How should the "Blaster virus" culprit be punished?

http://www.washingtonpost.com/ac2/wp-dyn/A64925-2003Aug29?language=printer

Go to the Drudge Report website for a picture of this pathetic loser.

Me? I am sick of these wastoids. Given the fact that his little antics cost over $1 billion in damages, I say twenty years of hard time and take everything of value from him and his family. The next little nerd who thinks its "cute" to make and send computer viruses will think twice.

The punishment should fit the crime.

Therefore, the punishment should prominently feature the words "slow", "painful", "scorpions" and "Crisco".

:cuss:

Shoot him and all like him where they stand. If they for sure did it do them. There is no reason to put up with this foolishness just so they can have a little attention. How about doing something useful.

Just for clarification, the 18 year-old they caught (well, he was turned in by a few friends, but that's beside the point) was not the original author of blaster. He was the author of one of the variants, to wit, the one that would have attacked Microsoft's windowsupdate.com site if MS hadn't changed dns entries to prevent it.

Like any other property crime.

If you're gonna figure the property value for work lost due to a reboot, then Microsoft owes people billions upon billons, and the power companies owe us a lot of money as well.

The computer were not harmed. He inconvenienced a bunch of people. That's not worth much.

Also remember that he is a suspect, and innocent until proven guilty. I'm hoping that he is not some schmoe who will get railroaded so that various powerful people and TLA's will not have to publicly admit overreacting(Do you remember Richard Jewell?).

The real Blaster author should be sentenced to work Internet/computer tech support for the rest of his life, given the living heck that he has imposed on techs everywhere.

(Yes, I work ISP tech support; yes, everyone and their Aunt Edna called when Blaster infected their shiny new XP computers; yes, Micro$oft had already made a patch, but they hadn't updated. Update your Windows patches, everyone!)

Here's someone else's analysis of the situation (the full-disclosure mailing list at netsys.com if anyone's interested)
http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_MSB
LAST.B&VSect=S

Trend's stat can be off by a factor of ten or more for very small
infections. For Blaster.A, they say there were about 60,000; more likely
there were between half a million and a million. For Blaster.B, they say
there were 16; the likely total is almost definitely under a thousand.

Recent articles indicate that he was "responsible" for Blaster.C, not B
(although this had been misidentified in every article I've seen). The
executable for this was named "teekids.exe". Since his handle was teekid
and he was active in chat rooms and IRC, he must have been very
difficult to find. Trend says they detected 929 infections with
Blaster.C, so 7,000 total is probably not unrealistic. Still, it's less
than 0.1% of what Blaster.A or Nachia did, although from the press you'd
think this kid was responsible for it all.

The "virus" that was listed on his website was actually a p2p "worm"
that spread over kazaa. He claimed authorship, and had a link to the
file, which was actually located at
http://www.chaos-networks.com/staff/teekid/p2p.teekid.C.rar (it's no
longer there). Chaos Networks apparently was the hosting provider
referenced in the article.

I'm sure that the FBI would never exaggerate the extent of the damage,
in order to look like they were busting a major hacker after a difficult
investigation instead of some kid like millions of others with more time
and anger than skills.

It looks like it took the FBI 6 days to find what took 10 minutes on
Google. Let's see, executable name is teekids.exe, here's a
script-kiddie that goes by teekid, he's got a web site called
t33kid.com, the whois for the domain gives his real name and address.
Enough probable cause to get a warrant right there.
In essence, this kid's contribution to the worm problem was practically zero.

Draft him. He can serve the US with his skills.

Just for clarification, the 18 year-old they caught (well, he was turned in by a few friends, but that's beside the point) was not the original author of blaster. He was the author of one of the variants, to wit, the one that would have attacked Microsoft's windowsupdate.com site if MS hadn't changed dns entries to prevent it. It doesn't matter if it wasn't an orginal idea. He (if this is indeed him, jury of peers can decide that) released a new version of the virus on the world causing much damage.

Smashing car windows for steroes isn't original either. That doesn't mean that the second or 400,000th punk to do it should get any less punishment.

It is sabotage, plain and simple and he and other virus authors should be tried as saboteurs. Whether throwing a wooden shoe (the original sabot)into machinery or creating a PC virus it causes work to stop. Work stoppage costs money. Your poll does not have a punishment cruel enough for me.

