Two Europeans Indicted In US For 2003 DDOS Attacks

narramissic writes "In a continuation of the first successful U.S. investigation ever into DDOS attacks, Axel Gembe, 25, of Germany and Lee Graham Walker, 24, of England were indicted Thursday by a grand jury in Los Angeles, California, on one count of conspiracy and one count of intentionally damaging a computer system. The two men were allegedly hired by Jay R. Echouafni, owner of Orbit Communication, a Massachusetts-based company that sold home satellite systems, to carry out DDOS attacks against two of Orbit's competitors."

Criminal Minds

[mfh]

It takes a genius to hire a couple of people to do your dirty work. It takes even greater genius to accept money to damage computer systems, from a complete stranger who would never rat you out.

Re:

[sjwest]

Well least the american who hired them is no criminal. America loves to blame us 'foreigners'

Re:

[Anonymous Coward]

Might want to learn to read English, bud. The man who hired them was primarily being investigated, that lead to the 'foreigners'. Those darn Americans!

Re:Criminal Minds

[Ash Vince]

Why has this been modded flamebait? it seems like a valid point to me and also to most legal systems (including the US). The person who commissioned a crime to be committed is surely just as guilty as the people who committed it?

All three of them should be tried together and face the same penalty.

Re:

[Elektroschock]

What surprises me is that A. Gembe went to the US. After all it is constitutionally impossible to get deported to third nations for a crime. So why didn't he stay at home? I would not suspect to get a fair trial in the States because the criminal enforcement system is broken.

Re:

[davidphogan74]

Actually, the guy is Moroccan.

See also: http://www.fbi.gov/wanted/fugitives/cyber/echouafni_s.htm [fbi.gov]

Re:Tax Dollars

[Reality Master 101]

It's a criminal investigation. If Company A vandalizes Company B, do you expect Company B to "bring their own evidence to court"?

Re:

[An anonymous Frank]

Perhaps it wasn't that easy to figure out the real $ource of the attack. --I am very curious as to what may happen to Orbit though.

Re:

[Hairy Heron]

Why is this marked insightful? What exactly insightful in asking why federal investigators became involved in a case that falls under a federal criminal statute?

Re:

[Anonymous Coward]

Judging by the fact that the Grand Jury is in California, the crime was committed against a party in another state. Thus federal jurisdiction.

Re:

[thatskinnyguy]

Because it's a felony. With any felony - a crime against the state - technically, the government is always involved.

Re:

[Raiden30]

The post offers no insights, it barely even makes a point for that matter, instead the post just makes a statement with a rhetorical question. If anything someone should mod it "no shit Sherlock"

Re:

[Shadow-isoHunt]

Uh, it's in court. Thus, the government(who runs the court) is involved. It doesn't matter if it's even civil court, it's still friggin government.

Re:

[thatskinnyguy]

True. Except when it is a civil matter The Man acts as a mediator between parties and/or settles the dispute with a trial. In my state the Docket would read "[Party 1] vs [Party 2]".

In the case of a felony, The Man would be the second party. The docket in my state would read "The State of Ohio vs. [Party 2]"

Only in very special matters is there ever "The United States vs. [Party 2]" in which case Party 2 is fucked for even having their name on the paper.

Re:

[iplayfast]

My God!...

Slashdot....

It's full of lawyers!

extradition

[SkunkPussy]

were they extradited? if so, why?

Re:

[mapsjanhere]

AFAIK Germany doesn't extradite its citizens due to constitutional constrains, put there after the Nazi rule.

Re:

[mapsjanhere]

They have an exception for EU member states and international courts, so the US is out.

Re:extradition

[neuromanc3r]

You're wrong. Germany does extradite citizens, as long as a couple of conditions are met.

Specifically, the suspect must have committed a crime that is punishable in both countries, must not be tortured or executed after the extradition, needs a fair trial and so on...

