People, none of these explanations is good enough. We are seeing an entirely new form of crime that has yet to be properly understood, let alone addressed.

I'm of the mind that if there is no harm proven, there's no crime. What we have here is harm on a different scale, where each individual harm is almost immeasurable and hardly prosecutable, but when added up it makes for a lot of harm. Nimda on one system is nothing at all; Nimda on 10 systems is an annoyance; Nimda on 10,000 systems ruins everyone's day.

File sharing also manages this. Each download of a song is a copyright violation, but a very small one. The combined violations of the entire world add up to a whole lot.

(Note that I make that statement as a big fan of such file sharing, and I think RIAA is still going about it the wrong way. But these ARE copyright violations.)

The same thing happens in the "real world" when, for example, a car pollutes the air. One car is no big deal and you'd really have to work to prosecute. 10,000 cars out of repair, going down the highway is another question entirely.

The same thing happens when the combined spreading of lawn care products or pesticides leads to polluted ground water.

As far as quailty admins correctly setting up systems go, I think that's a non-starter. I say that even as I'm kinda-sorta unemployed because people don't care to hire quality admins. A good sysadmin knows that his/her system is impossible to secure. If it's on the Internet, it's vulnerable - period. No sysadmin worth their salt would ever say something like "this system can't be broken into". The quality admin says "this system is so complex that its security cannot possibly be guaranteed by anyone". All you can do is configure as best you can, install every known patch, and keep a careful eye out.

And as much as I hate MS, the open source approach does require some crazy things of you every once in a while. I'm thinking of the time I was suddenly forced to understand ALL of sendmail in order to shut down relaying back in 1997. It meant digesting that 3" thick book in short order. People always say "It's your fault for running a crappy mail transport agent!" But come on. I mean let's be realistic.

I don't know the answer, but I'm thinking that there should be application of a distributed model for prosecution. I have no idea how this would fly, but if distributed solutions have led to all of the problems, let's look to distributed solutions for the answers.

I do believe that people that unleash these viruses are criminals. These viruses can damage expensive computer software and halt employee productivity (hence a financial loss). I think the world as a whole is still trying to figure out the realm of cybercrime. (Wasn't it a kid in the Philippines that reportedly started the "ILOVEYOU" virus? And he couldn't be prosecuted b/c that country did not have cyberlaws on the books?)

This is not meant to be fascicious at all. Rather, it was something that just came to my mind.

Just how do we prosecute these people? Do we create a whole new set of laws tailored to cybercrime, or do we rewrite existing laws to incorporate the computer world? (I believe the FBI has a cyber unit now, but in regards to any computer-specific laws, I admit my ignorance.)

And just what could we charge these people with? Perhaps armed robbery (because they're armed with a crippling virus and stealing money)? Destruction of property (because some of these viruses damage hardware)? Possibly treason (b/c if they hit a government site and cause a security breach, it could be considered a crime against the government)?

Re: It's one thing to waste your own time,
 

NBN, your wish may well come true. A bill currently under consideration -- the Anti Terrorism Act, a.k.a the Mobilization Against Terrorism Act -- would make violations of the Computer Fraud and Abuse Act "federal terrorism offenses", and provide for life in prison for offenders (there is no Federal parole). It's also retroactive, so you can get your NIMDA guy.

Welcome to the Brave New World; deface a website, go to jail... forever.


No, I'm not kidding. Check out http://www.eff.org for details.

Yea that act is truely wonderful, it could make a copyright violation make you a terrorist, i think hte RIAA wil be rubbing their hands in glee.

Once again, glad i'm moving to europe. Governments are entirely corperate whores there yet.

You need new laws, period. BUt i mena if you have a totaly insecure boxen with your credit card info on it its liek leaving your front door open, your insurance company will give u nothing and you'll get little sympathy. The same should apply. Those in power who mostly know sweet fuck all about tech and the net (read: Ashcroft) fear what they do not understand, so they want to crush it and it seems little details lik breach of constitutional right will be very easily washed away in the name of stopping terrorism. (60% accroding to time poll support being able to hold suspected terrorists for UNLIMITED POERIOD OF TIME WIHTOUT BAIL, fucking hell!) It'll be like Britan with its anti-terrorism laws in the 80s (gilford four all over again?).