So lets see, is it a cute animal on a poster or a powerpoint presentation?
Law enforcement bods at Europol have arrested 34 users of Distributed Denial of Service (DDoS) cyber-attack tools and interviewed and cautioned 101 suspects in a global crackdown. Unsurprisingly, the users identified by Europol’s European Cybercrime Centre (EC3) were mainly young adults under the age of 20. The body worked …
> Hit them where it hurts. Confiscate their phones.
Clearly you haven't spent much time around children. No, the way to really hit them hard is to login to their game and delete all the good kit they spent hours grinding to get, delete all their savegames, then hide behind the couch. As the slow horror of what you've done dawns on them, sneak up behind them and whisper "We saw your report card." Then slither away.
"Vindictive justice at its best."
Vindictive? What part of deterrent did you not understand?
Every day the local paper reports the court appearances of habitual criminals who've been given lots of chances which amount to warnings, suspended sentences etc. so they see no real penalty for themselves or for their peers who are committing the same crimes with the same results. There's no deterrence. By the time they get their first custodial sentences their criminal careers are well established.
A few real penalties, well publicised, might deter their peers and ultimately prevent more lives being ruined by being gradually sucked in.
Every study that has been conducted shows that excessive sentences do not prevent crime. Fear of getting caught deters crime. If a criminal does not seriously believe they will be detected, it doesn't matter what sentence is imposed - in fact most 1st time criminals have no idea what sentence they would get if caught. What's most likely to stop you speeding - a heavier fine, or a lot more (hidden) speed cameras?
"Fear of getting caught deters crime."
Back in the day I handled 2 cases involving the same individual who clearly had some prior form. The first one was a break-in. He accepted that he'd forced an entry but insisted that he didn't actually go inside the premises because at the last moment he realised that if he did it would be actual gaol this time round. The evidence, however, said he did enter. Whilst on remand, and putting off the case in order to get a more lenient judge IIRC he got involved in a gang rape. Whatever the sentence on his original break-in it would now be dwarfed. What his actual sentences were I don't know because I would usually give my evidence & then leave so I'd seldom hear the verdicts. But that was one lad who the leniency conveyor belt delivered right into serious crime and multi-year sentences.
The one thing that stops people committing crimes is the fear of being caught. Tough sentences etc. have no real effect. The bad news is that habitual criminals don't think they'll be caught, even after they have been caught many times before. This time it's going to be different, they think. They're usually pretty stupid and have little impulse control. Drink and drugs don't help.
There are a lot of court cases where someone does get caught early on, first-time offenders and they learn their lesson, grow out of it or give up and live a mostly crime-free life as upstanding members of the community, only evading taxes, speeding, drinking and driving, working off the books, taking backhanders etc. It's the 19-year-old with sixty-odd convictions for burglary and aggravated assault that makes the headlines but they are very much outliers.
A few real penalties, well publicised, might deter their peers
History shows us that harsh penalties have almost no deterrent effect. What we need is effective detection if we wish to deter criminals.
But that would mean chasing criminals rather than chasing targets...
Yeah, let's ruin some young person's future by making an example of them.
And your alternative is...? Given the disruption and costs that a DDoS attack can cause a simple "please don't do it again" is simply but wholly inappropriate.
However the weak link in the chain is likely to be that the script kiddies are unlikely to use any of the news services where someone else's downfall is reported, and of course there remains the challenge of "I'm smarter than that so I won't get caught" mentality. IMHO there is no useful purpose to be served by going soft on offenders; it might make "you" feel better but as a service to the wider community it is self - defeating.
Hardly ruining a life by locking up a young adult (ADULT being the key word) for a couple of years.
Prison changes a person's personality and entire outlook on life. Usually for the worse. Do you also argue that there are no lasting effects of being raped, because the body soon heals?
Think back to Christmas 2014. Think of what you have done & learned between then and now. That's how long a "couple of years" is. More than enough time to become indoctrinated by the people you are locked up with. Enter slightly anti-social. Leas a psychopath. That'll make society better.
> What skills? They're only paying to access the software.
Now what about taking steps to limit the spread of botnets? Can we punish people from blindly opening email attachments yet? If not, why not? If they don't have money for fines we can do stocks and fund it all from the veg and ticket sales.
Can we punish people from blindly opening email attachments yet?
If not, why not?
Because it would be monumentally stupid.
