back to article Hacker dodges FOUR HUNDRED YEARS in cooler for SCANNING sites

A US hacker has dodged 440 years in prison for computer crime offences that amount to scanning sites with automatic tools and filling in web forms with junk data. The charges, since reduced to a misdemeanor, could have seen Fidel Salinas, 28, spending his remaining days working off a 440-year sentence. Salinas was alleged to …

  1. Anonymous Coward
    Anonymous Coward

    Although turning a vulnerability scanner on a website in a production environment can have debatable consequences, the fact that he started brute forcing password attempts amounts to an attempt at illegal access so I think dismissing it as "only scanning" is not accurate. I think most people agree that port scanning is not really illegal, even if it can sometimes be a precursor to an intrusion attempt, but if someone is running 14,000 password guesses against a website, that's a different matter.

    The length of the sentence of course is an entirely different matter, and is of course excessive.

    1. Anonymous Coward
      Anonymous Coward

      I'd like to know

      Why it let him run 14,000 password guesses, and didn't lock him out completely after less than 10 failed attempts??

      1. wikkity

        Re: I'd like to know

        > Why it let him run 14,000 password guesses, and didn't lock him out completely after less than 10 failed attempts??

        Thats probably why the admins were logged out, their accounts had probably been disabled. Of course his IP should have been blocked assuming all attempts were from the same src.

      2. Mark 65 Silver badge

        Re: I'd like to know

        My first thought at hearing he could launch 14,000 guesses and the admins were locked out is "you're doing it wrong". It certainly seems like the settings could do with tweaking but I'm guessing the admins weren't really admins but maybe Adobe Dreamweaver operators asked to set up a website.

  2. Anonymous Coward
    Anonymous Coward

    Suggested sentence is a theoretical max if all penalties were applied and served consecutively. It's only of interest to daft headline writers.

    1. Mark 65 Silver badge

      I was under the impression that it's of interest as a reference point for plea bargaining.

  3. P. Lee Silver badge

    Admins locked out from a public-facing user interface?

    Since when do you use the same login system for admins and users and since when do you allow admin logins to be locked-out like that.

    I suspect exaggeration and misdirection or a rubbish app.

    1. Anonymous Coward
      Meh

      Re: Admins locked out from a public-facing user interface?

      or an under resourced system running at 100% cpu....

    2. Anonymous Coward
      Anonymous Coward

      Re: Admins locked out from a public-facing user interface?

      Quite a lot of systems lock the account for a period of time after X failed login attempts,

      I would imagine X is a number quite a lot less than 14,000

      1. Christoph Silver badge

        Re: Admins locked out from a public-facing user interface?

        The admin accounts should be set to only allow logons from secure terminals, not from anywhere on the web. That should stop them being locked out by failed attempts.

  4. DropBear Silver badge
    WTF?

    I do find it mind-boggling that the US justice system manages to find 44 different names for basically a single offence. Ok, it might not be a single one but it sure as hell ain't 44 either - and the loving care with which they apparently strive to plaster some label over every old thing They Would Really Like You Not To Do is nothing short of touching...

    1. Doctor Syntax Silver badge

      "I do find it mind-boggling that the US justice system manages to find 44 different names for basically a single offence."

      It doesn't say they did. There were 18 counts of one thing & 15 of another. That's 3/4 of them under just two headings.

      Presumably you've no great experience of how courts work.

  5. Ian 62

    Too subtle for me.

    Maybe I've not had enough coffee yet, but the implication of the report seems to suggest that what this guy was doing is hardly worth mentioning.

    Yes, ok, its just a website. But it appears he was trying to gain un-authorised access.

    Would you brush off an incident where someone was outside your house for a few days trying all the door and windows, then sitting at the front door and trying 1000s of keys in the lock to see which one worked?

    "I've not got in M'Lord, I was just checking"

    1. LucreLout Silver badge

      Re: Too subtle for me.

      Would you brush off an incident where someone was outside your house for a few days trying all the door and windows, then sitting at the front door and trying 1000s of keys in the lock to see which one worked?

      No, I'd not brush it off, but I'd not expect the guy to be facing 440 years in jail at any stage of proceedings. Would you?

      1. James O'Shea Silver badge

        Re: Too subtle for me.

