why aren't virus producers punished?

[Joe Zorzin]

Every year a few new major virus threats shake up everyone with a computer.
I seldom hear of anyone getting caught and severely punished.

If someone hacks into a major corporation, they'll often get caught and
punished- we read about this periodically- but, doesn't anyone go after the
virus producers?

If a few were caught and sent to chain gang in Georgia for a few years, this
problem may decrease.

 

[null]

Every year a few new major virus threats shake up everyone with a computer.
I seldom hear of anyone getting caught and severely punished.

If someone hacks into a major corporation, they'll often get caught and
punished- we read about this periodically- but, doesn't anyone go after the
virus producers?

If a few were caught and sent to chain gang in Georgia for a few years, this
problem may decrease.

Actually, the punishment that really terrorizes them is a five year
sentence of shrink wrapping Norton and McAfee retail boxes all day
long.


Art
http://www.epix.net/~artnpeg

 

[Metal Cyber Man]

Simple, a hacker can be traced during an attack and though possible to catch
virus creators, any truly good virus creator is hard to trace.

 

[David H. Lipman]

And David Smith. Author of the famed "Melissa" virus.

Dave

 

[optikl]

Every year a few new major virus threats shake up everyone with a computer.
I seldom hear of anyone getting caught and severely punished.

If someone hacks into a major corporation, they'll often get caught and
punished- we read about this periodically- but, doesn't anyone go after the
virus producers?

If a few were caught and sent to chain gang in Georgia for a few years, this
problem may decrease.

--

1) Virus producers? Please define?
2) If you're talking about authors/writers (coders), that activity is not
against any law, unless of course it can be proven coders are also
facilitators; those who willfully assist in the releasing of these things in
the wild.
3) Particularly in the US, there are laws on the books at both the Federal
(the Computer Fraud and Abuse Act; the USA Patriot Act of 2001) and state
levels that address the release of malicious code and the impact that has on
government, financial institutions and on individuals. There are both
criminal and civil penalties associated with these laws, depending on
who/what is affected and the financial impacts.
4) Believe me, chain gangs no longer exist in Georgia . But, we have a
lovely facility in Texas (Huntsville) that periodically has rooms available.
The turn-over there, every 10-12 years or so, is quite high, but ones
funeral expenses are picked up by the state :0.
5) All fun aside ( 4 was in jest ), laws aren't going to solve the problem.
They are reactive in nature.

 

[Name withheld by request]

Although never proved, I still think that some of the virus programs
that get release are done, if not with the blessing, then with a
closed eye attitude of the anti virus software companies. What better
way to sell updated software, than to have a new batch of nasty virii
release, that, by coincidence the old software won't fix, but by golly
the new version will fix.
Reminds me of the time back in the 70's, when the radar gun
manufacturing companies also released the radar detector. Then
they would release a new gun, then a new detector to pick up the
new gun as well as the old one, and so on and so on

 

[James E. Morrow]

Although never proved, I still think that some of the virus
programs that get release are done, if not with the blessing, then
with a closed eye attitude of the anti virus software companies.
What better way to sell updated software, than to have a new batch
of nasty virii release, that, by coincidence the old software
won't fix, but by golly the new version will fix.
Reminds me of the time back in the 70's, when the radar gun
manufacturing companies also released the radar detector. Then
they would release a new gun, then a new detector to pick up the
new gun as well as the old one, and so on and so on

<Snip>

Urban myth. Software is a business. The liability involved with virus
writing would not make stockholders happy. Business is all about
measuring risk. This risk is too high.

 

[Bart Bailey]

In Message-ID:<[email protected]> posted

Urban myth. Software is a business. The liability involved with virus
writing would not make stockholders happy. Business is all about
measuring risk. This risk is too high.

High risks and untenable odds are no obstacle to some people,
our local NDNs are thriving on folks willing to assume those risks,
even to their last dollar.

 

[Jason]

Every year a few new major virus threats shake up everyone with a computer.
I seldom hear of anyone getting caught and severely punished.

If someone hacks into a major corporation, they'll often get caught and
punished- we read about this periodically- but, doesn't anyone go after the
virus producers?

If a few were caught and sent to chain gang in Georgia for a few years, this
problem may decrease.

LOL, no to guantanamo bay, to clean the toilets.

It's not really going to help. Lots of script kiddies tend to do this sort
of thing, some say it's related juvenile behaviour. Anyway, I don't believe
in throwing people in jail unless they're doing some real harm. [ that's
another issue ]

Some do get caught anyway. And it's a thankless task writing viruses. You
code and code away, and then Mr McAfee or Mr Norton [et al] make a whole
bunch of money out of it.

 

[Baked]

I only know about one such case: the inventor of the "I Love You" worm got a
few years in a Philippine jail.

They released him because it is not illegal in the Philippines.

 

[kurt wismer]

Every year a few new major virus threats shake up everyone with a computer.
I seldom hear of anyone getting caught and severely punished.

If someone hacks into a major corporation, they'll often get caught and
punished- we read about this periodically- but, doesn't anyone go after the
virus producers?

If a few were caught and sent to chain gang in Georgia for a few years, this
problem may decrease.

just because you haven't heard about it doesn't mean it hasn't
happened... others in this thread have already mentioned the authors of
the 'i love you' worm, and the melissa worm... there's also the black
baron, and i others who don't immediately come to mind...

obviously the risk of consequences does have an impact, but that impact
may not be as significant as one might hope...

maybe, just maybe, the current rate of virus production/release *is*
the decreased rate...

