"Arrested in 2007, Butler was accused of operating Carders Market, a forum where cyber criminals bought and sold sensitive data such as credit card numbers. After pleading guilty to two counts of wire fraud from stealing nearly 2 million credit card numbers and spending $86 million in fraudulent purchases, Butler was sentenced to 13 years in prison, which is the longest sentence ever given for hacking charges. After prison, he will also face 5 years of supervised release and is ordered to pay $27.5 million in restitution to his victims.[5][22]"
Also Albert Gonzales the leader of Shadowcrew actually plea bargained DOWN to a 20 year sentence:
"On March 25, 2010, U.S. District Judge Patti Saris sentenced Gonzalez to 20 years in prison for hacking into and stealing information from TJX, Office Max, the Dave & Busters restaurant chain, Barnes & Noble and a string of other companies.[27] The next day, U.S. District Court Judge Douglas P. Woodlock sentenced him to 20 years in connection with the Heartland Payment Systems case. The sentences were ordered to run concurrently, meaning that Gonzalez will serve a total of 20 years for both cases.[28] Gonzalez was also ordered to forfeit more than $1.65 million, a condominium in Miami, a blue 2006 BMW 330i automobile, IBM and Toshiba laptop computers, a Glock 27 firearm, a Nokia cell phone, a Tiffany diamond ring and three Rolex watches.[29]"
Hector “Sabu” Monsegur is facing 124 years if he's convicted on all charges, but with the current string of 10+ year sentences, chances are, his will be in that range as well I would assume. His sentencing was delayed for a third time until January 2014.
Previous to those, I think the longest sentence was to Mitnick who got 5 years. Even Kevin Poulsen got a 3 year sentence. Even the Lulsec hackers all got sentences under 3 years. Clearly, the feds are uping the ante on computer crime and using long sentences as deterrents for future hackers who think they will get light sentences.
>>> Is unreasonable sentencing a good "deterrent"?
Your statement is debatable, but since Federal Sentencing Guidelines are set by the United States Sentencing Commission, we don't have much say either way.
It's debatable because most states don't prosecute computer crimes and simply pass the cases to the Feds for a number of reasons. Had Hammond been tried in a state court, there is a high probability his sentence would be a lot less.
Also you have to take into effect how the feds should combat the increasing issue of hacktivism without steep jail times. I seriously don't have any answers, but I'd be interested to find out how you think you can stop this sort of stuff from happening again.
To me, it's not surprising that stealing a bunch of credit cards and secret documents gets you ten years (maximum, of which he'll probably serve three to five if this is anything like other crimes that are eligible for parole). But I'd welcome evidence that I'm miscalibrated.
Ah, I misread. I thought it said, "He was sentenced to serve a maximum of ...", but actually it says, "He was sentenced to the maximum of ...". Ten years, then. Still not terribly surprising to me given what he did.
Sure, it should be. I haven't done the research but 10 years is above and beyond what I'd expect, any comparable cases out there?