Do Hackers Fear U.S. Jails?

In what should only be considered a victory for the U.S. Department of Justice, 2 of the 4 alleged Subway hackers have already been sentenced, and one of the remaining criminal’s trial is set to begin shortly.

The 4th identified co-conspirator, has not yet been brought to justice, but hopes run high that he will also be caught and convicted.

These men who perpetrated a sophisticated attack against the computers systems of the famous sandwich chain have been responsible for potentially $10 Million dollars in computer fraud, according to a press release from the U.S. Department of Justice.

As a security professional, I am usually the first one to stand up and cheer when I hear that hackers have been found and arrested.

While it is true that most of these criminals do not violently attack their victims, they continually erode the confidence consumers and businesses have in general as it comes to individual security. Every time a card is electronically stolen, the retail industry as a whole suffers

The only issue I have with recent events is that the sentences seem too light to deter other hackers from following in the footsteps of these Romanians.

For what could be a $10 Million crime, Iulian Dolan, 28, of Craiova, Romania was sentenced to 7 years. That’s 1 year for every $1.4 Million stolen.

More recently, Iulian’s co-conspirator, Cezar Butu, 27, of Ploiesti, Romania was sentenced to 21 months. That’s 1 month for every $476 Thousand stolen.

To professional criminals, time in jail is a calculated risk.

Hackers are like any other criminal. They perpetrate these crimes to make money. One of the costs of doing business is being arrested and going to jail.

With these sentences, both men will soon be back on the street, having served their jail time, and free to electronically look for more pockets to pick.

I commend the efforts of law enforcement to capture these elusive criminals. I just wish the sentences were more commiserate with the severity of the crimes. Other hackers now have a baseline to determine if their activity is worth risking a short stint in a U.S. prison.

In other words, a criminal can easily see himself risking a few months in jail if the payoff is big enough. Longer jail times means that a hacker might reconsider his crime because the risk is greater for every dollar stolen.