Re:

[mapsjanhere]

that's why I went back and looked up the German Grundgesetz.
Artikel 16
(2) Kein Deutscher darf an das Ausland ausgeliefert werden. Durch Gesetz kann eine abweichende Regelung für Auslieferungen an einen Mitgliedstaat der EuropÃischen Union oder an einen internationalen Gerichtshof getroffen werden, soweit rechtsstaatliche GrundsÃtze gewahrt sind.

Re:extradition

[mrvan]

"No German can be extradited to another country. The law can create a different arrangement for extraditions to the EU or an international court, as long as fair trial [rule of law] is guaranteed."

[not a german native speaker, apologies for any mistakes]

Re:

[PolygamousRanchKid]

You got that right (IAANS - I am a native speaker).

Hans, bist Du es?

Re:

[Elektroschock]

Here is the constitution (offical translation) [bundestag.de]

Re:

[Elektroschock]

Sorry, here [bundestag.de].

Re:

[CrimsonAvenger]

Oddly enough, Google very quickly comes up with an article about Extradition Treaty between Germany and the USA originally signed in 1978, with a Supplement to same in 1986, and another couple of Supplements in 2006.

Re:

[mapsjanhere]

This is for "other citizens", e. g. a US citizen arrested in Germany. Germany does not extradite to countries with the death penalty, so every extradition to the US needs a "we won't seek the death penalty" waiver from the US.

Re:

[Elektroschock]

Sorry, so it is possible at all that a German citizens gets extradicted to the US? I am shocked!

Re:

[mapsjanhere]

Catch him in another country, Germans love to go on vacations.
But, joke aside, my guess is the Germans will probably prosecute him anyway for what he did, what would proscribe prosecution here under double jeopardy.

Re:

[bsDaemon]

s/Germany/Israel

Re:

[spacefiddle]

Lee Graham Walker, a British citizen, and the German malware programmer Axel Gembe have appeared in a federal court in San Francisco...

I'm guessing yes.

This article [heise.de] also notes that Gembe may have been the HL2 thief, and that he's been on the hook for this DDoS attack since 2006: this was just their (first?) court appearance for it.

I have no particular premonition about how this will all turn out. On the one hand, German courts were taking it easy on him as long as he straightened his life out... on the other, the FBI with its "first successful investigation" into a DDoS may wish to make example of. We'll see.

Remember kids...

[Fred_A]

... always stop around 1995 DOS attacks or you'll be indicted !

Better safe than sorry !

Revoke

[Improv]

This seems like a good time to consider revoking Orbit Communications' corporate charter.

Re:

[terraformer]

And ban the "owner" from ever serving on a corporate board. If he wants to run a business, he can run the local qwiki-mart. In fact, even that is likely an s-corp. Maybe he can run a lemonade stand.

Re:Revoke

[idontgno]

Maybe he can run a lemonade stand.

Well, right now, he's running... like the fugitive scum that he is.

http://www.fbi.gov/wanted/fugitives/cyber/echouafni_s.htm [fbi.gov]

Re:

[Zibri]

"SHOULD BE CONSIDERED ARMED AND DANGEROUS", uh... He might hire europeans to DDoS you! Fear!

Re:

[Anal Surprise]

He's running from the FBI. Guns aren't that hard to get.

Re:

[Anonymous Coward]

I don't think there will be any repercussions for Orbit, considering they are a Saudi-based company (http://www.zawya.com/cm/profile.cfm/cid1001503/). They couldn't go after the company, so they went after the people. I wish that's how it worked in US corporations.

Re:

[Anonymous Coward]

It's Massachusetts. The penalty for running over and killing someone while driving drunk is to become a state senator. The penalty for severe security lapses that allow terrorists to kill 3000 people is - well, nothing.

Besides, given that they think that blinking cartoon characters made out of LEDs are bombs, I doubt anyone in power in that state is smart enough to understand what a DDOS attack is. Even MIT's management decided LEDs were bombs when the state police almost shot one of their students for wear

Re:

[JaneTheIgnorantSlut]

I know its inconvenient, but perhaps we could wait until after the trial and conviction to exact punishment.

sigh

[gbjbaanb]

and all they had to do was post a made-up "home satellite" article to slashdot.

