Forgot your password?
typodupeerror
The Internet Government Security The Courts News

Two Europeans Indicted In US For 2003 DDOS Attacks 93

Posted by timothy
from the how-about-some-shrimp-echouafni dept.
narramissic writes "In a continuation of the first successful U.S. investigation ever into DDOS attacks, Axel Gembe, 25, of Germany and Lee Graham Walker, 24, of England were indicted Thursday by a grand jury in Los Angeles, California, on one count of conspiracy and one count of intentionally damaging a computer system. The two men were allegedly hired by Jay R. Echouafni, owner of Orbit Communication, a Massachusetts-based company that sold home satellite systems, to carry out DDOS attacks against two of Orbit's competitors."
This discussion has been archived. No new comments can be posted.

Two Europeans Indicted In US For 2003 DDOS Attacks

Comments Filter:
  • Criminal Minds (Score:5, Insightful)

    by mfh (56) on Tuesday October 07, 2008 @12:35PM (#25288093) Journal

    It takes a genius to hire a couple of people to do your dirty work. It takes even greater genius to accept money to damage computer systems, from a complete stranger who would never rat you out.

    • Re: (Score:1, Flamebait)

      by sjwest (948274)

      Well least the american who hired them is no criminal. America loves to blame us 'foreigners'

      • Re: (Score:1, Insightful)

        by Anonymous Coward

        Might want to learn to read English, bud. The man who hired them was primarily being investigated, that lead to the 'foreigners'. Those darn Americans!

      • Re:Criminal Minds (Score:4, Insightful)

        by Ash Vince (602485) on Tuesday October 07, 2008 @05:09PM (#25291967) Journal

        Why has this been modded flamebait? it seems like a valid point to me and also to most legal systems (including the US). The person who commissioned a crime to be committed is surely just as guilty as the people who committed it?

        All three of them should be tried together and face the same penalty.

      • What surprises me is that A. Gembe went to the US. After all it is constitutionally impossible to get deported to third nations for a crime. So why didn't he stay at home? I would not suspect to get a fair trial in the States because the criminal enforcement system is broken.

      • Actually, the guy is Moroccan.

        See also: http://www.fbi.gov/wanted/fugitives/cyber/echouafni_s.htm [fbi.gov]

  • were they extradited? if so, why?

    • AFAIK Germany doesn't extradite its citizens due to constitutional constrains, put there after the Nazi rule.
      • They have an exception for EU member states and international courts, so the US is out.
      • Re:extradition (Score:5, Informative)

        by neuromanc3r (1119631) on Tuesday October 07, 2008 @01:35PM (#25289057)

        You're wrong. Germany does extradite citizens, as long as a couple of conditions are met.

        Specifically, the suspect must have committed a crime that is punishable in both countries, must not be tortured or executed after the extradition, needs a fair trial and so on...

        • Re: (Score:3, Informative)

          by mapsjanhere (1130359)
          that's why I went back and looked up the German Grundgesetz.
          Artikel 16
          (2) Kein Deutscher darf an das Ausland ausgeliefert werden. Durch Gesetz kann eine abweichende Regelung für Auslieferungen an einen Mitgliedstaat der EuropÃischen Union oder an einen internationalen Gerichtshof getroffen werden, soweit rechtsstaatliche GrundsÃtze gewahrt sind.
      • by bsDaemon (87307)

        s/Germany/Israel

    • Re: (Score:3, Informative)

      by spacefiddle (620205)

      Lee Graham Walker, a British citizen, and the German malware programmer Axel Gembe have appeared in a federal court in San Francisco...

      I'm guessing yes.

      This article [heise.de] also notes that Gembe may have been the HL2 thief, and that he's been on the hook for this DDoS attack since 2006: this was just their (first?) court appearance for it.

      I have no particular premonition about how this will all turn out. On the one hand, German courts were taking it easy on him as long as he straightened his life out... on the other, the FBI with its "first successful investigation" into a DDoS may wish to make example of. We'll see.

  • by Fred_A (10934)

    ... always stop around 1995 DOS attacks or you'll be indicted !

    Better safe than sorry !

  • Revoke (Score:5, Interesting)

    by Improv (2467) <pgunn@dachte.org> on Tuesday October 07, 2008 @12:44PM (#25288263) Homepage Journal

    This seems like a good time to consider revoking Orbit Communications' corporate charter.

    • And ban the "owner" from ever serving on a corporate board. If he wants to run a business, he can run the local qwiki-mart. In fact, even that is likely an s-corp. Maybe he can run a lemonade stand.
    • Re: (Score:2, Informative)

      by Anonymous Coward

      I don't think there will be any repercussions for Orbit, considering they are a Saudi-based company (http://www.zawya.com/cm/profile.cfm/cid1001503/). They couldn't go after the company, so they went after the people. I wish that's how it worked in US corporations.

    • Re: (Score:1, Insightful)

      by Anonymous Coward

      It's Massachusetts. The penalty for running over and killing someone while driving drunk is to become a state senator. The penalty for severe security lapses that allow terrorists to kill 3000 people is - well, nothing.

      Besides, given that they think that blinking cartoon characters made out of LEDs are bombs, I doubt anyone in power in that state is smart enough to understand what a DDOS attack is. Even MIT's management decided LEDs were bombs when the state police almost shot one of their students for wear

    • I know its inconvenient, but perhaps we could wait until after the trial and conviction to exact punishment.
  • sigh (Score:5, Insightful)

    by gbjbaanb (229885) on Tuesday October 07, 2008 @01:04PM (#25288559)

    and all they had to do was post a made-up "home satellite" article to slashdot.

  • intentionally damaging a computer system.