        Here in deepest South Florida, should a homeowner discover someone at their door trying to get in illegally, said homeowner can, and has on multiple occasions in the past, shoot the miscreant dead, with no consequences beyond having to hire a cleaning service to get rid of the blood once the cops have been around and congratulated him on his aim.

        Breaking and entering is liable to have harsh consequences. M'man tried, hard, to break into and enter a county site. You may disagree with the penalties, but you're not the prosecutor.

        And, oh, please note that the 440 years is merely totaling the maximum possible sentences. In the first place, no matter what the prosecutor may or may not ask for, the judge might or might not hand down the maximum... and usually doesn't. In the second, most judges make the terms concurrent, so even if m'man got the max for each of the 44 he'd only be inside for the max, or 10. In the third, this is a non-violent first offence, so odds are that he'd just get probation. As the charges have been reduced to misdemeanors, that's a max of 366 days. (That's DAYS, not YEARS.) He'll probably get 'community service' (picking up the trash on the interstate for a few months) and a year of probation. A.k.a. a slap on the wrist.

        On the other hand, it's a Federal case in Texas. which means that the judges and prosecutors are insane. back in the 1970s, when 'life' meant '60 years, with a chance at parole in 30' some Federal judges in Texas started handing out 99 year sentences instead of life. When defence attorneys objected, one judge went to 999 year sentences instead. The Mafia boys he was permanently parking into a supermax got some of their friends outside to blow him up (they put a bomb into his car) and his brother, also a Federal judge, requested transfer to Texas and continued the family tradition of 999 year sentences. Feds in Texas still trend towards packing in the years. If m'man had got the wrong judge, he really could have got 440 years in a supermax.

        And, oh, yeah, he's not out of the woods yet. If the locals decide that the Feds were too soft, they could find a reason to charge him for something not covered by the Federal charges and haul him up to state courts. Timmy McVeigh was notoriously sentenced to death by the Feds for blowing up the Federal Building in Oklahoma City, and Oklahoma insisted on trying him separately and handing down their own death sentence just in case he survived the Feds. (He didn't.)

        It's a whole new world on this side of the Atlantic. Especially in Texas.

        1. Anonymous Coward
          Anonymous Coward

          Re: Too subtle for me.

          Long sentences are a vital piece of US justice since they provide the big stick for the authorities to wave at whoever they have picked up before offering some kind of plea bargain. This approach is the main factor behind the high conviction rates in the US.

        2. Trevor_Pott Gold badge

          Re: Too subtle for me.

          Whereas in Canada the use of force must be proportionate by law. By law, unless you have legitimate reason to believe your life (or the lives of your family) are in immediate danger, there is no legitimate reason to engage in activity that may harm - let alone kill - a potential or actual intruder in your home.

          The presence of an intruder in your home is not enough to qualify as reason to believe you life (or the lives of your family) are in danger. If you have the capability and/or training to disarm, disable or subdue an intruder without harming them then you are not allowed to use more force than that. If the intruder can be sent on his merry with a few trinkets and no harm to either party, then that is the option you must choose.

          It is up to the police to capture the intruder, not you. And possessions are not worth lives; yours or theirs.

          The concept that you can shoot someone dead for trying to get in to your house, and where they've made no threat to your (or your family's) life is...bizarre. At least to this Canadian. Possessions are not worth lives.

          1. Looper

            Re: Too subtle for me.

            then again Canadians have some common sense unlike Texans, Floridans etc.

          2. Robert Helpmann?? Silver badge
            Childcatcher

            Re: Too subtle for me.

            The presence of an intruder in your home is not enough to qualify as reason to believe you life (or the lives of your family) are in danger.

            Why not? The intruder has demonstrated a disregard for decent behavior. Why would you assume at that point that he or she would feel the same concerning the lives or health of you or your family? What would it take to convince you that you are in danger if not a thug ransacking your home with you in it?

            If you have the capability and/or training to disarm, disable or subdue an intruder without harming them then you are not allowed to use more force than that.

            See, this is how people end up on the floor, dead with a knife in hand that they did not enter the house with. This sort of argument reminds me of people questioning why police don't shoot to wound rather than to kill. "Disarm, disable or subdue" is likely to get you dead. Stop or drive away by any means are much safer goals.

