Security

Punishment Inconsistent for Convicted Hackers

Convicted computer criminals are getting drastically different sentences, depending upon the jurisdiction in which they are tried, with one notorious hacker netting a very light suspended sentence, experts tell TechNewsWorld.

A judge in Germany today handed down a suspended sentence of a year and nine months to Sven Jaschan, the creator of the malicious Sasser virus that wreaked havoc on global Internet service in 2004. The 19-year-old was caught last year when Microsoft put up a US$250,000 reward for information leading to his arrest.

A few weeks earlier, a jury in Texas convicted Christopher Andrew Phillips on two federal felony counts for disabling the University of Texas’s Web service in 2003, and he is facing up to five years in federal prison for his misdeeds.

Scared Masses

These cases involving hackers and purveyors of viruses are scaring off individuals from using the Internet. According to a new report by the Pew Internet and American Life Project, 90 percent of Internet users have adjusted their online behavior, fearful of falling prey to tricksters, like Jaschan and Phillips.

“Sixty-eight percent of home Internet users, or about 93 million American adults, have experienced at least one computer problem in the past year that is consistent with problems caused by spyware or viruses,” wrote Susannah Fox, author of the Pew report.

Many computer companies are taking the message to lawmakers in Washington, D.C., and elsewhere that the fear and anxiety caused by these hackers must be staunched with tougher laws, and tougher law enforcement internationally.

“The message we’re taking to Washington is that there is a high level of fear and anxiety out there,” said Chris Voice, a vice president of technology at Entrust. “There are consequences to all this criminal activity.”

Governments Keeping Quiet

Thus far, neither Congress nor European lawmakers have done anything lately to stiffen sentences for computer criminals. A St. Petersburg, Florida, man was recently arrested for stealing another person’s WiFi signal, the first case of its kind. A trial date has not been set in that matter yet. But one thing is certain, said Bruce Cundiff, an analyst with Javelin Strategy & Research: “there’s a loss of trust in the online channel.”

Microsoft, however, is trying to put a happy face on the outcome of the Sasser virus writer trial.

Nancy Anderson, general counsel of Microsoft, said it was “gratifying to collaborate with and support law enforcement in this case.” She said the company is providing money to those who helped track down the hacker — do-gooders whose identities have not been revealed.

Nonetheless, the sentence was light — and, for all the publicity, Jaschan will not spend time in jail, but will instead serve 30 hours of community work while on probation, even though he was found guilty on four counts of altering data and three counts of computer sabotage.

Jaschan admitted that he was guilty of the crimes during his trail, which stretched from Tuesday to today. The Sasser virus, which he created, damaged hundreds of thousands of computers around the globe, starting in May 2004.

Jaschan, a resident of Waffensen, Germany, may have received a light sentence because he is a teenager, experts said. Purveyors of the MyDoom.B virus, the Sobig virus, and the MSBlast.A worm, also called Blaster, are still at large.

Harsher Justice

Phillips, a one-time student at the University of Texas, age 22, received harsher justice, with up to five years in prison for “reckless damage” of computers. He apologized during his trial. “I’m sorry to my parents, the University of Texas, and all these people. It just wasn’t my mindset that this kind of thing would have this sweeping effect,” said Phillips.

Tens of thousands of requests for information were traced back to Phillips’ Internet Protocol (IP) address, after he created a fake, Java-based TXClass training program online, and phished for the social security numbers of university students. He also compiled genealogical data on his computer, and created a program to merge the social security numbers with the backgrounds of the individuals he had conned. More than $122,000 in damage to University of Texas computers was caused by his hacking, prosecutors said.

A prosecutor, Mark Roomberg, said in an argument in federal court that Phillips essentially “kicked in the door — and took whatever he wanted” from the university’s computers.

Leave a Comment

Please sign in to post or reply to a comment. New users create a free account.

Technewsworld Channels