Technicality

[jrothwell97]

intentionally damaging a computer system.

Call me dense, but how did it damage the system? It unreasonably increased load on it, meaning it couldn't handle all its requests, but afterwards the system was still, one assumes, functioning.

Re:Technicality

[torchdragon]

The server was subjected to intentional unusual activities that caused a loss of business services. Is it actual physical damage? I'm not sure. I don't know what the legal definition the law is using.

Either way, they caused business loss using non-legal practices. "Physical" damage or not, they should have know this would've been the recourse.

One of my old co-workers decided to delete all the accounts on our Lotus server in China before he left (no, he wasn't trying to do us any favors either) the company. Sure, the "repair" was to reload the database from backup but that constituted damage under national and international law. He got nailed to the wall for it.

Re:

[Intron]

When computers are overloaded first smoke comes out, then there is a huge explosion. I've seen this in dozens of movies and Star Trek episodes. Your PC is probably so cheap that it didn't come with a self-destruct mechanism. I recommend Windows ME.

Software can damage hardware

[Layth]

It really depends on the type of hardware involved.

One example - Limited write memory can be intensely overwritten until it's worn out and rendered useless, resulting in financial loss.
I don't know if it has anything to do with this case, or if any damage actually occurred.

Just speaking in terms of technicalities.

Re:

[cowscows]

I'm certainly no lawyer, but I'd imagine that numerous things fall under the term "intentionally damaging a computer system." And that rendering the machine unusable, even for a limited time, counts as damage. If not, then there certainly would have to be a sister law that covered that sort of thing, as well as the integrity of software and data. That being the case, why wouldn't they combine it all under one law?

Messing with data is often times more "damaging" to the victim than the hardware would be. It

Extradition from the UK to US

[MattLees]

Based on the UK Govs attitude to bending over whenever the US Gov requests someone to be extradited I wouldn't want to be in Lee Graham Walker's shoes right now.

Re:

[OrangeTide]

As long as we don't want to execute them they seem to not really care. It is a classic attitude of the British to not want to keep (unconvicted) criminals in their country. Plus you can hardly blame them for honoring a treaty and all. Do you think they only do this for the US? I don't have the data, but I suspect they extradite people to France as well.

Re:Extradition from the UK to US

[CrimsonAvenger]

The difference with extraditing to France is that it works both ways. With the US it unfortunately isn't.

I wish this particular idea would quietly give up the ghost. It's just not true.

There is a valid, reciprocal, extradition treaty between the USA and the UK. The UK has, in addition, ratified a revision to that Treaty that the US Senate hasn't bothered to ratify yet. Which means the revision is valid in the UK (assuming the brits choose to treat it as valid - they don't have to, since it hasn't been ratified here), but the original treaty is still valid in the USA (and in the UK, assuming the brits choose to treat the revision as not yet valid, since it hasn't been ratified by the Senate).

Which means that people can be (and are) extradited to the UK from the USA when the appropriate paperwork is submitted to whatever department of the US government handles such things. Just like happens when the USA wants to extradite someone from the UK.

Re:

[aproposofwhat]

Can we have our IRA terrorists (and their Noraid funders) back, please?

Re:

[CrimsonAvenger]

Can we have our IRA terrorists (and their Noraid funders) back, please?

Sure. Fill out the paperwork, and send it on over to the Justice Department. After, of course, charging them with a crime over there. Then wait for the hearings, appeals, etc. to go through.

Just like we have to do when we try to extradite someone from over there.

Re:

[Anonymous Cowpat]

Plus you can hardly blame them for honoring a treaty and all.

Watch me.
We should never have signed up to such a wide-ranging treaty (a fact which has become abundantly clear recently) - I expect our government to frustrate the process of complying with the treaty as much as possible whilst simultaneously working to get out of it.

I don't have the data, but I suspect they extradite people to France as well.

The French justice system is a damn-sight more civilised than the US one.

Re:

[SkunkPussy]

no you don't!

(this could go on for ever)

Re:

[Ogive17]

So what's your experience with the US and French judicial systems? I'm interested in hearing your first-hand account of your experiences dealing with both.

