While I believe that this is a total misuse of intelligence, to call any hacker a moron is to invite an avalanche of cyber-attacks. Most *real* hackers (not script kiddies) are extremely intelligent people, although often more than just a bit anti-social.

My personal issue with this sort of activity is the harm it causes to others beyond the target, such as theft of credit card numbers that result in individual lives being affected due to ruined credit and all the nastiness that comes with that.

On the flip-side of this, I also feel that in this day and age of cyber-warfare, the rise of the surveillance-state, the loss of personal liberties (that were really privileges, not rights), and the intrusiveness of state-actors in the ongoing (so-called) war on terror... hacking skills are tantamount to survival skills in some ways... basically an evolution of self protection. But, that's where it all falls down because most of the people that have the skills that in turn use those skills to commit crimes are more often than not, doing so for personal gain (financial, glory, or what-have-you).

More often than not, law enforcement tends to handle hackers like they are mass-murderers, until it gets around to sentencing, and the perpetrator serving out their sentence... since these people are generally non-violent offenders, they tend to do less actual time than their sentence implies. But, the social effect carries over to the public mindset, effectively bringing out types like "OldUberGoober" (go figure) that are practically screaming "Burn the heretic!". The witch-hunt mentality at its finest.

So, no... I don't believe any hacker should face life imprisonment, unless their activities cause actual loss of life. Now... apply that to the creators of StuxNet, or any other government sponsored cyber warfare suite designed to cripple enemy infrastructure. Do you think that those employees or contractors at the NSA, CIA, and MOSAD deserve life imprisonment for creating those tools? What if those tools save millions of lives due to crippling a very anti-social regime's nuclear program? How is that any different than someone who is disenfranchised and oppressed, using the same types of tools and attacks to infiltrate what they perceive as their enemy? What? Is the common man any less important than the imposed government that oppresses him? No... while I don't believe we should give these people a pat on the back, or a slap on the wrists, I don't think we should treat their crimes along the same lines that we use for prosecuting physical world crimes. Unfortunately, this tit-for-tat warfare only serves the purposes of those who would oppress everyone's freedoms that much farther, because it gives justification for more and more draconian laws to be passed.

"Naturally, the common people don't want war, but they can always be brought to the bidding of the leaders. Tell them they are being attacked, and denounce the pacifist for lack of patriotism and endangering the country. It works the same in every country." - Herman Goering, Hitler's Reichsmarschall at the Nuremberg Trials
jaysimmons
50%
50%
jaysimmons,
User Rank: Apprentice
12/31/2012 | 8:29:16 AM
re: Should LulzSec Suspect Face Life In Prison?
Generally hackers are given a few years in prison, and then when released go into consulting where they do very similar to what you suggested. That being said, I believe more focus should be put on how he was able to carry out the attacks rather than who hacked the systems. If the FBI really wants to crack down on hacking, they need to be more fair with their punishments. The leader (Sabu/Hector Xavier Monsegur. Monsegur) has already been released after serving just a few months in prison. Sure he cooperated with authorities, but you shouldn't serve such a small punishment for someone that arguably has done more damage and then a 30 year penalty to someone simply because they hit a company with the proper connections.

Jay Simmons
Information Week Contributor
Andrew Hornback
50%
50%
Andrew Hornback,
User Rank: Apprentice
12/11/2012 | 3:55:34 AM
re: Should LulzSec Suspect Face Life In Prison?
Someone, somewhere (referring to the judges) has to make an example out of a guy like this. Period.

What happens if you attack an Arizona DPS brick and mortar office? Wouldn't it be reasonable to apply the same sort of sentencing guidelines here?

What happens if you steal a corporate credit card number, without the use of a computer, and run up nearly 3/4ths of a million dollars in charges? Wouldn't it make sense for the same sentencing guidelines to apply here?

If you're smart enough to run a computer and perform these kinds of acts, I believe you're smart enough to know the difference between right and wrong. That said, this guy should spend the better part of his remaining natural born life in Leavenworth turning large rocks into small rocks, 16 hours a day, period.

