What Kind Of Punishment Should Virus Writers Get?

from the that'll-show-them... dept

While some are wondering if virus writers deserve jailtime, it looks like Russia is taking a fairly lenient approach to dealing with them. After a virus writer admitted he was guilty of writing some viruses, he was fined 3,000 rubles, which is just a bit over $100. Of course, perhaps the reasoning is that none of the viruses he wrote actually spread very far — which should raise some other questions. Is it illegal to write viruses? Or illegal to spread them? If so, should the punishment be determined by how much damage the viruses did?

Rate this comment as insightful
Rate this comment as funny
You have rated this comment as insightful
You have rated this comment as funny
Flag this comment as abusive/trolling/spam
You have flagged this comment
The first word has already been claimed
The last word has already been claimed
Insightful Lightbulb icon Funny Laughing icon Abusive/trolling/spam Flag icon Insightful badge Lightbulb icon Funny badge Laughing icon Comments icon

Comments on “What Kind Of Punishment Should Virus Writers Get?”

Subscribe: RSS Leave a comment
Steve Mueller (user link) says:

Virus Writing

Is it illegal to write viruses? Or illegal to spread them? If so, should the punishment be determined by how much damage the viruses did?

While I don’t encourage anybody to write viruses, I don’t think writing them should be illegal in and of itself. There are places where they could be educational (academia) or even useful (product upgrades). Remember the “good” virus that was supposed to remove a “bad” virus?

However, virus writers should be liable if they didn’t take proper precautions. If a virus writer posts his code on a hacker site, I think existing negligence laws could apply. If a college researcher writes one and a student steals the code and distributes it, I wouldn’t hold the researcher liable.

Of course, distributing a virus to the general public should almost always be a criminal act. And, like other criminal acts, the damage caused should definitely be taken into account. A drunk driver who didn’t cause any property damage or any injuries shouldn’t be punished as harshly as one who ran into a car and killed six people.

Anonymous Coward says:

Re: Virus Writing

Steve — I more or less agree with you yet you forget that one man’s coder is another man’s hacker!

I’ve been in plenty of conversations, in person, in newsgroups, in email lists, where the conversations goes something like this…

“hey, there’s a problem with x, can someone explain”
“hey, x happens because a limit in y which is there because of z”
“so, wait, you mean if i change y i blow the whole thing wide open?”
“yes, here’s a sample that shows it.”
posts code.

this is how exploits are found and developed in professional conversations on respectable sites. people might post frameworks that do amazing things just to show a point. these things don’t happen in malice and I think one makes a mistake by attempting to regulate where the expression happens or by attempting to divine motive.

I’d stick with ‘whoever intentionally compiles and intentionally releases is the guilty party’.

The authors are naturally going to want to stay out of trouble and they do that by posting fragments or excerpts, if they were to post full source, they’d have to deal with defending against accusation.. yet when the virus is just 50 lines of code they will have to show the whole thing so that people can defend against it and should not be held responsible is someone goes nuts with their model!

Steve Mueller (user link) says:

Posting Code

I’ve been in plenty of conversations, in person, in newsgroups, in email lists, where the conversations goes something like this…

“hey, there’s a problem with x, can someone explain”
“hey, x happens because a limit in y which is there because of z”
“so, wait, you mean if i change y i blow the whole thing wide open?”
“yes, here’s a sample that shows it.”
posts code.

The problem comes in that last step, I think. Why isn’t “yes” a sufficient answer? Why post code instead of leaving it as an exercise to the reader?

Using my negligence model, if you post code that exploits a system problem without knowing who your audience is, that’s pretty negligent.

In the real world, I can be put in jail for having a gun in my own house if somebody finds and kills somebody with it. If I gave a loaded gun to somebody I didn’t know, that would be worse — and very similar to posting dangerous code where you don’t know who you’re giving it to.

TJ says:


No doubt many disagree with me, but with most crimes at most a few people are negatively affected; perhaps very much so as in the case of murder or rape. I’m not making light of that. But isn’t a moderate harm to millions at least as substantial as enormous harm to one or a few?

I say fry some of the bastards, and potential authors of future viral code will think twice before deciding to unleash their creations on the world. Same with spammers. But I’m not overly extreme, and would despense with the death penalty. Just make them mandatory enrollies in organ donor programs instead; and if they have an organ that a DECENT human being needs, then it is mandatory that they donate it at once. Harsh, yes. Deterrent? You bet your ass!, or kidney, or heart, or eyes, or…

P*d off computer user says:

Re: Proportionality

Hear! Hear! Except that virus writers should be tortured severely, at least psychologically!!
Also, I am for the death penalty for virus writers. If those slimy little pencil neck, pimpled geeks know that they may pay with their lives for what their nerdy little excuse for a sense of humor erroneously tells them is cool or funny, maybe they’ll think twice, or at least s**t themselves, which I’m sure they do on a regular basis anyway!!!! (I’ve had PC’s that have been destroyed by viruses and worms planted by these no-good, pocket protector wearing, tape on glasses trolls!!!) FRY THEM ALL, BUT TORTURE THEM FIRST (UNTIL THEY CRY OUT LIKE THE PATHETIC LITTLE P**SIES THEY REALLY ARE!!!!!!)

