[ad]
Apparently he stopped his naughty activities back in 2006, but still…a guy that is supposed to securing machines was installing malware and had a bot totaling about a quarter of a million zombies.
Most used for info gathering, Paypal accounts and installing Malware for comission, he claims to have made $19,000 in a week installing TopConverting (read more).
A Los Angeles security professional has admitted to infecting more than a quarter million computers with malicious software and installing spyware that was used to steal personal data and serve victims with online advertisements.
John Kenneth Schiefer, 26, variously known online as “acid” and “acidstorm,” agreed to plead guilty to at least four felony charges of fraud and wiretapping, charges punishable by $1.75 million in fines and nearly 60 years in prison.
Investigators say Schiefer and two minors — identified in the complaint only by their online screen names “pr1me” and “dynamic” — broke into about 250,000 PCs. On at least 137,000 of those infected systems, Schiefer and his cohorts installed programs that allowed them to control the machines remotely.
That’s a pretty reasonable sized network, enough to rent out for some serious DDoS attacks, and certainly enough Paypal accounts to earn some good money.
Schiefer said he and his friends spread the bot programs mainly over AOL Instant Messenger (AIM). By using malicious “spreader” programs such as Niteaim and AIM Exploiter, Schiefer and his co-conspirators spammed out messages inviting recipients to click on a link. Anyone who took the bait had a “Trojan horse” program downloaded to their machine, an invader that then tried to fetch the malicious bot program.
Schiefer admits he and friends used several hjacked PayPal accounts to purchase Web hosting that helped facilitate the spreading of their bot programs.
Pretty lame, but most of the infections were done with pre-built AIM tools. This is ultimate script kiddy stuff, but hey I guess it works right.
Source: Washington Post
Pantagruel says
Well atleast he knew what he was talking about and had first hand knowledge of the potential threat of a botnet ;)
Ofcourse quite lame posing as a ‘security professional’while being nothing short of a plain script kiddo/botnet masta
cpj says
well i suppose he could always say you have to intimately know what you are fighting against … it probably gives him more experience than all of the security personnel who have NOT run their own botnets …
normalsecrecy says
cpj-good point. but who’s going to (knowingly) hire a liar to protect their networks and data? he might’ve had a better shot at legit security work if he just ran the botnet as a pure criminal and hadn’t posed as a security professional.
people are funny that way. we’ll forgive a guy screwing around on his wife as long as he doesn’t first go on an innocence campaign and say he “did not have sex with that woman” only to get busted down the line.
Goodpeople says
One botnet down, x to go.
Being a security professional and CEH myself, I can only hope that this guy never sees daylight again. They should bury him so deep that the heat radiating from the core of the earth scourns his feet.
So far for my not so politically correct opinion. A couple of years ago here in The Netherlands, some scriptkiddie who wrote a virus using some virus construction kit got offered a high paying job at a local gouvernment after he did his time in jail.
That is why I became an IT professional. Computers make sense, people don’t….
Nobody_Holme says
No… People make perfect sense, management dont. Thats how the world works, it seems…
Also, If he sells this kind of stuff he is a security proffesional… just like someone who sets explosives and someone who disarms them are both explosives experts.
dirty says
Just briefed some customers on this (part of job is infosec news) anyway its sad because there is already so much distrust in this line of work….it takes years of working on relationships in order to build confidence in customers and something like this can shock them so much it can destroy or hurt even the most honest sompnay/person’s reputation.
Goodpeople says
@dirty,
That is exactly why I hope that they hit him hard. Our work is difficult enough as it is. We don’t need this kind of incidents.
CG says
Pantagruel says
@ -CG-
It’s less fun if you come across the auction for the ClamAV vuln they are running. Quite sick to sell an exploit instead of diclosing it to the ClamAV people. It’s not making you look more ‘pro’ if you want to sell an exploit to the highest bidder.
CG says
i’m actually a supporter of 0day and full-disclosure (but not really a supporter of their business model). 0days keep sysadmins, network admins, security consultants, people that write exploits, security companies, AV, etc in business, busy, and getting paid. it also keeps the technoidiots in fear mode which is also good for the above.
Now, if i was actively writing 0day i might feel different but since i am in the “i wish people would release more exploits for these vulns” camp i like people releasing exploits but not necessarily selling them (that’s a whole other issue)
Nobody_Holme says
I have the dodgy philosophy of not having a problem if its yet another hole in a microsuck program, but getting pissed off if they do shit like this against open-source stuff. I do want them to get owned by a vuln they themselves sell at some point, mind…
dirty says
CG:
Background checks will only reveal if theyve been caught before. Even NSA’s and CIA’s checks and security clearances miss some people. Think of all the spies that are found out.
Goodpeople says
Checking people’s online behavior is a good place to start. But then again.. I use different nicknames on different sites. The name Goodpeople is only a few months old…
Nobody_Holme says
Thats kind of a bad thing… because people would check and would find you have no history, and say “hm, he must be hiding something”
On another note, I use this nick waaaaay too much. I dont have any others… I should go fix that some time.
Goodpeople says
> On another note, I use this nick waaaaay too much. I dont have
> any others
Sir Henry says
@CG:
I am in agreement with Dirty on this. Background checks are only as efficient as the technical abilities of the person performing them. In any environment, people will hire someone who has technical expertise unrivaled by anyone else in the environment. That leads to situations like this. Not sure what the solution is other than to beef up the technical knowledge of those hiring and those performing the background checks.
J. Lion says
Does all security consultant need to sign an official document saying that I will do ethical stuff only before working as a security consultant?
What’s to stop a security consultant from saying “Pay me Protection Money or else…”?
dirty says
No, no one is required to sign anything unless they have certs like CISSP, etc.
It just paints a negative image for people in our field
James C says
@ Sir Henry
I use torture to do my background checks on staff I hire, probably the reason I don