Saturday, August 26, 2006

Christopher Maxwell, botnet master, sentenced to 3 years +

I was in attendance at the four hour sentencing hearing for Christopher Maxwell, the botnet master. After extensive testimony from the investigating agent Dave Farquhar, as well as representatives from Northwest Hosptital, the DoD, and a California school district, Judge Pechman spoke at length and eloquently about her decision to send Mr. Maxwell to prison.
Where Asst. US Attorney Kathryn Warma sought 6 years imprisonment, the defense sought probation. The judge, after much thoughtful deliberation, gave him three years, followed by three years probation, and more that $250,000 in restitution to Northwest Hospital and DoD. He may well pay more to the school district too.
By any real standard, Mr. Maxwell's life is ruined, thanks to sadly flexible morals and the desire for easy cash.
It's a shame as, on one hand I felt bad for him, as I watched his family weep and pray, and noted his own readily visible emotions. He was indeed remorseful and accepted responsibility for his actions.
But my compassion began to fade as, in his own opportuntiy to speak to the judge, he suggested he might best serve time by speaking to high school students and other youth groups about his wrong doing.
To this I say, three years in the hole will offer a far better deterrent than Mr. Maxwell on a speaking tour, elevated to a status he is not worthy of.
Yes, his sole intention was propogating adware for pay, and even with root access to machines, he did no further damage and stole no information.
But botnets for dollars, or any other nefarious purpose, could have, quite simply in this case, cost someone their lives. Northwest Hospital continued to operate thanks to good disaster planning, but what if they hadn't? What if someone was misdiagnosed or issued the wrong medication as a function of Mr. Maxwell's criminal acts?
Both the Assistant US Attorney and Judge Pechman spoke directly of the need for deterrence. Yes, it may not help with our friends overseas, but maybe, just maybe, some script kiddie in a basement somewhere will now think twice before firing up an IRC server and letting loose with the malware.
To Asst. US Attorney Warma, Agent Dave Farquhar, and Judge Pechman I say, job well done.

No comments:

Moving blog to

toolsmith and HolisticInfoSec have moved. I've decided to consolidate all content on one platform, namely an R markdown blogdown sit...