Go to the Drudge Report website for a picture of this pathetic loser.

http://us.news1.yimg.com/us.yimg.com/p/rids/20030829/i/1062184970.2617294885.jpg

:evil: :evil: :evil: :evil:

Nah. No governmental punishment if found guilty.

Just turn him loose with full disclosure of name/address/etc.

I'm sure it'll all work itself out in a few days :evil:

Drawing and quartering, burning alive, perhaps tossing him in a river in a sack... I just came off a 47 hour workweek of pounding on every door in five dormitories and 10 apartment buildings to clean this thing off of every computer on campus... that 47 hours doesn't include the time I spent in class. Set him loose in my school's IT department. We'll take care of him.

Fine Microsoft. Deeper pockets.

Fine Microsoft. Deeper pockets.

You're kidding, right?

Give him a job working for the FBI or CIA.

Maybe he could, hack into North Korea nuclear program computers!!:evil:

He's a SCRIPT KIDDIE - read: idiot. Chimpanzee with a keyboard.

There's no tech skills here to exploit.

:rolleyes:

Too strange,,,,,

anyone else think that "kid" looks like:??

http://academic.bellevue.edu/~jpatton/limbaugh/limbaugh.jpg




BTW, Jim's right. Nothing special about what he did (tech wise). All he did was add some extra lines to the orignal exploit.

Elmer,
How DARE you suggest that people should take the responsibility on themselves to make sure they update their Windows ;)

I recommend a big Romeo y Julieta, a really good dinner at the restaurant of his choice, and the official Thanks of Congress. (I'm trying to work with one of BillyBoy's previous systems here, so, yes, I might be just a leetle bit biased:fire: )

Fire him from his role as "Comic Book Store Guy" on the Simpsons.

Graystar -
It was more than just a bit of inconvenience - and it was a BIG bunch of people who were impacted. There was a lot of business that didn't get taken care of , livlihoods impacted, significant economic impacts, . . . Throw in the number of manhours in lost productivity (e.g. My neighbor works for the DVA (Dept of Veterans Affairs), and they were down for three days. Aside for paying the nice gov't works to do nothing, ask some vet waiting on his/her benefits about a little inconvenience-) plus the time it takes to clean up this mess, and assuming he did do it, the terdball has literally wasted lifetimes, and we don't tolerate mass murders, do we?!?. My neighbor works for the DVA (Dept of Veterans Affairs), and they were down for three days. Aside for paying the nice gov't works to do nothing, ask some vet waiting on his/her benefits about a little inconvenience-

I'd have to ponder what's truly appropriate, but it should be plenty harsh and last a good long while. Poking out his eyes and cuttting off his fingers comes to mind, but then we'd be stuck with paying for his wellfare. Oh, yeah, we get to do that if we put him in prison, eh? Dang. :fire: :fire: :fire: Well, I'm sure we can come up with something:evil:

Let him go with probation+court and police fees, sue microsoft for making crappy software and its the peoples fault for not updating or having a firewall anyways.

I am so tired of these maggots.

:cuss:

To say that my methods of punishment would be extreme is not strong enough. Therefore, I didn't vote since nothing was strong enough in my mind.

I would make it painfully clear to all that this is not an victimless childish prank.

Determine the economic value of the damage he caused. Make him give it back AND a like amount.

If that make him an indentured servant, wellll too bad. Making an example of this goober will make the next knucklehead think twice before gettin' stoopid.

I think we should have him go door-to-door throughout America, accompanied by patient peace officers.

He will knock on the door of every residence that has a computer, and tell them that he was the one that causes their various migraines for weeks on end. The officers will wait in the front yard with their backs turned while you beat the living $#!t out of him. With just the frustration it caused me, a visit to only my house would probably instill a fear of God in 'im.

Stuff like this makes me want to have cruel and unusual punishment instated for cruel and unusual idiots.

Realistically though, he should get stuck with a big fat fine, and possibly a prison term. I'm still torn about the prison term.