Example: I have, sitting in the junk folder for the email address I use here on El Reg, several emails containing probable botnet lures. Some of those have very obviously fake subjectlines or fromlines or both. Several have quite realistic subjectlines or fromlines or both. However, as I have given this address out to zero decimal zero zero zero business contacts, I know that all of them, no matter how well crafted, are fakes. That would include the one from 'Apple iTunes' addressed to 'Mr. Wolf', and inviting me to click on a hotlink saying 'Apple iTunes Match invoice' but which actually links, when hovered over with a mouse, to some site ending in a .ru TLD. It may or may not actually be Russian, I don't know and don't care, as I'm not actually clicking on the thing. Yes, I have iTunes Match. No, I don't use this address as a contact for it. And when Apple does send me an invoice, they send it to the correct address, using the name that's on my credit card. And they have my correct account number. And they never, ever, ask me to 'click here'. Now, I can see where those who don't know how Apple (or whoever) operates, or who simply were in a hurry and weren't paying full attention, might click there. That might be careless, but does not rise to the level of fines or stints in the stocks.
"Because it would be monumentally stupid."
Indeed. But it would be a good idea to punish businesses who persist in training their customers to do just that.
Only a few days ago yet another spam arrived from my bank warning customers about how not to get caught by frauds. At least it purports to be from the bank. It's actually from a
marketing spamming company. It has several links on which customers are invited to click. At least this time they've improved things so that the links are to a server in the bank's domain. Further examination shows that in fact the links actually resolve to a server controlled by the marketing spamming company. The only things that indicate that the bank is actually behind it is that it was addressed to an email alias that was only given to the bank and that the bank employs idiots a marketing department.
"“certainly be cut off from the full intelligence picture”
Well fuck you too then europe. I'd love to still be friends , and do trades , and visits at the weekend and shit , but if you think because we've exited the common market you have to run away crying , throwing your tows out , taking your ball home , and cutting off your nose to spite your face by vandalising mutually beneficial important criminal information systems then fuck you.
if you think because we've exited the common market you have to run away crying
A couple of things I feel I have to correct you on here:
Firstly, we've not actually left the EU (yet), despite all the bullshit and bluster, and secondly, when we do 'leave', it won't necessarily involve leaving the common market, because:
a) Most people don't want that (they still want to be able to buy EU goods without tariffs and import duty on them)
b) It would be a fucking stupid thing to do - not so much economic suicide as a full-on economic murder-suicide where the analogy would be taking out your entire family before blowing up the house with yourself in it.
If you think leaving the EU won't involve leaving all the institutions of the EU (such as Europol), then you're like the crazy ex-partner who dumps you then keeps turning up to eat the food in your fridge, take a bath in your house and use your internet. In this eventuality, I'd fully expect the institutions of the EU to do the metaphorical equivalent of getting a restraining order and changing the locks to keep you out.
Yeah, it does NOT surprise me in the least that S'kiddies are behind the DDoS'ing, NOR does it surprise me that they're BUYING "other people's knowledge" to do it.
A *REAL* hacker doesn't need to purchase a DDoS'ing "service". But a S'kiddie *DOES*.
S'kiddies are LAZY, uneducated, self-important "look at me now" spoiled little *BRATS*, who would be protesting the 1% or engaging in PRIMAL SCREAM demonstrations [poor widdle snowflakes] if they weren't USING! MOM! AND! DAD'S! MONEY to purchase a DDoS service from a bunch of clowns that set up a botnet using malware for that specific purpose.
They invoke techniques that they do not understand, using other people's tools, and call themselves "elite" for doing it.
A *REAL* hacker knows that the discipline and [self] education needed to attain that skill level on your own should _NOT_ be wasted in such a manner. So *REAL* hackers design complex systems, or really cool IoT devices, or work in I.T. and security, where the basic knowledge and skills gained from hard work and study pay off the most.
These black-hat wannabe S'kiddie types are just irritating. And it looks like they left a nice fat bread-crumb trail for the cops to locate them, too. Typical.
My advice: install Linux or BSD, learn to compile a custom kernel (and modify it to do cool things), and hack your own computers. Submit patches when you find vulnerabilities. Get a REAL job that pays you to do _that_ level of skillful intelligent work. It's a LOT more rewarding.
Yeah, kids today. They just grab Daddy's shotgun out of the cabinet when they want to raise havoc. Why, in _my_ day we knew how to make a proper Zip-Gun, and how to talk that annoying prat down the street into doing the first test firing.
"One of the key priorities of law enforcement should be to engage with these young people to prevent them from pursuing a criminal path, helping them understand how they can use their skills for a more constructive purpose.“
But they don't have any....
"Well my team and I really concerned ourselves fundamentally with a statistical analysis as a whole; in tandem with and related to a psycho-chemical and broadly speaking a behavioral analysis of over a thousand individuals."
"We've come to the inevitable conclusion that the one course of action that the authorities must take is to cut off their goolies."
Kids poke sticks in wasp nests for shit and giggles and dares.
If maturity ever arrives they remember that shit and giggles hurts.
So not surprising that it is the young who are tempted to buy DDoS services to see what happens. Serious talking to first time. Serious punishment second time.
Biting the hand that feeds IT © 1998–2019