            It is up to the police to capture the intruder, not you. And possessions are not worth lives; yours or theirs.

            Yes, as I noted above, capture should not be your goal, even though your statements are self-contradictory on this point. I would (and have) walked away from possessions when faced with a credible threat. I am not familiar with Florida's laws, but most places I am familiar with look at the situation as if the person is forcing his or her way into your home while you are there, you have a right to defend yourself.

            The concept that you can shoot someone dead for trying to get in to your house, and where they've made no threat to your (or your family's) life is...bizarre.

            It can be, and has been, construed that the fact that someone is breaking into your house constitutes a de facto threat to life and limb. I thoroughly agree with you in that possessions are not worth lives, though I suspect we disagree on the point at which one reasonably might be expected or allowed to use lethal force.

            1. Trevor_Pott Gold badge

              Re: Too subtle for me.

              "It can be, and has been, construed that the fact that someone is breaking into your house constitutes a de facto threat to life and limb. I thoroughly agree with you in that possessions are not worth lives, though I suspect we disagree on the point at which one reasonably might be expected or allowed to use lethal force."

              And this is the difference between the American - read; batshit fucking bananas - view of the world, and the Canadian - read: proportional response to events - approach to life.

              Americans are xenophobic by nature. Terrified of everything and everyone. They believe that everything and everyone are out to get them, all the time. They believe they are special, important, what they own is important, that everyone wants to harm them, specifically, or just wants to do harm to everyone indiscriminately.

              It is very rare to find a Canadian with that twisted worldview. Oh, yes, crime does happen, but there's usually a damned good reason for it. We're taught statistics in school. Repeatedly, over the course of about 8 years.

              We understand that while, for example, there are people out there who will kill indiscriminately because they're unhinged, the chances of that are roughly equal to getting hit by lightning twice and then walking out into the street and getting shit on by a bird. Especially because we have the beginnings of a competent mental health care system. (With, admittedly, some lamentable gaps.)

              Yes, some dude might be breaking into your house, but the chances that he is going to harm you or wants to harm you are virtually nonexistent. And they are not legally grounds for you to attack him.

  6. Lionel Baden
    FAIL

    why ....

    ran a script from his computer

    Am i the only who thinks this is similar to doing a bank robbery in your own car ?

    1. James O'Shea Silver badge

      Re: why ....

      There are those who do exactly that.

  7. teebie

    "These broke down into 18 separate submissions of junk data in a web form tantamount to 'cyber stalking"

    I don't think the register is at fault here, but there is no way that sentence makes sense in context.

    1. Alistair Silver badge
      Coat

      Context:

      "I don't think the register is at fault here, but there is no way that sentence makes sense in context."

      You have "texas" "america" "court"

      Makes perfect sense in that context. Or at least, in that context one should not expect anything *but* nonsense.

  8. MrXavia
    Facepalm

    potentially 440 Years? for that?

    Wow they are mad in the USA... sure he caused mischief...

    BUT he didn't rape/kill/maim/beat anyone or steal/vandalise/deface/destroy anything..

    If a computer crime has a worse punishment than the above crimes, then something is seriously wong with the justice system...

    His crime is akin to trying to pick a lock and jamming the lock in the process...

    Sure punish him, give him community service & fine him a reasonably large amount if he caused financial harm...

    and they wonder why people resist any risk of extradition to the USA....

    1. Alfred 2

      Re: potentially 440 Years? for that?

      So how much time off would he get for good behaviour?

    2. Invidious Aardvark

      Re: potentially 440 Years? for that?

      I'm afraid you're reading the headline and assuming it's true.

      1) This is not just for scanning sites - 14000 brute force attempts to guess passwords is not 'scanning'. If the headline doesn't match the actual story, that should be a small clue about the integrity of the story and/or headline.

      2) Most journalists have almost no clue how the courts work, but do know that inflated numbers draw people in, so they find the maximum sentence for each offence and add them all up, conveniently forgetting that sentences can run concurrently rather than consecutively and that judges have discretion when sentencing (most of the time, though there are some minimum terms that must be applied to some crimes in some states, etc.).

      1. Looper

        Re: potentially 440 Years? for that?

        I'm afraid it is you who are reading the headline and assuming it is NOT true.

        See Jame's O'Shea's post above.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019