:cuss:

Wes

First off, this was a worm, not a virus. Big difference in the two. In the case of the blaster variants, it exploited a vulnerability in DCOM RPC which ran off port 135. I think a lot of the blame falls on microsoft and their lax in security oriented programming. Also another fault is the computer "sheeple" out there who don't have a clue about keeping antivirus software up to date or running windows update regularly. If this was this guy's first offense, a big fine and some probation should do. I've seen others get off easier for a lot worse. Does it not piss you off that you are running a product (microsoft windows) that has holes in it that can let others take complete control or your computer? It's defective. Just as if a gun had a flaw where if you "pulled the trigger" a certain way, it'd kaboom. Manufactuer fault. Not that i'm trying to defend this guy, but damnit, I don't like running software with holes in it, many of which haven't been found.

x

^^^

I don't happen to agree with that sentiment.

Another way to look at it is if a manufacturer of body armor had a product that was suspectible to a certain shape of bullet. Then someone goes out and makes a bullet of that shape just so as to defeat that armor and THEN goes and fires it at someone wearing that armor, killing the wearer.

Going by the above argument it would be the fault of the manufacturer of the armor and not the guy that made/fired the bullet.

I OTOH, am of the opinion that if the special bullet had not been made and fired the wearer of the armor would still be alive regardless of the armors susceptibility since it wouldn't have been hit by a device specifically designed to defeat it.

I say the hacker type made a decision to attack other people and their property and for that he bears sole responsibility.

As for the excuse that he didn't write the original program, that's akin to saying he picked up a gun and had to use it, ie no self-control.

Let him work it off until he dies.

I began to type "Death penalty," but restrained myself.

I think the punishment should be as close to the death penalty as possible. He's cost individuals and corporations untold sums of money, as well as aggravation, and I believe it is only a matter of time until viruses like these claim a life.

The people who write these viruses are being willfully destructive and malicious, and they deserve to have the book thrown at them. Screw that, throw the library at 'em.

Screw it.

I've been reading over the other responses.

Shoot him where he stands.

And I positively cannot believe all of this "fine microsoft/people need to update their computer patches/microsoft's software sucks and is full of holes/etc." garbage.

Just like women who wear revealing clothing deserve rape, right? :rolleyes:

This entire thread is not worthy of The High Road.

Just as if a gun had a flaw where if you "pulled the trigger" a certain way, it'd kaboom. Manufactuer fault.

False analogy.

A more appropriate one would be if some jerk started slipping double powder charges in loaded cartridges. Gun blows up, of course. And you want to fine the gun manufacturer?

You somehow expect Microsoft to be able to deliver a product impervious to malicious, criminal abuse? Huh?

If someone sticks my tire with a knife, I should sue Firestone? Someone keys my car and Isuzu gets a call?

Whatever.

Blame falls on the script monkey.

Don't fault MS if you fail to take advantage of the free hotfixes offered...especially when they're released months ahead of actual attacks.

What Roscoe Said!

Here's an idea, give him a high paying job as a computer security consultant.

If it weren't for these hackers causing a bit of mayhem we wouldn't have the security we have to day. Better to loose a little productivity by some guy pointing out your programming holes by exploiting them than loose a lot of productivity when some terrorist breaks in and really messes you up.

If some kid spraypainted porfanities in a restricted part of a nuclear powerplant, would you throw the book at him, or find out how he did it to prevent some on from sneeking in a bomb?

A fine large enough to fix every infected computer PLUS have him castrated! Why give him a chance to procreate?

This thread is full of the most over-the-top crap I think I ever seen here or at TFL. Many of you need to get a grip. The kid is (possibly) a vandal, nothing more. The day we start executing people for vandalism is the day we have become everything America is NOT supposed to be.

Literally, infect his body with the Guinea worm.

Go to the Drudge Report website for a picture of this pathetic loser.

This guy's a wannabe, not the source of the original Blaster worm.

Defenestration would be appropriate.

In terms of paying off the (deliberate) damage, a "P'na debt assessor" (obscure sf-nal reference) would probably declare the debt unpayable, and assist him in self deleteing his sorry ???.

These things affect people all over the world. Extradite to some place with a really mideaval "justice" system. Let them draw and quarter him, or if they're into torment, let him man the first level tech support line for life.

Off Topic?

I work at a big real estate firm in the DC area and this virus has caused us major headaches. I'm not a field tech, I work at HQ, but I had to go out to the sales offices a few weeks ago to help out our field techs with the office computers. Email was mostly paralyzed. This worm prevented our agents from doing business, and all of our Web-based email is still shut off.

