13 November 2007 | 5,330 views

‘Security Consultant’ Caught for Running Large Bot Network

Prevent Network Security Leaks with Acunetix

Apparently he stopped his naughty activities back in 2006, but still…a guy that is supposed to securing machines was installing malware and had a bot totaling about a quarter of a million zombies.

Most used for info gathering, Paypal accounts and installing Malware for comission, he claims to have made $19,000 in a week installing TopConverting (read more).

A Los Angeles security professional has admitted to infecting more than a quarter million computers with malicious software and installing spyware that was used to steal personal data and serve victims with online advertisements.

John Kenneth Schiefer, 26, variously known online as “acid” and “acidstorm,” agreed to plead guilty to at least four felony charges of fraud and wiretapping, charges punishable by $1.75 million in fines and nearly 60 years in prison.

Investigators say Schiefer and two minors — identified in the complaint only by their online screen names “pr1me” and “dynamic” — broke into about 250,000 PCs. On at least 137,000 of those infected systems, Schiefer and his cohorts installed programs that allowed them to control the machines remotely.

That’s a pretty reasonable sized network, enough to rent out for some serious DDoS attacks, and certainly enough Paypal accounts to earn some good money.

Schiefer said he and his friends spread the bot programs mainly over AOL Instant Messenger (AIM). By using malicious “spreader” programs such as Niteaim and AIM Exploiter, Schiefer and his co-conspirators spammed out messages inviting recipients to click on a link. Anyone who took the bait had a “Trojan horse” program downloaded to their machine, an invader that then tried to fetch the malicious bot program.

Schiefer admits he and friends used several hjacked PayPal accounts to purchase Web hosting that helped facilitate the spreading of their bot programs.

Pretty lame, but most of the infections were done with pre-built AIM tools. This is ultimate script kiddy stuff, but hey I guess it works right.

Source: Washington Post



Recent in Legal Issues:
- Navy Sys Admin Hacks Into Databases From Aircraft Carrier
- Teen Accused Of Hacking School To Change Grades
- Royal Canadian Mounted Police Arrest Heartbleed Hacker

Related Posts:
- Government Accountability Office Report Slams FBI Internal Security
- Consultant Breached FBI’s Computers
- Royal Canadian Mounted Police Arrest Heartbleed Hacker

Most Read in Legal Issues:
- Class President Hacks School Grades - 80,550 views
- Hospital Hacker GhostExodus Owns Himself – Arrested - 47,470 views
- One Of The World’s Most Prolific Music Piracy Groups Busted - 43,465 views

Low-cost VPS Hosting

19 Responses to “‘Security Consultant’ Caught for Running Large Bot Network”

  1. Pantagruel 13 November 2007 at 3:38 pm Permalink

    Well atleast he knew what he was talking about and had first hand knowledge of the potential threat of a botnet ;)

    Ofcourse quite lame posing as a ‘security professional’while being nothing short of a plain script kiddo/botnet masta

  2. cpj 13 November 2007 at 3:47 pm Permalink

    well i suppose he could always say you have to intimately know what you are fighting against … it probably gives him more experience than all of the security personnel who have NOT run their own botnets …

  3. normalsecrecy 13 November 2007 at 8:13 pm Permalink

    cpj-good point. but who’s going to (knowingly) hire a liar to protect their networks and data? he might’ve had a better shot at legit security work if he just ran the botnet as a pure criminal and hadn’t posed as a security professional.

    people are funny that way. we’ll forgive a guy screwing around on his wife as long as he doesn’t first go on an innocence campaign and say he “did not have sex with that woman” only to get busted down the line.

  4. Goodpeople 13 November 2007 at 9:45 pm Permalink

    One botnet down, x to go.

    Being a security professional and CEH myself, I can only hope that this guy never sees daylight again. They should bury him so deep that the heat radiating from the core of the earth scourns his feet.

    So far for my not so politically correct opinion. A couple of years ago here in The Netherlands, some scriptkiddie who wrote a virus using some virus construction kit got offered a high paying job at a local gouvernment after he did his time in jail.