 

[Bart Bailey]

In Message-ID:<J9T%[email protected]> posted on

maybe, just maybe, the current rate of virus production/release *is*
the decreased rate...

Aren't you Canucks restructuring your educational priorities to address
that discrepancy? ;-)

 

[Nick FitzGerald]

No...

They released him ...

"released" implies he was imprisoned then let go, or at least arrested. AFAIR,
he was only ever "helping police with their inquiries".

... because it is not illegal in the Philippines.

I believe that Philippines law has subsequently been changed so as to not allow
future perpetrators of such acts get away without so much as a slap over the
wrist with a soggy bus ticket.

 

[Nick FitzGerald]

2) If you're talking about authors/writers (coders), that activity is not
against any law, ...

In some countries it is explicitly or implicitly illegal to write viruses.

From memory, I think Finnland has a law making creation of computer viruses
illegal and other countries (fairly sure Italy is one such) have laws making
simple possession of virus code illegal. In the latter, the act of writing
a virus immediately puts in breach of of the possession law so writing a
virus is, in fact, an act that results in a legal liability (it is a very
fine semantic distinction between that and "writing a virus is illegal").

... unless of course it can be proven coders are also
facilitators; those who willfully assist in the releasing of these things in
the wild.

Moving on to those who publicly post, but do not "actively spread" their
work, you quickly approach issues of contributory negligence and worse.

3) Particularly in the US, there are laws on the books at both the Federal
(the Computer Fraud and Abuse Act; the USA Patriot Act of 2001) and state
levels that address the release of malicious code and the impact that has on
government, financial institutions and on individuals. There are both
criminal and civil penalties associated with these laws, depending on
who/what is affected and the financial impacts.

Thanks for reminding me of the Patriot Act -- I seem to recall that there
are, in fact, clauses therein that effectively make virus writing a criminal
(terrorist) act because viruses and other forms of malware are defined as
"terrorist weapons" and creating, selling, disritbuting, etc weapons of
terror are treasonable under the Act, thus "writing a virus" may be enough
(in the US) to get you before a firing squad (if you're associated with the
military) or "on the table" for a lethal injection if a civilian (actually,
how are federal death sentences performed? By the method preferred in the
state executing (sorry!) the death sentence or by the same specific method
country-wide?).

4) Believe me, chain gangs no longer exist in Georgia . But, we have a
lovely facility in Texas (Huntsville) that periodically has rooms available.
The turn-over there, every 10-12 years or so, is quite high, but ones
funeral expenses are picked up by the state :0.
5) All fun aside ( 4 was in jest ), laws aren't going to solve the problem.
They are reactive in nature.

You reckon a few punk ass teenagers getting gassed or scorched or injected
to death for their "undue inquisitiveness" might not somewhat quell the
"inquisitiveness" of others?

It may not be _the_ solution, but it's likely to help...

 

[Nick FitzGerald]

Didn't they apply a vandalism charge against him ?

Not that I heard (and I find it hard to see how they could make one stick).

The nearest they got to charging him was with fraud relating to the
(supposed/intended/etc) "theft" of Internet service that the password
stealer the virus tried to d/l from a web site (would have) allowed. IIRC
even this charge was found to be untenable in light of the way the law was
written (apparently much of the relevant Philippines fraud legislation at
the time would even be hard to make a case stick against a "clear" case of
credit card fraud, so it is not surprising that adding the further
"complexity" of the even more modern Internet and the fact there was no
official confession, etc, etc they let it go).

 

[optikl]

In some countries it is explicitly or implicitly illegal to write viruses.

Thanks. I wasn't aware of that.

Thanks for reminding me of the Patriot Act -- I seem to recall that there
are, in fact, clauses therein that effectively make virus writing a criminal
(terrorist) act because viruses and other forms of malware are defined as
"terrorist weapons" and creating, selling, disritbuting, etc weapons of
terror are treasonable under the Act, thus "writing a virus" may be enough
(in the US) to get you before a firing squad (if you're associated with the
military) or "on the table" for a lethal injection if a civilian (actually,
how are federal death sentences performed? By the method preferred in the
state executing (sorry!) the death sentence or by the same specific method
country-wide?).

Having read these acts several times, I recall the language in the act
implied you had to be a facilitator in the process. I suppose that the US
Justice Dept could make a case that anyone who writes a virus in fact
facilitates the process of spreading, if it's in the wild.

You reckon a few punk ass teenagers getting gassed or scorched or injected
to death for their "undue inquisitiveness" might not somewhat quell the
"inquisitiveness" of others?

It may not be _the_ solution, but it's likely to help...

I'm one of those folks who are in favor of laws that punish, but don't
believe any laws deter those who would commit crimes. The only folks
deterred by those laws are the ones who wouldn't be committing them anyway.
Otherwise, I think murder in the US, for example, would be almost
non-existent.

 

[null]

Every year a few new major virus threats shake up everyone with a computer.
I seldom hear of anyone getting caught and severely punished.

If someone hacks into a major corporation, they'll often get caught and
punished- we read about this periodically- but, doesn't anyone go after the
virus producers?

If a few were caught and sent to chain gang in Georgia for a few years, this
problem may decrease.

It's not just virus writers. Spyware is getting nastier all the time:

http://www.spywareinfo.com/~merijn/cwschronicles.html

As this article illustrates, some spyware is so nasty that it's nearly
impossible to get rid of. A medieval torture chamber treatment is too
kind for the authors of this crap.


Art
http://www.epix.net/~artnpeg