I think about 10 years in the tank would be about right for this clown. Oh, and about $500 K in fines.

HA! Defenestration! Yes by all means lets throw him out a window somewhere.

Seriously though, make him pay as much of the damages as he possibly can for the next 10-20 years. Sounds good to me.

This thread is full of the most over-the-top crap I think I ever seen here or at TFL. Many of you need to get a grip. The kid is (possibly) a vandal, nothing more.

I couldn’t disagree more. This guy tried to hijack my computer to send a message to MS against my will. Does anybody see a violation of the First Amendment free speech clause here? If I have a beef with Microsoft, I’ll send the message myself and I don’t need a spoiled brat to determine what to say or when to say it.
Would people feel the same way if he programed the worm to attack the NRA or your local water company?
I say, turn him into a lab rat.

Level 1 tech support for 16 hours a day, 7 days a week, no holidays, etc.

Let him deal with the whining and complaining he caused.

In my day job, I am a Network/Exchange Admin, just me, with 60 users at 2 sites. And at least 1 person at each site that opens any e-mail & attachments, disregarding all warnings. Any of you other I.T./Admin guys remember the Anna Kournakova (sp?) froma few years back? ? ?

Person opened it, whacked the Exchange Server. Spent all weekend cleaning it up. About a week later BOOM! same [ahem] person (Big Bosses Sis-in-law)opened it again. "...Didn't see Anna's pix the first time..."
Spent another weekend cleaning up the carnage, and had Big Boss send out a strongly worded memo "...NO pix of Anna Kournakova. This is a destructive virus/worm DO NOT OPEN!! ! ! "
Got blasted again that same day. "...I figured that if Management didn't want us to see it, those pix must be REALLY good..."

[Sound of Network Admin's head exploding...]

This thread is full of the most over-the-top crap I think I ever seen here or at TFL. Many of you need to get a grip. The kid is (possibly) a vandal, nothing more. The day we start executing people for vandalism is the day we have become everything America is NOT supposed to be.

Would you feel the same way if this virus had hit hospitals, 911 switchboards, police stations, etc. causing the loss of human life?

I firmly believe that it is only a matter of time before we see something like that happen with these viruses and their parasitic creators.

Would you feel the same way if this virus had hit hospitals, 911 switchboards, police stations, etc. causing the loss of human life?

It didn't. We should also not be punishing people for hypotheticals in the US.

It didn't. We should also not be punishing people for hypotheticals in the US.

I never said we should.

I simply asked how you would feel if his little virus had caused the loss of human life instead of "just" the loss of countless manhours of labor, and millions of dollars in damages.

That said, I think the damage he did (countless hours of labor lost and millions of dollars of damage) deserve an incredibly hefty penalty.

Castrate him so his "Stupid"genes don't move into society at large. :fire:

shooter973, i had the same thought. prison time and a big hefty fine, along with summary castration.

He didn't hijack your computer, you let BillyBoy reserve the right to hijack your computer when you ran his code on your machine. This particular jerk just took advantage of an MS backdoor in your code. Oh, and Real Estate:p , my violin is crying for you!

P.s. See Jerry Pournelle's site today for yet ANOTHER horrible Gates-of-Hell security hole. I believe it's in something called MS Word, whatever that is.

Orthonym,

I'm sitting here pondering your rantings in the midst of a mixed Linux/Windows environment.

I'm trying to figure out what your point is...surely you realize that there's no such thing as a totally secure OS.

Windows is targetted because of its success...if (insert your favorite operating system here) were the predominant OS, it would be the one trying to fight off attacks. Surely you're aware of the gaping holes in Linux, for instance.

Again, no secure OS yet. If you manage to write one, please PM me; I'd be interested in investment oportunities.

I think your wild hatred of "billyboy" (what's up with that?) might be clouding your judgement.

Two to the head, on prime time, pay-per view as an example of what happens when you indiscriminately cost others their hard earned resources just for kicks.:fire:

Proceeds go into bounty for dead or alive capture of next virus spewing hacker.

