I recently read about this 2.5 year prison sentence for a hacker who ran and and rented access to his huge botnet. Got me thinking, I wonder if he'd have served any time at all if he had taken measures to protect the victim's data before letting his customers use the computers. Imagine a scrupulous hacker putting the botnet jobs within virtual sandboxes and having them run at low CPU/bandwidth priority. I mean, I doubt this guy ever really intended to cause harm to his victims, right???