28 February 2008 | 10,695 views

Teenage Bot Herder Admits to Infecting Military Computers

Prevent Network Security Leaks with Acunetix

Hacking for money again? Well not really in this case, more like script kiddying for money – modifying an ‘off the shelf’ malware/bot package to evade detection and then cashing in on spamware affiliate fees.

I guess they could have made much with a 400,000 bot network – by renting it out for DDoS attacks to online extortionists. Although legally that’s even more risky.

A young hacker accused of helping to corral more than 400,000 computers into a money-making botnet has pleaded guilty to criminal charges in connection with the scheme, which he admits damaged US military computers.

The defendant was identified only by the the initials B.D.H. because he was a juvenile when the crimes were committed. He is better known by the handle “SoBe” in internet relay channels frequented by hackers. He appeared in US District Court in Los Angeles on Monday, where he pleaded guilty to two counts of juvenile delinquency. His plea agreement contemplates a sentence of one year to 18 months in prison.

$58,000 in 3 months isn’t even all that much money split between 2 or 3 people…but as the article says that’s all that is on record. They could have made much more than that. Imagine one of them could be sitting on a huge Paypal account that no one knows about.

It’s like the new age of bank robbers hiding their stash in the forest…nowadays guys are hiding it online.

SoBe entered the public spotlight in November 2005 as an “unindicted co-conspirator” to Jeanson James Ancheta, who eventually pleaded guilty to four felony charges in connection with the same botnet. With SoBe located in Boca Raton, Florida, and Ancheta working in Downey, California, the two built a lucrative business by surreptitiously installing adware on computers and then pocketing affiliate fees. According to court documents, the pair collected at least $58,000 in 13 months, but it’s possible they made much more.

Among the computers infected by SoBe and Ancheta were those belonging to the Defense Information Security Agency. SoBe also claimed to have pwned machines maintained by Sandia National Laboratories.

The elder of the two was sentenced to 57 months in prison (more than 4 years) – that’s a pretty hefty sentence and a good reminder not to do anything naughty.

We are ethical hackers after all – do remember that!

Source: The Register



Recent in Legal Issues:
- Navy Sys Admin Hacks Into Databases From Aircraft Carrier
- Teen Accused Of Hacking School To Change Grades
- Royal Canadian Mounted Police Arrest Heartbleed Hacker

Related Posts:
- Productive Botnets
- Webcam Hacker Jailed for 4 Years for Spying on Teenager
- ‘Security Consultant’ Caught for Running Large Bot Network

Most Read in Legal Issues:
- Class President Hacks School Grades - 80,540 views
- Hospital Hacker GhostExodus Owns Himself – Arrested - 47,447 views
- One Of The World’s Most Prolific Music Piracy Groups Busted - 43,464 views

Low-cost VPS Hosting

11 Responses to “Teenage Bot Herder Admits to Infecting Military Computers”

  1. eM3rC 28 February 2008 at 4:11 am Permalink

    Although it seems like a good thing that people like this are caught, the underlying and scarier issue seems to be the computer infected. Although the military computers involved were only for DDoS attacks image if the hacker was more interested in the stuff inside the computer. I think rather than looking at it as another hacker caught, this article should be about the insecurity of the US computer wise.

    Just a quick side note.
    The Chinese have already been caught after taking over the public network within the Pentagon but have so far been unsuccessful in breaking into the private networks.

  2. zupakomputer 28 February 2008 at 1:37 pm Permalink

    Wonder how much money the forensics folks made, when they were called in or otherwise to check where the adware had come in from.

    Another thing that is of interest – who was paying them the affiliate money? Was it legit (ie – meant to be a service that people agreed to sign up for) or is this another case of going after the ‘little guy’ and deliberately ignoring the top of the pyramid? Cause they must know who was paying them – since they know they got paid, and presumably must be able to prove a link between the payments and the adware owners, so was it a honeytrap then?

    I don’t see why anyone would agree to get spam adware installed, if it was a legit scheme that was exploited, but some people do sign up for alerts like that.

  3. THX_P 28 February 2008 at 6:02 pm Permalink

    LOL! that sucks ! 4 years !!! .. poor guy ..

  4. NNM 29 February 2008 at 7:05 am Permalink

    I think they should just get a medal and be hired as the new security staff of the computers they infected…
    And the current security/it staff should get blamed for the holes that could have led to much worse.
    They should take it as a valuable lesson.
    If such things are possible, then they have failed and should just be ashamed and happy it wasn’t worse..

  5. Pantagruel 29 February 2008 at 7:13 pm Permalink

    @NNM

    The succes of a scripting kiddies can be contributed to bad admin work. Script kiddies are usually not capable of creating sophisticated hacks and exploits so it seems quite useless to make them the admin of the network they compromised. I do agree on the fact theat the current admin(s) should be fired because they have been lazy in keeping their systems well patched and protected.

  6. eM3rC 1 March 2008 at 3:09 am Permalink

    @Pantagruel
    I am in total agreement with what your saying but occasionally exploits come out before admins can patch them.
    Also companies will hire the cheapest person because a lot of people in this world are pretty stingy so I would like to say bad admin work would probably be the cause of this break-in.

    As for break-in in general, there have been a lot and there will be a lot so I guess it’s a battle to stay one step ahead. Although they may cost more a good admin is worth more than a trashed/broken into company. Hope people would learn that lesson sometime soon.

  7. Pantagruel 1 March 2008 at 1:58 pm Permalink

    @ eM3rC

    True, sometimes a patch is simply too late.

    It’s kinda funny how they always seem to think of people with knowledge/skills as being expensive. Truth is , the damage due to an exploit (bad rep, publicity, probable loss of company details/patent/etc) can by far exceed the costs of a fit admin. At least that will reduce the risk of exposure.
    It’s usually after suffering such a thing they will appreciate a well kept box.

  8. eM3rC 1 March 2008 at 4:06 pm Permalink

    I see what your saying and guess I worded my last post incorrectly. I wanted to say a good admin, expensive as he/she might be, will almost always cost less that damages caused by a hack attack.

  9. tekse7en 2 March 2008 at 6:11 am Permalink

    No matter how bad this is, you must admit that it’s cool in a romantic, movieish sorta way. Yes, he cost people money, and yes, he is a script kiddie, but Jason Bourne kills people, and you know you envy his ass. So stop taking the high road and just admit it. Damn…

  10. J. Lion 6 March 2008 at 3:53 pm Permalink

    Success of script kiddies also depends on who they know and what cool toy they got. If the kiddie got a hold of a zero day exploit – even the most expensive SysAdmin can have nightmares.

    @tekse7en – I thought Jason Bourne was a fictional character

  11. Pantagruel 6 March 2008 at 9:02 pm Permalink

    @J.Lion

    True peer recognition has always been quite a driving force. But even the ‘kiddies’ know that you can make quite some cash if you can rent someone enough bots to dDos an opponent.