Student gets jail for crashing university servers

IDG News Service - A 22-year-old University of Pennsylvania student has been sentenced to three months in prison and probation time, following a worldwide botnet computer bust.

Ryan Goldstein had been facing as much as five years in prison on a computer fraud charge after he was rounded up as part of the FBI's "Operation Bot Roast II."

In addition to the 90-day prison sentence, Goldstein, will also serve 90 days in a halfway house after his release, followed by 180 days of home confinement. He will be on probation for five years, according to Michael Levy, chief of computer crimes at the U.S. Attorney's Office for the Eastern District of Pennsylvania. He was also fined $30,000 and must pay $6,100 in restitution to the University of Pennsylvania, which was affected by an online distributed denial-of-service (DDOS) attack that Goldstein helped orchestrate in February 2006.

Things could have been worse for the Ivy Leaguer, who cooperated with authorities. According to Levy, there was child pornography on Goldstein's computer, but he was not charged in connection with that.

In an e-mail interview, Levy called the sentence "fair."

Goldstein's lawyer, Ronald Levine, said via e-mail that his client "was charged with a misdemeanor and received a probationary sentence. He looks forward to getting on with his life."

Goldstein, who went by the online handle "Digerati," wanted to wage an online war with three Internet Relay Chat networks and a now-defunct Web site called SSgroup.org. Authorities say he was angry after being banned from at least one of the forums, and he talked a teenaged New Zealand hacker named Owen Walker into launching a DDOS attack against the networks.

Walker, 19, known online as "AKILL," was also charged as part of Bot Roast II. He operated a large botnet network of hacked computers that he used for a variety of nefarious purposes, such as sending spam or launching online attacks. He pleaded guilty in New Zealand court in July and was fined, but he was given no prison time.

Though Walker got a lighter sentence than Goldstein, Levy said it's "hard to compare sentences in New Zealand with those in the U.S." And there were other differences between the Goldstein and Walker cases, he added. "Walker is younger, and Goldstein had images of child pornography on his computer," he said.

In late February, a Penn server used to host configuration information for the botnet attack was so swamped with queries from the botnet network that it was inadvertently knocked offline.

Goldstein offered Walker passwords and hacking software in exchange for launching the DDOS attack, authorities say.

Walker agreed to train his botnet on Goldstein's targets after the Penn student offered Walker log-in rights to a Web site and malicious Trojan horse software, Levy said during a November 2007 interview. "Did he pay him? It's in Internet currency: 'Here's some tools for your kit bag,'" he said. "Did he send him money through this PayPal account? No."