January 31, 2007 6:50 PM PST

Dutch botnet hackers sentenced to time served

A Dutch court on Tuesday sentenced two hackers to prison for breaking into millions of computers worldwide and using the hijacked systems in online crimes.

The lead perpetrator was sentenced to two years in prison and the accomplice to 18 months, the Dutch public prosecution service said in a statement. Part of each sentence is probationary. In both cases the sentences equal the time the two young men have already served, meaning they don't have to spend any more time in prison.

In addition to the prison sentences, the court ordered the main hacker to pay a 9,000 euro ($11,700) fine, while the second hacker was ordered to pay 4,000 euros ($5,200). In keeping with Dutch court custom, the hackers were not identified.

The court found the pair responsible for commandeering millions of computers last year with a Trojan horse called Toxbot. They used the hijacked systems in a network, popularly called a botnet, to steal credit card numbers and other personal data, and to blackmail online businesses by threatening to take down their Web sites.

The 20-year-old main hacker was responsible for creating Toxbot as well as another Trojan, called Wayphisher, the court found. The 28-year-old accomplice helped to spread the Trojan horses and maintain the network of compromised PCs. Both individuals were arrested in October.

The pair used the identity information they collected, which also included eBay and PayPal account details, to purchase PlayStation game consoles, iPods, audio speakers, a graphics card and a camera, according to the prosecution.

"We're not unhappy with the ruling in this case," said Hans Mos, a spokesman for the prosecution told Dutch media, referring to the case as the first large cybercrime case tried in the Netherlands.

Botnets are seen by experts as a prime threat to the Internet. Authorities are cracking down and have had successes in catching, prosecuting and convicting so-called bot herders in recent years. But criminals are organizing better and moving to more sophisticated tactics, authorities have said.

Other suspects in the Dutch case still have to appear before a judge.

See more CNET content tagged:
hacker, sentence, trojan horse, PC

14 comments

Join the conversation!
Add your comment
You call THAT punishment???
Why should cybercrime be viewed as any less despicable than
sticking a gun in the ribs of a victim? Make that MILLIONS of
victims. I dunno, blackmail, credit card theft, and commandeering
computer systems seem a little more serious to me than three
months in jail (they were arrested in October) and some measly
fines.

Message to hackers: Go right ahead. It's worth the chance.
Posted by RhymingDesigner (14 comments )
Reply Link Flag
Too lenient by far
Not only is it worth the chance, it would appear to be potentially quite profitable. Piddly fines and short jail times like that become merely a cost of doing "business".
Posted by pmc8 (6 comments )
Link Flag
angering, ain't it?
Couldn't agree more with what you said.

I'd like to know what the victims of these cybercrimes feel about
this so-called "punishment" for them. You'd think a few of them
would be demanding more justice!
Posted by sjkx (49 comments )
Link Flag
Insulting sentence
It's astonishing that 18 months and an $11,000 fine is all that came of commandeering a million PCs, stealing identities, committing fraud, and stealing money. This is not to mention the cost to businesses who were infected and needed to clean up their networks.

It's really mind-boggling to figure out how they came up with this sentence. Truly, they are showing that it's okay to do cybercrime in their country.

The inconsistency of computer crime sentencing is really, really pathetic.
Posted by Fireweaver (105 comments )
Link Flag
Get Tough
Maybe if someone cut off a hand of these guys that would begin to slow down some of these hackers.
Posted by googleisamonoply (1 comment )
Reply Link Flag
Hmm...
i do not approve their acts, but they only saw chance to make money. Acctually users are responsible for crimes of this kind.

If users take care for their security this wouldn't happend. If they don't know how to do it, they should take a few lessons, and if they don't want to learn then they should be attacked...
Posted by LiquidBrain (6 comments )
Link Flag
Punishment ?? that's load of CRAP !!
I hope the members of there court system has their identities stolen then the punishment will change.
And how about the Millions spent cleaning up their mess ??
Posted by Lord Paul (30 comments )
Reply Link Flag
Yeah..
Contributing outraged comment, X.
Posted by nanotekman (4 comments )
Reply Link Flag
The sentence doesn't match the crime
At that rate... all we can expect is an increase in ID thefts!!!

It's a lucrative business and needs to be nipped at the bud.

Stealing credit card info and using that stolen data illegally should carry a MINIMUM sentence of 10 years and at least a $250,000 fine.

Otherwise... it would be worth the minimal time which the Dutch are offering as they can still profit from it with such light sentencing to want to go out and do it again!!!

FWIW
Posted by wbenton (522 comments )
Reply Link Flag
 

Join the conversation

Add your comment

The posting of advertisements, profanity, or personal attacks is prohibited. Click here to review our Terms of Use.

What's Hot

Discussions

Shared

RSS Feeds

Add headlines from CNET News to your homepage or feedreader.