NAKED CITY . Fine Print

Casualty of 'Bot War

Is Penn student Ryan Goldstein a pawn in an FBI malware sting?


	print	email	reply	rss feed

Published: Dec 5, 2007

The Department of Justice announced Saturday it had indicted several people after an FBI probe into computer-related crimes, including a University of Pennsylvania junior. But it seems that for all the millions lost through fraud and identity theft uncovered by "Operation Bot Roast II," Ryan Goldstein's involvement was borne simply out of revenge. His indictment puts his alleged dirty work as causing just "a loss of more than $5,000."

Goldstein is accused of conspiring with a New Zealand teenager to attack and take down an IRC network that had banned him. He is said to have used Penn-related computers to help accomplish this, and in the process, crashed his school's server.

A spokesperson at the U.S. Attorney's Office for the Eastern District of Pennsylvania says the damages would be submitted by the victim and determined by the investigation. The engineering school's senior director of IT, Helen Anderson, said in an e-mail that eight people worked on the server problem, which "degraded" Web service over the course of five days, and rendered it unusable the morning of Feb. 23, 2006.

Bernie S. (aka Ed Cummings), a local writer for hacker magazine 2600 and an organizer of security conferences, expressed skepticism about the real figure: "The only reason the amount is $5,000 is to bring it above a baseline" for charges and sentencing. He also pointed out that Goldstein isn't accused of bringing down a commercial server where business would be lost.

He said Penn "should be compensated with double or triple damages for the hassle that they had to suffer, but to say it was $5,000 solely to increase the sentencing ... it's wrong."

Bernie, who spent time in prison for having materials that could be used for both legal and illegal ends, points out that computer crimes are among many where punishment often exceeds the charge. "I don't wanna see anybody locked up, unless they cause a danger to the community. This guy's not really a danger to the community. He's a pain in the ass to the community. Locking somebody in a cage for a long time, it's a pretty serious thing. It just doesn't seem to mesh with what he's accused of doing.

"It wasn't five grand," says Bernie. "I'm sure they would love to make that much money, but they ain't making that."

Comments

Bernie, you need another cup of coffee? The report states in excess of $5,000. How do you know how much it cost to clean up after the mess created? Did they have to spend time investigating? Is that free time? How much do you think it cost them? $250? $500? From what I understand it easily costs $110 per hour of IT staff when they have to work on issues. I'm sure this took over 50 hours combined work for the University.

by Nunya Bidness on December 5th 2007 7:03 PM

50 hours? All that would be necessary is a server reboot, and maybe five minutes to retrieve the server access logs after the reboot. From everything I read, this was a one-time event, not a perpetual "attack". The "greater than $5,000" claim appears to be complete bullshit.

Very well-written article.

by Michael on December 5th 2007 7:32 PM

The 5k was simply for the damages doen to upenn. What about the damages from the the irc networks he set up to ddos? You still have to add the damages from TAUNET that he is responsible for on top of the upenn damages

by Sam on December 5th 2007 7:37 PM

Helen Anderson sounds like a bitch with narcissistic personality disorder.

by L.W.B. on December 5th 2007 7:42 PM

Also In This Week's Naked City Section

As Scene On:

Return of the Mechnabotic Wermz

Damonabnormal on the street

Icepack

by A.D. Amorosi

Amorosi on the news, nightlife, gossip and bitchiness beats.

Hero Worship

by J.F. Pirro

Al Wiesner's superman archetype Shaloman drops some Hanukkah science.

Running Numbers

by Nick Norlen

A scholarly look at the digits that matter.