Re:

[shermo]

"The last executions took place in 1977"

http://en.wikipedia.org/wiki/Capital_punishment_in_France [wikipedia.org]

I think that's a good place to start.

Of course that depends if you consider killing peeople 'civilized'.

Re:

[OrangeTide]

The last execution in Michigan was 1938. Meaning they are morally superior to the French.

http://en.wikipedia.org/wiki/Capital_punishment_in_Michigan [wikipedia.org]

(it was against state law in 1938, for over 90 years in fact, but the federal government did it anyways)

Re:

[Anonymous Cowpat]

The French justice system is known for such civilized aspects as guillotining women for the "crime" of abortion within living memory.

And the US has executed people for equally dubious reasons in the past. The point at issue though is which is more civilized RIGHT NOW, and the one which doesn't execute people at all comes out on top there.

France follows the Napoleonic code, which among other things has a de facto (although not de jure) presumption of guilt of an accused.

*shrug* any trial actually run on the

Re:

[legirons]

It is a classic attitude of the British to not want to keep (unconvicted) criminals

Uhh, no such thing in British law?!?

The interesting part

[bendodge]

While I think it's a good thing that international cyber-vandalism (or whatever you want to call it) is being investigated in regular courts (instead of some super-world thingy), I think the most interesting part is the charges against Lee Graham Walker. According to the article, his crime was using IRC to chat with Gembe about the botnet's code. Now, I'm not a legal expert or even legal savvy, but that sounds like a charge that would easily apply to a lot of geeks who IM with geeks short on ethics. I don't think it's being misused in this case, but it does sound like a pretty wide net.

Re:

[Penguinoflight]

It's quite clearly misuse. Any IRC recording by the investigation entitiy would result in inadmissable evidence, at least under the US constitution. Since the "criminals" (as everyone likes calling them) are not US citizens, they aren't covered by the constitution.

More importantly, a botnet could be used for any number of things. Depending on the actual conversation, Gembe may not have revealed his use, or lied saying it was to test a network he administered.

Re:

[Anonymous Coward]

Just because the defendants are not US citizens does not mean that Constitutional protections don't apply. The Constitution does not talk about the rights of citizens, but the rights of people. If US law is going to be applied to someone, then the entirety of US law, including the Constitution and its Supremacy Clause, apply.

So you are wrong. They are covered by the Constitution.

satellite companies

[Presto Vivace]

satellite companies [slashdot.org] keep getting into trouble.

Should of hired the captain midnight guy or the ma

[Joe The Dragon]

Should of hired the captain midnight guy or the max headroom to take over there satellite signal.

Good. But this is tip of the iceberg.

[Neanderthal Ninny]

This DoS or DDoS is going to kill all of us, electronically. If this DoS or DDoS doesn't stop we will be at the mercy of these female donkey anal orifices. We cannot let these people go or their "handlers" (the people who hire and control them) go also. We need to stop this or this will stop the entire internet working since everyone will DoS or DDoS each other and we, the non-participants, will suffer from these stupid and total waste of network resource games. We need to find and get most of these people

Bleys Bolton

[LordSnooty]

On other reports (even the BBC), the British man is described as hailing from Bleys Bolton. So why does this place not turn up one hit on Google? All 41 hits I saw when I just tried a quoted search related to these indictment reports. We are sure these people exist, aren't we? Has anyone in the UK heard of Bleys Bolton? I sure haven't. Neither has Google Maps.

Re:

[SkunkPussy]

also I tried searching for Bleys as a district of Bolton but no joy there either

Sheer Genius!

[Jane Q. Public]

Hmmmmm.... let's see. There are three satellite service companies in town, and 2 of them were just attacked.

Well, I guess I am stumped. I give up. Who might have done such a thing?

The *really* interesting thing...

[KlausBreuer]

...in this whole affair is that the UK gouverment handed a UK citizen over to the USA for something he was accused of in the USA, not the UK.

The very concept of handing over your own citizens to a different country is absolutely disgusting.