Finnish teen convicted of 50,000 hacks avoids jail time. Why?
A Finnish teenager has been convicted of 50,700 鈥渁ggravated computer break-ins鈥 鈥 and punished with what some say is a mere slap on the wrist.
On Wednesday, Finland鈥檚 District Court of Espoo found Julius Kivim盲ki guilty of cybercrimes that involved break-ins into Harvard University and the Massachusetts Institute of Technology (MIT), email hijacking, blocking traffic to websites, and credit card theft, the BBC . Despite the severity of the crimes, the 17-year-old hacker, largely because of his youth, has not been jailed, and instead received a two-year suspended prison sentence, according to the British network.
The incident has raised questions about how forcefully judicial systems around the world should deal with hackers, particularly those who are also juveniles.
鈥淭he danger in a [court] decision such as this is that it emboldens young malicious hackers by reinforcing the already popular notion that there are no consequences for cybercrimes committed by individuals under the age of 18,鈥 cybersecurity expert Brian Krebs in his blog.
The ruling, he added, was a 鈥渨in for Internet trolls.鈥
As they have with crimes committed by minors, authorities have struggled to strike the right balance in dealing with juvenile cybercriminals. Some officials鈥 attempts to deter young people from committing cybercrimes have been criticized as too heavy-handed.
Take the case of 鈥,鈥 who in 2012 was found guilty of a slew of cyber-attacks, including credit card fraud, identity theft, and bomb threats. He was 15.
Cosmo鈥檚 sentence, issued in Long Beach, Calif., placed him on probation until his 21st birthday. Until then, he would not be allowed to use the Internet without supervision or prior consent from his parole officer, or for any purposes besides education, Wired at the time. He also had to hand over his passwords and account logins, and give up the computers that the FBI took when they raided his home. Violation of the terms would land him in jail for three years, according to Wired.
It was, as Gizmodo鈥檚 Sam Biddle , 鈥渢he hacker equivalent of a death sentence.鈥
鈥淭o keep someone off the Internet for six years 鈥 that one term seems unduly harsh,鈥 Jay Leiderman, a Los Angeles attorney who has represented alleged members of Anonymous and LulzSec, told Wired. 鈥淵ou鈥檙e talking about a really bright, gifted kid in terms of all things Internet. I feel that monitored Internet access for six years ... could sideline his whole life 鈥 his career path, his art, his skills. At some level it鈥檚 like taking away Mozart鈥檚 piano.鈥
Yet some experts say that heavy punishment is necessary to discourage young hackers from committing crimes in the future.
Mr. Kivim盲ki, who was previously linked to the hacker group Lizard Squad聽and who now describes himself on his Twitter profile as an 鈥,鈥澛爓as able to compromise more than 50,000 computer servers, installing 鈥榖ackdoors鈥 that let him sneak in and retrieve information, the BBC reported. Prosecutors also accused him of carrying out denial of service (DoS) attacks 鈥 which interrupt or suspend the services of a host connected to the Internet 鈥 and of helping steal gigabytes worth of data from MIT's servers.
The latter attack incurred more than $213,000 in costs as a consequence, the company that ran MIT鈥檚 email infrastructure told the network.
These are serious crimes that merit serious punishment, Mr. Krebs noted.
鈥淚t is clear that the Finnish legal system, like that of the United States, simply does not know what to do with minors who are guilty of severe cybercrimes,鈥 he wrote.
On the other hand,聽Kivim盲ki did spend a month in jail while awaiting trial, a fact that was also considered in his sentence.
鈥淸The verdict] took into account the young age of the defendant at the time, his capacity to understand the harmfulness of the crimes, and the fact that he had been imprisoned for about a month during the pre-trial investigation,鈥 a court statement said, according to the BBC.聽
One step that cybersecurity experts suggest against juvenile cybercrime聽is to teach cyber-ethics at an early age, and to perhaps even make it part of the curriculum, so that children grow up with a sense of what鈥檚 right and wrong in the digital space.
鈥淲e need to be teaching children, starting at a very young age, to shun all forms of cybercrime, from making illegal copies of software to stealing usernames and passwords and trespassing into systems that don鈥檛 belong to you,鈥 Stephen Cobb, senior security researcher at cybersecurity firm ESET, for the company鈥檚 news site.
Governments and other industries should also work to increase international pressure against hacking, as well to improve opportunities for talented young hackers, he added.
鈥淭he old saying that idle hands are the devil鈥檚 playthings also applies to hacking skills,鈥 Mr. Cobb wrote. 鈥淚f more people have them than there are jobs in which to employ them, those 鈥榮killz鈥 are apt to be misused.鈥