    Call me dense, but how did it damage the system? It unreasonably increased load on it, meaning it couldn't handle all its requests, but afterwards the system was still, one assumes, functioning.

    • Re:Technicality (Score:5, Interesting)

      by torchdragon (816357) on Tuesday October 07, 2008 @01:42PM (#25289175) Homepage

      The server was subjected to intentional unusual activities that caused a loss of business services. Is it actual physical damage? I'm not sure. I don't know what the legal definition the law is using.

      Either way, they caused business loss using non-legal practices. "Physical" damage or not, they should have know this would've been the recourse.

      One of my old co-workers decided to delete all the accounts on our Lotus server in China before he left (no, he wasn't trying to do us any favors either) the company. Sure, the "repair" was to reload the database from backup but that constituted damage under national and international law. He got nailed to the wall for it.

    • by Intron (870560)
      When computers are overloaded first smoke comes out, then there is a huge explosion. I've seen this in dozens of movies and Star Trek episodes. Your PC is probably so cheap that it didn't come with a self-destruct mechanism. I recommend Windows ME.
    • It really depends on the type of hardware involved.

      One example - Limited write memory can be intensely overwritten until it's worn out and rendered useless, resulting in financial loss.
      I don't know if it has anything to do with this case, or if any damage actually occurred.

      Just speaking in terms of technicalities.

    • by cowscows (103644)

      I'm certainly no lawyer, but I'd imagine that numerous things fall under the term "intentionally damaging a computer system." And that rendering the machine unusable, even for a limited time, counts as damage. If not, then there certainly would have to be a sister law that covered that sort of thing, as well as the integrity of software and data. That being the case, why wouldn't they combine it all under one law?

      Messing with data is often times more "damaging" to the victim than the hardware would be. It

  • by MattLees (1127603) on Tuesday October 07, 2008 @01:26PM (#25288893)
    Based on the UK Govs attitude to bending over whenever the US Gov requests someone to be extradited I wouldn't want to be in Lee Graham Walker's shoes right now.
    • As long as we don't want to execute them they seem to not really care. It is a classic attitude of the British to not want to keep (unconvicted) criminals in their country. Plus you can hardly blame them for honoring a treaty and all. Do you think they only do this for the US? I don't have the data, but I suspect they extradite people to France as well.

      • Re: (Score:2, Insightful)

        Plus you can hardly blame them for honoring a treaty and all.

        Watch me.
        We should never have signed up to such a wide-ranging treaty (a fact which has become abundantly clear recently) - I expect our government to frustrate the process of complying with the treaty as much as possible whilst simultaneously working to get out of it.

        I don't have the data, but I suspect they extradite people to France as well.

        The French justice system is a damn-sight more civilised than the US one.

        • Re: (Score:3, Insightful)

          by Ogive17 (691899)
          So what's your experience with the US and French judicial systems? I'm interested in hearing your first-hand account of your experiences dealing with both.
      • by legirons (809082)

        It is a classic attitude of the British to not want to keep (unconvicted) criminals

        Uhh, no such thing in British law?!?

  • by bendodge (998616) <bendodge@@@bsgprogrammers...com> on Tuesday October 07, 2008 @01:29PM (#25288933) Homepage Journal

    While I think it's a good thing that international cyber-vandalism (or whatever you want to call it) is being investigated in regular courts (instead of some super-world thingy), I think the most interesting part is the charges against Lee Graham Walker. According to the article, his crime was using IRC to chat with Gembe about the botnet's code. Now, I'm not a legal expert or even legal savvy, but that sounds like a charge that would easily apply to a lot of geeks who IM with geeks short on ethics. I don't think it's being misused in this case, but it does sound like a pretty wide net.

    • Re: (Score:3, Insightful)

      It's quite clearly misuse. Any IRC recording by the investigation entitiy would result in inadmissable evidence, at least under the US constitution. Since the "criminals" (as everyone likes calling them) are not US citizens, they aren't covered by the constitution.

      More importantly, a botnet could be used for any number of things. Depending on the actual conversation, Gembe may not have revealed his use, or lied saying it was to test a network he administered.

      • Re: (Score:2, Insightful)

        by Anonymous Coward

        Just because the defendants are not US citizens does not mean that Constitutional protections don't apply. The Constitution does not talk about the rights of citizens, but the rights of people. If US law is going to be applied to someone, then the entirety of US law, including the Constitution and its Supremacy Clause, apply.

        So you are wrong. They are covered by the Constitution.

  • satellite companies [slashdot.org] keep getting into trouble.
  • Should of hired the captain midnight guy or the max headroom to take over there satellite signal.

  • This DoS or DDoS is going to kill all of us, electronically. If this DoS or DDoS doesn't stop we will be at the mercy of these female donkey anal orifices. We cannot let these people go or their "handlers" (the people who hire and control them) go also. We need to stop this or this will stop the entire internet working since everyone will DoS or DDoS each other and we, the non-participants, will suffer from these stupid and total waste of network resource games. We need to find and get most of these people

  • On other reports (even the BBC), the British man is described as hailing from Bleys Bolton. So why does this place not turn up one hit on Google? All 41 hits I saw when I just tried a quoted search related to these indictment reports. We are sure these people exist, aren't we? Has anyone in the UK heard of Bleys Bolton? I sure haven't. Neither has Google Maps.
  • Hmmmmm.... let's see. There are three satellite service companies in town, and 2 of them were just attacked.

    Well, I guess I am stumped. I give up. Who might have done such a thing?
  • ...in this whole affair is that the UK gouverment handed a UK citizen over to the USA for something he was accused of in the USA, not the UK.

    The very concept of handing over your own citizens to a different country is absolutely disgusting.

The biggest mistake you can make is to believe that you are working for someone else.

Working...