ORTHONYM, Hmmm

If I let Bill Gates/MS reserve the right to hijack my machine then where the hell does this 18 year old bucket of camel spit enter the picture? This sounds like the old “it just went off, sue the manufacturer” defense to me. How can you defend this behavior?

I don’t feel obligated to tell you why I run Microsoft products on my machine as it’s none of your business. Evidently freedoms of choice and expression are desirable only if the “right kind of people” make the “right choices" and say the "right things" to the "right peolpe.” Get a grip on this hatred of success you seem to harbor.

I’ve changed my mind about the punishment this slime deserves. I’m with H Romberg.

I don’t feel obligated to tell you why I run Microsoft products on my machine as it’s none of your business.

I will: Easier on me, easier on my users, and, occasional malignant code monkeys notwithstanding, it enhances my paycheck.

Two thumbs up for capitalism.

While I was playing Vietcong on the net, last weekend. A guy who used the name Hacker said that he was proud that he was creating new viruses. I demanded that the administrator of that server contract the feds and get this guy's ISP address. So far nothing. As far as punishing this idiot for creating the variant. I would say slow and painful death with .177 pellet rifle that fires around 1,000 fps. Start with his legs and arms, working in to the heart.

If it weren't for :cuss: like these we wouldn't need firewalls and anti virus programs!:banghead: :cuss: :fire:

Oh come on ... you guys want to murder someone for making a rather inept modification of the Blaster worm? Seriously, people, let's get some perspective here.
Draft him. He can serve the US with his skills.
Gary,
This particular punk would not be worth drafting to serve anything but a fast-food joint..
Does anybody see a violation of the First Amendment free speech clause here?
No. Just the actions of a petty criminal. PRIVATE INDIVIDUALS CANNOT VIOLATE THE BILL OF RIGHTS.

You guys want to get worked up, look at some of the Sobig varients. Haven't caught that [person(s)] yet, and [his/her/their] stuff is far more insidious and well written.

The guy is a petty criminal who happened to hurt some people pretty badly financially. The death sentence or your favorite, horrible forms of torture hardly fit the crime.

Oh come on ... you guys want to murder someone for making a rather inept modification of the Blaster worm? Seriously, people, let's get some perspective here. Cordex, you are absolutely right. I stand corrected. If I were to stand by the “kill 'em” position I took before I read your reply, that would have put me in the same group as labor unions and common street thugs. Thank you for showing me the error of my ways. I feel so ashamed. (sniffle)

As for the free speech violations, . . . well . . . lets just say we strongly agree to disagree.

As for the free speech violations, . . . well . . . lets just say we strongly agree to disagree.
Shall we reread Amendment I?
Congress shall make no law respecting an establishment of religion, or prohibiting the free exercise thereof; or abridging the freedom of speech, or of the press; or the right of the people peaceably to assemble, and to petition the government for a redress of grievances.
What law was made? What actions were performed by a government official establishing a de facto law? Not even the loosest definition of "law" applies.
On what basis do you make your claim that a private individual - not acting under the authority of the government (in fact, expressly acting in violation of the laws made by said government) can violate anyones rights as outlined by the Bill of Rights which are established not as restrictions on private individuals, but as restrictions on government actions?
Riddle me that.

Is he a criminal? You bet. Does he deserve punishment? Absolutely. Has he violated any of your Constitutional Rights? Not a bleedin' one.

Lock him in a room, with a 14.3 modem, windows 3.0 as the operating system, and set it up to receive only spam and pop-ups. Should drive him bonkers in short order.

Lock him in a room, with a 14.3 modem, windows 3.0 as the operating system, and set it up to receive only spam and pop-ups. Should drive him bonkers in short order.

You're being waay to nice, a 300baud modem, CP/M and a Morrow MD2.. let him do whatever he wants...

Non-violent nusiance crime. Felony conviction with 2000 hours of community service to be completed in 18 months. He obviously has too much free time on his hands.

I work in IT support for Ohio State. I'm still busting my rear dealing with all the ramifications of this stupid worm. We only have a couple hundred people on our Student Affairs network, so thats not so bad. However, when the 8-10k students move into the dorms, we're *STILL* going to be dealing with this thing.

That said.


5 minutes, alone in a room with me. Trust me that would be more than enough punishment. Then we can just pass him around from IT dept to IT dept for alone time with angry techs.