Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Database Security
Authentication
Mobile
Privacy
Compliance
Careers and People
Identity & Access Management
Security Monitoring
Advanced Threats
Insider Threats
Vulnerability Management
Comments
Should LulzSec Suspect Face Life In Prison?
Oldest First  |  Newest First  |  Threaded View
UberGoober
UberGoober,
 User Rank: Apprentice
11/30/2012 | 6:25:50 PM
re: Should LulzSec Suspect Face Life In Prison?
These jerks should have punishment commensurate with their crimes, and the costs to society caused by morons like this are astronomical. Punish them severely, and perhaps a few less will think its worth the risk. If you can't do the time, don't do the crime, as the old saying goes.

BTW, if AnonymousRC wants rapists and child molesters to be be punished more severely than hackers, I'm 100% OK with that too, but the solution is to increase their punishment rather than decrease the punishment of hackers.
Bryan K
Bryan K,
 User Rank: Apprentice
11/30/2012 | 6:35:18 PM
re: Should LulzSec Suspect Face Life In Prison?
Lock the subhuman bastard up and throw away the key! Death to hackers!
rjones2818
rjones2818,
 User Rank: Strategist
11/30/2012 | 6:56:24 PM
re: Should LulzSec Suspect Face Life In Prison?
If the hacker's convicted, he should be sentenced to whatever the general going sentence is. It's just a shame that the IT people who weren't able to protect their online assets can't be tried and convicted as well.
MyW0r1d
MyW0r1d,
 User Rank: Apprentice
11/30/2012 | 10:14:40 PM
re: Should LulzSec Suspect Face Life In Prison?
The article indicates 30 to life as the maximum but fails to give the minimums he may be subject to. Other examples cited shows that the maximum will clearly be unlikely. And rather than comparing apples to oranges what was the day trader for the French bank that lost $7 billion, the Madoff ponzi scheme, or the UBS and Goldman Sachs losses of $2.2 billion each? These would seem to fit better than comparisons against rape, child molestation, murders, etc. I'm not a lawyer so tell us if these are offences for which concurrent sentences are the norm. The ill gotten gain needs to be striped, but the crime itself, well big business makes its profits exploiting weaknesses in competitors and in vague laws. Give him a sentence commensurate with others for the same offenses (if guilt is confirmed) and hope he will direct his talents more constructively in the future. Preska is most likely hoping for this result.
macker490
macker490,
 User Rank: Ninja
12/3/2012 | 11:44:13 AM
re: Should LulzSec Suspect Face Life In Prison?
hacking is a serious problem . but the larger problem is the insecure software that facilitates hacking . i would put him on probation with the terms being that he has to teach hacking at our universities . classes for students and practical demonstrations for professors and staff in what vulnerabilities are and how to build protection .

we generally agree that hack proof systems are going to be hard to build . but at the same time we observe the truth in this classic comment :

"Security is a function of the resources your adversary is willing to commit," said Julian Sanchez, an attorney with the Cato Institute in Washington, D.C.

perhaps we can't eliminate hacking but we should be able to reduce it to the point where it isn't a concern for those of us who choose to use the proper tools . if you think about this it is a critical sea change for us . corporations are pushing hard for e/commerce . without basic computer security all that e/commerce will do is exacerbate the hacking problem .

before you roast me here remember : hacking and hacking tools are sold on the "dark net" by the bad guys . only a fool refuses elightenment .
Mathew
Mathew,
 User Rank: Apprentice
12/3/2012 | 4:15:08 PM
re: Should LulzSec Suspect Face Life In Prison?
Interesting questions. So, there isn't any minimum sentence associated with these particular types of charges, and to be honest, the current norms are "it depends." If Hammond's case goes to trial, and a jury finds him guilty on one or more of the counts, at sentencing the judge could be lenient, or the judge could decide to set an example. The related sentencing guidelines are only guidelines.
Andrew Hornback
Andrew Hornback,
 User Rank: Apprentice
12/11/2012 | 3:55:34 AM
re: Should LulzSec Suspect Face Life In Prison?
Someone, somewhere (referring to the judges) has to make an example out of a guy like this. Period.

What happens if you attack an Arizona DPS brick and mortar office? Wouldn't it be reasonable to apply the same sort of sentencing guidelines here?

What happens if you steal a corporate credit card number, without the use of a computer, and run up nearly 3/4ths of a million dollars in charges? Wouldn't it make sense for the same sentencing guidelines to apply here?

If you're smart enough to run a computer and perform these kinds of acts, I believe you're smart enough to know the difference between right and wrong. That said, this guy should spend the better part of his remaining natural born life in Leavenworth turning large rocks into small rocks, 16 hours a day, period.

Andrew Hornback
InformationWeek Contributor
jaysimmons
jaysimmons,
 User Rank: Apprentice
12/31/2012 | 8:29:16 AM
re: Should LulzSec Suspect Face Life In Prison?
Generally hackers are given a few years in prison, and then when released go into consulting where they do very similar to what you suggested. That being said, I believe more focus should be put on how he was able to carry out the attacks rather than who hacked the systems. If the FBI really wants to crack down on hacking, they need to be more fair with their punishments. The leader (Sabu/Hector Xavier Monsegur. Monsegur) has already been released after serving just a few months in prison. Sure he cooperated with authorities, but you shouldn't serve such a small punishment for someone that arguably has done more damage and then a 30 year penalty to someone simply because they hit a company with the proper connections.

