Man jailed for 2 years after DDOSing telescope forum that banned him

Originally published at: https://boingboing.net/2019/04/23/man-jailed-for-2-years-after-d.html

…

Sounds like a good outcome to me.

Two lessons reinforced here:

1. Don’t be an asshole.
2. Don’t talk to the police without a lawyer.

I’d wager he’ll be released within weeks. He’s not dangerous to anybody, so it feels like maybe a fine equivalent to two years wages plus court costs would have been a better outcome.

Really? I don’t agree. Yes I’m glad they caught this asshole and he should pay a price but prison time seems harsh.

This country should be going the opposite direction when it comes to incarceration. That stiff fine seems like plenty of discouragement.

So asking someone to hack a computer is a crime? Just want to make sure I understand the charges.

Under what law? Given he was given over 2 years, in many systems that will put him in a long-term facilities that he’ll be lucky to survive.

I find the entire thing appalling. Being a jerk to this level might actually be worth handing someone a criminal record, which will probably make him unemployable in his field for the rest of his life. Adding a long criminal sentence?

But then this is the US, where minor property crimes merit absurd penalties.

Good outcome? Perhaps in one’s dreams where massively over-proportionate penalties for minor crimes may feel like justice. In real life? Not so much.

intentional damage to a protected computer

I couldn’t get an exact sense of what was done from the article, but if it was just a DDoS, that would not “damage” a computer. And whether it is “protected” is not relevant. There would simply be downtime for the website, and a cost to hire the cybersecurity expert to help. The sentence seems excessive. If any prison time is given, a month is about enough. Just require damages for the cost of the cybersecurity expert and some punitive damages. The CFAA badly needs to be updated, but law enforcement loves it.

It’s “protected” in the sense that somewhere in the forum’s boilerplate terms of service document there’s a sentence forbidding interference with the forum’s functionality. That’s enough to call it “protected” under the CFAA. And one of the many reasons that that law sucks is that for the sorts of petty vandalism or mischief that any other criminal might receive a slap on the wrist for, if you do it on a computer you get years in prison. Curious teenagers bypassing a badly constructed login page have had their lives ended. Go look up what happened to Aaron Schwartz.

There have got to be dozens of people out there every day getting ticked off at one mod or another; surely if it was just that easy, there’d be a story like this every week? Reckon there is much more to this story.

In California, the type of crime he committed makes him eligible to serve half his sentence in his community. Unless he does something stupid, he has that to look forward to.

Or maybe he’s in a federal prison? I have no idea what the early release programs are there. I was assuming a state prison though.

2 years, for a non-violent crime whose financial damages he could easily repay, foists the public with the spectacular cost of imprisoning him and reinforces a police-state attitude toward trivial computer offenses. Also consider people whose vulnerability to unequal policing or draconian prosecution goes beyond “thinks he’s smarter than the FBI”.

Ancient history now but as I recall we’ve let people off the hook before in similar circumstances. It’s better to get to the point of knowing what happened, who did it and how, and that’s enough.

middle-aged IT consultants think they’re smarter than anyone else

Yes, this is the actual takeaway from this story

I think the take away is: “Check yourself before you wreck yourself.”

Why not just go all the way? Drawn and quartered, head on a spike. Punish all his relatives too. Society must send the message that DDOS’ing an online telescope forum is wrong. /s

I do not think this guy should be spending two years in prison. But I don’t think this is a trivial offense. According to the article, Astronomics was shut down for two weeks, and it’s a very small business. I don’t know how close to the margin Astronomics runs. Neither did Goodyear.

He could have bankrupted them. Or he could have got them on a bad footing with an important client or vendor. He’s certainly given Astronomics a reason to shut down a nice community. (I visited it a year or two ago. It is a nice forum.)

The ease of DDOSing doesn’t make it a trivial act. I live in Alabama, so I see what the rampant prison-industrial complex is like. I’m no fan. But I’m also sick of narcissistic bullies ruining things for the rest of us.

I guess the tl;dr is “assholes suck.”

Yeah after reading the actual article I don’t think it’s quite the way you make it out. Two weeks shut down is no trivial matter for a small business, and the stress almost gave the owner a heart attack. Maybe not 2 years in prison but lets not pretend this should have just been let off with a slap on the wrist.

At first I just thought it was a hobby forum but he took down this person’s business. Not cool.

A two-year sentence (indeed, any prison time at all) is manifestly ridiculous for this. It’s worth noting you can get less time for ending the life of an actual human being (provided, of course, you don’t bludgeon them to death with a “protected computer”). From findlaw.com:

image.png897×157 16.3 KB

I have stated this before here. Most US inmates lose a third of their sentence on arrival. Meaning if you got 3 years you’ll serve 2 on good behavior.

If you act out they first start adding days/months to that year back.

It is possible.

If the attack really cost the group $27,000 how is that not sufficient damage to warrant jail time? If he had taken a sledge hammer to a building and caused $27,000 dollars in damage surely jail time would be appropriate? Or some how built a fence around a store’s building that took a week and $27,000 to repair?

2 years seems excessive, but not the concept of jail time itself. I do think the CFAA is too permissive as the attacks on Aaron Swartz showed, but I think using in the case of a deliberate DDOS is appropriate and we need to stop thinking of white collar crimes as being something only fine worthy - and on a slightly different note, same with all the fraud and abuse the FTC fines companies for that let’s people who steal millions of dollars give a fraction back and never worry about jail time.