I hope he has learnt his lesson.
8-month suspended sentence for script kiddie who DDoS'd Labour candidate in runup to 2019 UK general election
A British script kiddie who DDoS'd a Labour Party parliamentary candidate's website in the runup to the last general election has been banned from using the Tor browser. Bradley Niblock, formerly the operator of the UGLegion Twitter account, pleaded guilty to two Computer Misuse Act crimes after being tracked down by Cumbria …
COMMENTS
-
-
-
Wednesday 30th June 2021 17:33 GMT John Brown (no body)
Re: F**** it!
I came here to ask if anyone knew what the point of the "attack" was.
Technically, yes, he "attacked" the democratic process, but really, who goes looking at a candidates website just days before voting for them? Unless it was expected to be such a close race as to require years worth of recounts by the Ninjas, what was the kid thinking?
He deserves to book thrown at him as much for being an idiot as for what he did.
-
-
-
-
Wednesday 30th June 2021 19:28 GMT vogon00
Not harsh enough!
"working as a web designer"
Not harsh enough IMO! If he's working, he's earning....and probably earning reasonable coin with that job title.
If I had been the one passing sentence, I would have probably suggested he could choose to actually serve the 8 months in the bridewell or have it suspended...but suspended only if he spent those 8 months programming in
VBA[1] using the Office-provided IDE. That'd teach him not to misbehave / be a dickhead at other peoples expense.Actually, come to think of it, I doubt I'd be allowed to pass that sentence.... aren't 'Cruel and unusual' punishments forbidden these days?
[1] Partially obscured to avoid some of the horror induced by those three letters.
-
-
-
Wednesday 30th June 2021 16:44 GMT Cederic
impressively balanced
I like "banned from signing up to social media platforms using "vanity names" unless these are "made available to the police for inspection on request"".
Forcing him to only use his real name would be a horrible invasion of privacy and expose him to risks if he does online gaming or has hobbies that aren't work friendly, so when the summary mentioned this restriction my initial reaction was negative. What they've actually done though is a nice balance between giving him the means to protect himself online while making it either easy to check that he's behaving, or charge him with an offense if he ignores the ruling.
(He could have ignored the 'no vanity names' ruling anyway, so in that regard this approach is no worse than a blanket ban.)
A political site I browse (but don't have an account on so never comment) had a commenter that did have a 'must use your real name' court order. He received direct abuse from other commenters as a result, as they took advantage of being able to research his life in depth and attacked him for the things with which they disagreed. (He's now actually in prison due to a recurrence of the online behaviour that earned him the court order in the first place; a sad situation that seems linked to mental issues).
So I welcome this court trying to find a sensible balance between discouraging poor behaviour, protecting the public and nonetheless protecting the individual concerned.
-
Wednesday 30th June 2021 17:38 GMT John Brown (no body)
Re: impressively balanced
"Forcing him to only use his real name would be a horrible invasion of privacy and expose him to risks if he does online gaming or has hobbies that aren't work friendly, so when the summary mentioned this restriction my initial reaction was negative. What they've actually done though is a nice balance between giving him the means to protect himself online while making it either easy to check that he's behaving, or charge him with an offense if he ignores the ruling."
The way I see it, if this kid has any sense of privacy, this will make him think very carefully about what services he signs up to. It will hopefully instil in him the need for being careful about what one does online and respect for others privacy. This could be a very good life lesson for him. On the other hand, if he follows the rules and then signs up to "dodgy" places with his real name, he'll learn the same lessons the hard way.
-
Wednesday 30th June 2021 19:39 GMT Eclectic Man
Re: impressively balanced
Cederic: "A political site I browse (but don't have an account on so never comment)"
Not, perchance that of Mr Dominic Cummings? (https://dominiccummings.com)
I was going to post a comment on that, but you have to "subscribe", and I didn't fancy that much. (I admit to being a coward). Unsurprisingly, all the comments were in favour of what Mr Cummings had posted, although strangely I found it wanting. (Lots of statements about what should be done, no actual decisions to do anything in the various messages quoted.)
-
-
Wednesday 30th June 2021 21:55 GMT Fred Flintstone
I could not agree more (I tried :) ).
Admitting an attack was "basic" amounts to accepting culpability for not even putting an effort in, so every single breach is always deemed to be the work of "sophisticated" "hackers" who deploy what must be sheer magic to break in, like using the immeasurably complex and impossible to memorise login combination of admin/admin.
Given what I've seen so far of a lot of these "hacks", the people who run these sites probably live in homes with locks that you could pick with a toothpick without even slowing down and must exclusively use 0000 or 1234 for PIN codes.
-
-
Sunday 4th July 2021 22:25 GMT Robert Carnegie
I don't know details of the case but I assume that he attacked the candidate's web site using a substantial botnet, or an exploit which consumes the web server's resources disproportionately to the cost of generating the exploit, or both. There also will have been steps taken to conceal the identity of the attacker. Apparently this failed, and probably the sophisticated parts of the attack can be rented, cycbercrime as a service, but there is more to it than just running "ping" over and over again.
-