Categories
Archives
- May 2008
- April 2008
- March 2008
- December 2007
- November 2007
- October 2007
- September 2007
- August 2007
- July 2007
- June 2007
- May 2007
- April 2007
- February 2007
- January 2007
- December 2006
- November 2006
- October 2006
- September 2006
- August 2006
- July 2006
- June 2006
- May 2006
- April 2006
- March 2006
- February 2006
- January 2006
- December 2005
- November 2005
- October 2005
- September 2005
- July 2005
- June 2005
- May 2005
- April 2005
- March 2005
- February 2005
- January 2005
- December 2004
- November 2004
An Oregon man has plead guilty to launching a distributed denial-of-service attack against the E-commerce giant eBay. According to the Department of Justice press release, the man admitted to launching the attack in July and August 2003 with an army of infected computers he had amassed by using a worm program.
The guilty plea under 18 U.S.C. §1030(a)(5)(A)(i), (a)(5)(B)(i), (c)(4)(A) and 2 carries a maximum statutory penalty of ten years imprisonment and a $250,000 fine. According to the guilty plea,
Mr. Clark and his accomplices accumulated approximately 20,000 "bots" by using a worm program that took advantage of a computer vulnerability in the Windows Operating System – the "Remote Procedure Call for Distributed Component Object Model," or RPC-DCOM vulnerability. The "bots" were then directed to a password-protected Internet Relay Chat (IRC) server, where they connected, logged in, and waited for instructions. When instructed to do so by Mr. Clark and his accomplices, the "bots" launched DDOS attacks at computers or computer networks connected to the Internet. Mr. Clark personally commanded the "bots" to launch DDOS attacks on the nameserver for eBay.com. As a result of these commands, Mr. Clark intentionally impaired the infected computers and eBay.com.
Damages
Although court documents estimate total damages of the DDoS attack at "at least $5,000" over a one-year period, not a major damages case, the amount is set at $5,000 or more intentionally by the prosecution to satisfy 18 U.S.C. 1030 requirements for at least $5,000 in damages. Real damages in computer crime cases are hard to estimate and often the amount of damages can make or break a prosecutor’s case. For example, in a case of computer hacking, often the only litigable issue is whether the cost to recover from the hack and to put protective measures exceeds $5,000. Lost time and productivity are often calculated, although it is unclear whether IT employees’ time should or should not be counted against these damages.
In short, one of the critical factors of a computer crime prosecution becomes the determination of damages. Although $5,000 is not a high amount to meet, in many hacking cases, this amount may not be reached due to poor response, inability to calculate intangible damages, etc.
Recent Posts
- No download? Maybe no infringement in another Federal District Court
- CAN-SPAM Rules Modified
- CFAA Damages Calculation Includes Cost of Tracking Hacker
- Courts split on whether making a copyrighted song available for download violates copyright law.
- How to Respond to Data Breach
- Border Agents Can Search Laptops
- What is your return address?
- Proposed FRE 502 is good for electronic discovery, but it is not going to drastically reduce the cost of litigation as the authors are hoping.
- British Authorities: Insult to Injury
- Introduction to James Paulick
- TXJ Costs Continue Increasing
- Proposed Amendments to Section 1030
- Securing the Endpoints
- Measurement of Spam Damages For Federal Sentencing Purposes
- Email Attack Targets Executives