Jay Simmons
Information Week Contributor
StygianAgenda
StygianAgenda,
 User Rank: Strategist
1/2/2013 | 9:37:38 PM
re: Should LulzSec Suspect Face Life In Prison?
From the perspective of an Ethical Hacker, employed currently by the government, I have mixed feelings about this.

While I believe that this is a total misuse of intelligence, to call any hacker a moron is to invite an avalanche of cyber-attacks. Most *real* hackers (not script kiddies) are extremely intelligent people, although often more than just a bit anti-social.

My personal issue with this sort of activity is the harm it causes to others beyond the target, such as theft of credit card numbers that result in individual lives being affected due to ruined credit and all the nastiness that comes with that.

On the flip-side of this, I also feel that in this day and age of cyber-warfare, the rise of the surveillance-state, the loss of personal liberties (that were really privileges, not rights), and the intrusiveness of state-actors in the ongoing (so-called) war on terror... hacking skills are tantamount to survival skills in some ways... basically an evolution of self protection. But, that's where it all falls down because most of the people that have the skills that in turn use those skills to commit crimes are more often than not, doing so for personal gain (financial, glory, or what-have-you).

More often than not, law enforcement tends to handle hackers like they are mass-murderers, until it gets around to sentencing, and the perpetrator serving out their sentence... since these people are generally non-violent offenders, they tend to do less actual time than their sentence implies. But, the social effect carries over to the public mindset, effectively bringing out types like "OldUberGoober" (go figure) that are practically screaming "Burn the heretic!". The witch-hunt mentality at its finest.

So, no... I don't believe any hacker should face life imprisonment, unless their activities cause actual loss of life. Now... apply that to the creators of StuxNet, or any other government sponsored cyber warfare suite designed to cripple enemy infrastructure. Do you think that those employees or contractors at the NSA, CIA, and MOSAD deserve life imprisonment for creating those tools? What if those tools save millions of lives due to crippling a very anti-social regime's nuclear program? How is that any different than someone who is disenfranchised and oppressed, using the same types of tools and attacks to infiltrate what they perceive as their enemy? What? Is the common man any less important than the imposed government that oppresses him? No... while I don't believe we should give these people a pat on the back, or a slap on the wrists, I don't think we should treat their crimes along the same lines that we use for prosecuting physical world crimes. Unfortunately, this tit-for-tat warfare only serves the purposes of those who would oppress everyone's freedoms that much farther, because it gives justification for more and more draconian laws to be passed.

"Naturally, the common people don't want war, but they can always be brought to the bidding of the leaders. Tell them they are being attacked, and denounce the pacifist for lack of patriotism and endangering the country. It works the same in every country." - Herman Goering, Hitler's Reichsmarschall at the Nuremberg Trials


Edge-DRsplash-10-edge-articles
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
News
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
Commentary
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Everything You Need to Know About DNS Attacks
It's important to understand DNS, potential attacks against it, and the tools and techniques required to defend DNS infrastructure. This report answers all the questions you were afraid to ask. Domain Name Service (DNS) is a critical part of any organization's digital infrastructure, but it's also one of the least understood. DNS is designed to be invisible to business professionals, IT stakeholders, and many security professionals, but DNS's threat surface is large and widely targeted. Attackers are causing a great deal of damage with an array of attacks such as denial of service, DNS cache poisoning, DNS hijackin, DNS tunneling, and DNS dangling. They are using DNS infrastructure to take control of inbound and outbound communications and preventing users from accessing the applications they are looking for. To stop attacks on DNS, security teams need to shore up the organization's security hygiene around DNS infrastructure, implement controls such as DNSSEC, and monitor DNS traffic
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2023-33196
PUBLISHED: 2023-05-26
Craft is a CMS for creating custom digital experiences. Cross site scripting (XSS) can be triggered by review volumes. This issue has been fixed in version 4.4.7.
CVE-2023-33185
PUBLISHED: 2023-05-26
Django-SES is a drop-in mail backend for Django. The django_ses library implements a mail backend for Django using AWS Simple Email Service. The library exports the `SESEventWebhookView class` intended to receive signed requests from AWS to handle email bounces, subscriptions, etc. These requests ar...
CVE-2023-33187
PUBLISHED: 2023-05-26
Highlight is an open source, full-stack monitoring platform. Highlight may record passwords on customer deployments when a password html input is switched to `type="text"` via a javascript "Show Password" button. This differs from the expected behavior which always obfuscates `ty...
CVE-2023-33194
PUBLISHED: 2023-05-26
Craft is a CMS for creating custom digital experiences on the web.The platform does not filter input and encode output in Quick Post validation error message, which can deliver an XSS payload. Old CVE fixed the XSS in label HTML but didn’t fix it when clicking save. This issue was...
CVE-2023-2879
PUBLISHED: 2023-05-26
GDSDB infinite loop in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3.6.13 allows denial of service via packet injection or crafted capture file