Excessive damages
The DoJ claimed that Operation Payback had caused $8.9m worth of damage
No doubt conjured up using the same magic calculator that works out the damage costs for copyright infringement cases.
Four hackers in the US have pleaded guilty to misdemeanours after a judge questioned why prosecutors were attempting to press felony charges. The hackers, alleged to be part of hacktivist collective Anonymous, were allowed to plead guilty over the telephone to the charge of conspiring to intentionally cause damage to a …
1) Always tell the world the MAXIMUM Sentence possible. It makes them look good.
2) Throw the book at the perp. The more charges the better. Then they are more likely to make a deal
3) EVERYONE is guilty of breaking laws, even Felonies. They don't know it, but you do. More barganing power.
There is a downside but they rarely have to face it
-1) Be prepared to face the wrath of the Judge in a case where you press for multiple Felonies when the crime is really nothing more than a mistemanour.
This only happens when the 'perp' refuses a deal and goes to trial.
The cases shown here make sobering reading
http://www.threefeloniesaday.com/Youtoo/tabid/86/Default.aspx
Just the tip of the Iceberg folks.
This post has been deleted by its author
I think you're a bit skewed here.... since sys admins do the bidding of their employer with various restraints and system software selection is usually out of the hands of sys admins for the same reasons, perhaps the employers should be called to face the court first. Returning shareholder value to the board and senior execs is always the first priority over system security.
This post has been deleted by its author
You've clearly never worked in a large company IT environment.
I'm usually the one running around saying DONT DO EEET!!!!
The business users on the other hand are the ones throwing $$$ at the project, so get more say in how it gets done. Every once in a while I get a win in.
This post has been deleted by its author
This post has been deleted by its author
I've been a sysadmin at several companies. I was taught to keep rigorous account of any costs related to an intrusion response. Service downtime can be lost revenue and brand damage. Hours spent to diagnose and clean up become "billable" as business costs. Of course, you track direct costs like new hardware or outside consulting.
If the company chooses to report the crime, law enforcement will be less interested in a $200 attack than a $10000 one or a $2.1M attack. It's not always in the victim's interest to minimize the reported damages. Conversely, the accused doesn't always plead guilty to the maximum charges.
While it's true that sometimes a company will scapegoat a front-line employee (sysadmin, helpdesk staffer, whatever), that's rarely the whole story. If a sysadmin knowingly left a vulnerability, it's more likely that they were unable to get the resources to fix it -- and an experienced person will keep records of this. A business has to manage many risks, and won't always make computer security the highest priority.
Some anonymous fool wrote that "I cant see how they allow so much zero day vulnerable software to be sold. That in itself is a crime." By definition, a zero-day has not been reported with any time to test or patch it. If you don't know how people make products with unsuspected problems, you should try working for a day.
The U.S. and UK judicial systems are light years behind the digital age and the crims. Japan has the proper approach with mandatory 2 yr. prison sentences for pirates and 10 years minimum prison for facilitators of piracy and hackers, along with stiff fines. Every single hacker should do these minimum prison sentences or more. The naïve and gullible people who view hacking and piracy as insignificant are unfortunately braindead and clueless. Until laws catch up to the digital age very unscrupulous crims will continue to rape and pillage society with almost no punishment - because they can.
Just to be clear, the proposal is to charge staff if there is any loss?
So if a store suffers shoplifting you charge the counter staff and security guards with the crime?
Bank guards are guilty if there is a robbery?
You are guilty of a crime if your house is broken into?
This post has been deleted by its author