    That is why I became an IT professional. Computers make sense, people don’t….

  5. Nobody_Holme 13 November 2007 at 10:04 pm Permalink

    No… People make perfect sense, management dont. Thats how the world works, it seems…
    Also, If he sells this kind of stuff he is a security proffesional… just like someone who sets explosives and someone who disarms them are both explosives experts.

  6. dirty 14 November 2007 at 6:24 pm Permalink

    Just briefed some customers on this (part of job is infosec news) anyway its sad because there is already so much distrust in this line of work….it takes years of working on relationships in order to build confidence in customers and something like this can shock them so much it can destroy or hurt even the most honest sompnay/person’s reputation.

  7. Goodpeople 15 November 2007 at 12:15 am Permalink

    @dirty,

    That is exactly why I hope that they hit him hard. Our work is difficult enough as it is. We don’t need this kind of incidents.

  8. CG 15 November 2007 at 4:28 am Permalink

    Just briefed some customers on this (part of job is infosec news) anyway its sad because there is already so much distrust in this line of work

  9. Pantagruel 15 November 2007 at 9:36 pm Permalink

    @ -CG-
    It’s less fun if you come across the auction for the ClamAV vuln they are running. Quite sick to sell an exploit instead of diclosing it to the ClamAV people. It’s not making you look more ‘pro’ if you want to sell an exploit to the highest bidder.

  10. CG 16 November 2007 at 5:28 am Permalink

    i’m actually a supporter of 0day and full-disclosure (but not really a supporter of their business model). 0days keep sysadmins, network admins, security consultants, people that write exploits, security companies, AV, etc in business, busy, and getting paid. it also keeps the technoidiots in fear mode which is also good for the above.

    Now, if i was actively writing 0day i might feel different but since i am in the “i wish people would release more exploits for these vulns” camp i like people releasing exploits but not necessarily selling them (that’s a whole other issue)

  11. Nobody_Holme 16 November 2007 at 5:49 pm Permalink

    I have the dodgy philosophy of not having a problem if its yet another hole in a microsuck program, but getting pissed off if they do shit like this against open-source stuff. I do want them to get owned by a vuln they themselves sell at some point, mind…

  12. dirty 16 November 2007 at 8:00 pm Permalink

    CG:
    Background checks will only reveal if theyve been caught before. Even NSA’s and CIA’s checks and security clearances miss some people. Think of all the spies that are found out.

  13. Goodpeople 18 November 2007 at 6:26 pm Permalink

    Checking people’s online behavior is a good place to start. But then again.. I use different nicknames on different sites. The name Goodpeople is only a few months old…

  14. Nobody_Holme 19 November 2007 at 7:45 pm Permalink

    Thats kind of a bad thing… because people would check and would find you have no history, and say “hm, he must be hiding something”

    On another note, I use this nick waaaaay too much. I dont have any others… I should go fix that some time.

  15. Goodpeople 19 November 2007 at 10:41 pm Permalink

    > On another note, I use this nick waaaaay too much. I dont have
    > any others

  16. Sir Henry 14 December 2007 at 6:36 pm Permalink

    @CG:

    I am in agreement with Dirty on this. Background checks are only as efficient as the technical abilities of the person performing them. In any environment, people will hire someone who has technical expertise unrivaled by anyone else in the environment. That leads to situations like this. Not sure what the solution is other than to beef up the technical knowledge of those hiring and those performing the background checks.

  17. J. Lion 6 March 2008 at 3:58 pm Permalink

    Does all security consultant need to sign an official document saying that I will do ethical stuff only before working as a security consultant?

    What’s to stop a security consultant from saying “Pay me Protection Money or else…”?

  18. dirty 10 March 2008 at 8:11 pm Permalink

    No, no one is required to sign anything unless they have certs like CISSP, etc.

    It just paints a negative image for people in our field

  19. James C 11 March 2008 at 8:18 pm Permalink

    @ Sir Henry
    I use torture to do my background checks on staff I hire, probably the reason I don