Andrew Hornback
InformationWeek Contributor
Mathew
50%
50%
Mathew,
User Rank: Apprentice
12/3/2012 | 4:15:08 PM
re: Should LulzSec Suspect Face Life In Prison?
Interesting questions. So, there isn't any minimum sentence associated with these particular types of charges, and to be honest, the current norms are "it depends." If Hammond's case goes to trial, and a jury finds him guilty on one or more of the counts, at sentencing the judge could be lenient, or the judge could decide to set an example. The related sentencing guidelines are only guidelines.
macker490
50%
50%
macker490,
User Rank: Ninja
12/3/2012 | 11:44:13 AM
re: Should LulzSec Suspect Face Life In Prison?
hacking is a serious problem . but the larger problem is the insecure software that facilitates hacking . i would put him on probation with the terms being that he has to teach hacking at our universities . classes for students and practical demonstrations for professors and staff in what vulnerabilities are and how to build protection .

we generally agree that hack proof systems are going to be hard to build . but at the same time we observe the truth in this classic comment :

"Security is a function of the resources your adversary is willing to commit," said Julian Sanchez, an attorney with the Cato Institute in Washington, D.C.

perhaps we can't eliminate hacking but we should be able to reduce it to the point where it isn't a concern for those of us who choose to use the proper tools . if you think about this it is a critical sea change for us . corporations are pushing hard for e/commerce . without basic computer security all that e/commerce will do is exacerbate the hacking problem .

before you roast me here remember : hacking and hacking tools are sold on the "dark net" by the bad guys . only a fool refuses elightenment .
MyW0r1d
50%
50%
MyW0r1d,
User Rank: Apprentice
11/30/2012 | 10:14:40 PM
re: Should LulzSec Suspect Face Life In Prison?
The article indicates 30 to life as the maximum but fails to give the minimums he may be subject to. Other examples cited shows that the maximum will clearly be unlikely. And rather than comparing apples to oranges what was the day trader for the French bank that lost $7 billion, the Madoff ponzi scheme, or the UBS and Goldman Sachs losses of $2.2 billion each? These would seem to fit better than comparisons against rape, child molestation, murders, etc. I'm not a lawyer so tell us if these are offences for which concurrent sentences are the norm. The ill gotten gain needs to be striped, but the crime itself, well big business makes its profits exploiting weaknesses in competitors and in vague laws. Give him a sentence commensurate with others for the same offenses (if guilt is confirmed) and hope he will direct his talents more constructively in the future. Preska is most likely hoping for this result.
rjones2818
50%
50%
rjones2818,
User Rank: Strategist
11/30/2012 | 6:56:24 PM
re: Should LulzSec Suspect Face Life In Prison?
If the hacker's convicted, he should be sentenced to whatever the general going sentence is. It's just a shame that the IT people who weren't able to protect their online assets can't be tried and convicted as well.
Bryan K
50%
50%
Bryan K,
User Rank: Apprentice
11/30/2012 | 6:35:18 PM
re: Should LulzSec Suspect Face Life In Prison?
Lock the subhuman bastard up and throw away the key! Death to hackers!
UberGoober
50%
50%
UberGoober,
User Rank: Apprentice
11/30/2012 | 6:25:50 PM
re: Should LulzSec Suspect Face Life In Prison?
These jerks should have punishment commensurate with their crimes, and the costs to society caused by morons like this are astronomical. Punish them severely, and perhaps a few less will think its worth the risk. If you can't do the time, don't do the crime, as the old saying goes.

BTW, if AnonymousRC wants rapists and child molesters to be be punished more severely than hackers, I'm 100% OK with that too, but the solution is to increase their punishment rather than decrease the punishment of hackers.


COVID-19: Latest Security News & Commentary
Dark Reading Staff 8/10/2020
Researcher Finds New Office Macro Attacks for MacOS
Curtis Franklin Jr., Senior Editor at Dark Reading,  8/7/2020
Hacking It as a CISO: Advice for Security Leadership
Kelly Sheridan, Staff Editor, Dark Reading,  8/10/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
Special Report: Computing's New Normal, a Dark Reading Perspective
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
The Changing Face of Threat Intelligence
The Changing Face of Threat Intelligence
This special report takes a look at how enterprises are using threat intelligence, as well as emerging best practices for integrating threat intel into security operations and incident response. Download it today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-15596
PUBLISHED: 2020-08-12
The ALPS ALPINE touchpad driver before 8.2206.1717.634, as used on various Dell, HP, and Lenovo laptops, allows attackers to conduct Path Disclosure attacks via a "fake" DLL file.
CVE-2020-15868
PUBLISHED: 2020-08-12
Sonatype Nexus Repository Manager OSS/Pro before 3.26.0 has Incorrect Access Control.
CVE-2020-17362
PUBLISHED: 2020-08-12
search.php in the Nova Lite theme before 1.3.9 for WordPress allows Reflected XSS.
CVE-2020-17449
PUBLISHED: 2020-08-12
PHP-Fusion 9.03 allows XSS via the error_log file.
CVE-2020-17450
PUBLISHED: 2020-08-12
PHP-Fusion 9.03 allows XSS on the preview page.