BUCHAREST/LONDON (Reuters) - Fifteen years behind bars for a crime that took but 15 minutes to execute.
This is the maximum prison sentence facing 24-year-old Romanian Dan Dumitru Ciobanu, suspected by authorities of developing the low-grade Internet worm "Blaster.F" that security experts suspect took him maybe a quarter of an hour to write.
The penalty once again has stoked the debate about appropriate sentencing for a crime that until recently was dismissed by law enforcement officers as a relatively benign prank by tuned-in teenagers trying to prove a point.
But with a wave of increasingly strong Internet bugs, including last month's original Blaster worm and the Sobig.F virus, inflicting billions of dollars in damage, a zero-tolerance sentiment has begun to emerge.
In Romania, a person found guilty of the new cybercrime law, which covers online fraud, hacking and virus-writing, faces a sentence of three to 15 years, more than twice the maximum sentence for rape.
"We have had this debate that maybe the Romanian law is too tough. But it's alright to be like this," Romanian MP Varujan Pambuccian, who co-wrote the law, told Reuters. "We intended to make it tough."
The Romanian law may be the toughest anywhere. Britain's Computer Misuse Act, for example, carries a maximum sentence of five years if convicted of releasing a virus that infects other computers.
American teenager Jeffrey Lee Parson was arrested last week for creating and distributing the "Blaster.B" variant, a program that infected at least 7,000 computers. He faces imprisonment of 10 years and a $250,000 fine if convicted.
Meanwhile, the mastermind behind the original Blaster worm, which is believed to have infected over 500,000 computers running Microsoft Windows, remains at large.
Anti-virus experts said Blaster.F has done little damage, infecting roughly 1,000 computers since it emerged on Monday. "It looks like it took him no more than fifteen minutes to write," said Mikko Hypponen, manager of anti-virus research at Finland's F-Secure.
Police have not charged Ciobanu. On Thursday, Gheorghi Plai, chief commissioner at the Regional Center for Combating Organized Crime in the suspect's home city of Iasi, confirmed to Reuters the investigation is continuing.
Ciobanu was identified in a statement issued on Wednesday by BitDefender, a division of Romanian software firm Softwin SRL, which helped police track down the suspect. The firm said on Thursday the suspect's computers would be examined on Friday or early next week, after which charges could be filed.
The Ciobanu case has stirred some mixed feelings about the potential severity of new cybercrime laws, even among security specialists who helped collar the man.
"Among the programmers in our company, I have been confronted by a wave of sympathy for him. They want to know why we identified him and gave him up to the police," said Mihai Radu, a spokesman for BitDefender.
Others in Romania's IT industry, which has become a recruitment hotbed for Western European and American software developers, are pushing for tough justice. They say a few bad seeds could spoil Romania's reputation as an emerging software development hub.
"Romanians are excellent IT programmers, but unfortunately they haven't learned to focus their efforts in the right direction," said Marius Ursachi, creative officer at Web design firm Grapefruit Design in Iasi, in northeastern Romania.
Romania is known for exporting young talent to Western IT companies, but in the ex-communist Balkan country just 13 percent of the country's 22 million population use the Internet. Romania, where monthly salaries average $130, and neighboring Bulgaria are the least wired Eastern European nations.
I think it's a reasonable sentence for the guy... eventhough the damage wasn't that bad... it might develop into something more whether it's him or someone else... say if his sentence was light... Even with this, it doesn't decrease the amount of viruses created everyday... :|