RJD says:

Make it fit the crime

Yes they should be punished but it should be like any other crime. When someone kills another person, you have Murder 1,2,3 or Manslaughter 1,2,3 or etc etc. Which basically indicates that every ‘crime’ is committed to some degree and the burden of guilt/innocence is decided by a jury of their peers.

So if some writes and virus and posts it’s or let’s it free, the degree of the crime should be comisserate with the harm caused. If all you get is an annoying pop-up dialog and nothing else, maybe a small fine. If the virus unintenationally causes harm then something akin to manslaughter would apply ie yes you did the crime but you didn’t really mean to cause that much harm. And my favorite, causing intentional harm to others. Make the time fit the crime in some way. Prison time, yes. Removal from all computer related items, yes. Virus’s which are written to cause financial harm should be treated as robbery or attempted robbery.

Our law system has the basic foundation in place to handle most computer related crimes but needs some definite tweaking in some places to incorporate technology advances. Which just need all the lawyers and citizens committees and business committees etc to get out of the way so they can get amended and put on the books. They can be amended over time as other laws are.

HackedandF**DByViruses says:

No Subject Given

Torture them until they cry out like the pathetic pasty faced, puny, pimply nerd weasels they are, then torture them some more, take a dump and piss (both right on their faces and all over them), then after making them lick it all up, shoot them several times and decapitate them; shit all over them again and leave them there for all to see; you’re now all set…..

Robinson Porter says:

Virus authors can go to hell

Don’t some of even the simplest viruses/worms/trojans cause millions of dollars worth of damage to some businesses? If you create ANYTHING that does this kind of damage, on a computer or not, you deserve to be in prison for a long time. I’d like to see some punk-ass Russian hacker nerd get the shit kicked out of him in an American federal prison for trying to steal money from banks. I can’t imagine any other reason more fitting to send someone to a federal prison than stealing from FDIC insured banks… I think convicted cyber criminals should have punishments that restrict their access to computers.

Also, wouldn’t it be more beneficial to create a a division of law enforcement dedicated to cyber crimes? More people are victim to cyber crimes than regular crime nowadays. Just in case any politicians are reading, here’s a suggestion; FIRE EVERY DEA OFFICER ASSIGNED TO STOPPING CANNABIS CULTIVATION IN CALIFORNIA, LEGALIZE CANNABIS, DIVERT .1% OF THE 65 BILLION DOLLARS TO A CYBER CRIME LAW ENFORCEMENT AGENCY, AND CONVICT PEOPLE COMMITTING REAL CRIMES.

Bob says:


Honestly, I don’t think that the majority of virus writers and hackers deserve any punishment. It should be common knowledge that the Internet isn’t a safe haven. If you want to put all of your personal information, banking info, and “Top Secret Files” on the Internet, it’s your funeral and open game for anyone who wants it. Now I’m not all on the side of the hackers here. I think that if severe damage was caused or major harm was done as a result of their actions, they should be punished accordingly. People who create and use viruses that damage peoples’ actual computers or steal/damage/delete their personal files or information from there absolutely should be punished. Putting personal information etc… on the internet, is the equivalent of putting something of personal value on the side of the road, leaving it alone there, and expecting all other people to do the same. Most people will pass it by, but eventually someone’s going to come along, see something they like, and take it. People should be smart enough to know that.

Jim says:

Virus Writer punishment

Well, first of all they should be forced to write disinfection code for their viruses. Next, they should be publicly shamed in the news media and the internet.

Next, they should be given hard labor, and I mean hard. I’m talking 14 hour days in the hot sun and freezing cold without much of a break, chopping weeds or digging ditches or patching roads.

If they have intentionally caused harm to millions of people, I don’t think 20 years of hard labor is too much. If they have unintentionally caused harm (as in leaking code unintentionally) or if they intended the virus as a joke, such as people that bring a gun into the bank think it’s funny, they should be given a sentence accordingly.
Perhaps that would be a month to a year.

Add Your Comment

Your email address will not be published. Required fields are marked *

Have a Techdirt Account? Sign in now. Want one? Register here

Comment Options:

Make this the or (get credits or sign in to see balance) what's this?

What's this?

Techdirt community members with Techdirt Credits can spotlight a comment as either the "First Word" or "Last Word" on a particular comment thread. Credits can be purchased at the Techdirt Insider Shop »

Follow Techdirt

Techdirt Daily Newsletter

Techdirt Deals
Techdirt Insider Discord
The latest chatter on the Techdirt Insider Discord channel...