Teenage Bot Herder Admits to Infecting Military Computers

Hacking for money again? Well not really in this case, more like script kiddying for money – modifying an ‘off the shelf’ malware/bot package to evade detection and then cashing in on spamware affiliate fees.

I guess they could have made much with a 400,000 bot network – by renting it out for DDoS attacks to online extortionists. Although legally that’s even more risky.

A young hacker accused of helping to corral more than 400,000 computers into a money-making botnet has pleaded guilty to criminal charges in connection with the scheme, which he admits damaged US military computers.

The defendant was identified only by the the initials B.D.H. because he was a juvenile when the crimes were committed. He is better known by the handle “SoBe” in internet relay channels frequented by hackers. He appeared in US District Court in Los Angeles on Monday, where he pleaded guilty to two counts of juvenile delinquency. His plea agreement contemplates a sentence of one year to 18 months in prison.

$58,000 in 3 months isn’t even all that much money split between 2 or 3 people…but as the article says that’s all that is on record. They could have made much more than that. Imagine one of them could be sitting on a huge Paypal account that no one knows about.

It’s like the new age of bank robbers hiding their stash in the forest…nowadays guys are hiding it online.

SoBe entered the public spotlight in November 2005 as an “unindicted co-conspirator” to Jeanson James Ancheta, who eventually pleaded guilty to four felony charges in connection with the same botnet. With SoBe located in Boca Raton, Florida, and Ancheta working in Downey, California, the two built a lucrative business by surreptitiously installing adware on computers and then pocketing affiliate fees. According to court documents, the pair collected at least $58,000 in 13 months, but it’s possible they made much more.

Among the computers infected by SoBe and Ancheta were those belonging to the Defense Information Security Agency. SoBe also claimed to have pwned machines maintained by Sandia National Laboratories.

The elder of the two was sentenced to 57 months in prison (more than 4 years) – that’s a pretty hefty sentence and a good reminder not to do anything naughty.

We are ethical hackers after all – do remember that!

Source: The Register

Posted in: Legal Issues, Malware

, , , , , , , , ,

Latest Posts:

Socialscan - Command-Line Tool To Check For Email And Social Media Username Usage Socialscan – Command-Line Tool To Check For Email And Social Media Username Usage
socialscan is an accurate command-line tool to check For email and social media username usage on online platforms, given an email address or username,
CFRipper - CloudFormation Security Scanning & Audit Tool CFRipper – CloudFormation Security Scanning & Audit Tool
CFRipper is a Python-based Library and CLI security analyzer that functions as an AWS CloudFormation security scanning and audit tool
CredNinja - Test Credential Validity of Dumped Credentials or Hashes CredNinja – Test Credential Validity of Dumped Credentials or Hashes
CredNinja is a tool to quickly test credential validity of dumped credentials (or hashes) across an entire network or domain very efficiently.
assetfinder - Find Related Domains and Subdomains assetfinder – Find Related Domains and Subdomains
assetfinder is a Go-based tool to find related domains and subdomains that are related to a given domain from a variety of sources including Facebook and more.
Karkinos - Beginner Friendly Penetration Testing Tool Karkinos – Beginner Friendly Penetration Testing Tool
Karkinos is a light-weight Beginner Friendly Penetration Testing Tool, which is basically a 'Swiss Army Knife' for pen-testing and/or hacking CTF's.
Aclpwn.Py - Exploit ACL Based Privilege Escalation Paths in Active Directory Aclpwn.Py – Exploit ACL Based Privilege Escalation Paths in Active Directory
Aclpwn.py is a tool that interacts with BloodHound< to identify and exploit ACL based privilege escalation paths.

11 Responses to Teenage Bot Herder Admits to Infecting Military Computers

  1. eM3rC February 28, 2008 at 4:11 am #

    Although it seems like a good thing that people like this are caught, the underlying and scarier issue seems to be the computer infected. Although the military computers involved were only for DDoS attacks image if the hacker was more interested in the stuff inside the computer. I think rather than looking at it as another hacker caught, this article should be about the insecurity of the US computer wise.

    Just a quick side note.
    The Chinese have already been caught after taking over the public network within the Pentagon but have so far been unsuccessful in breaking into the private networks.

  2. zupakomputer February 28, 2008 at 1:37 pm #

    Wonder how much money the forensics folks made, when they were called in or otherwise to check where the adware had come in from.

    Another thing that is of interest – who was paying them the affiliate money? Was it legit (ie – meant to be a service that people agreed to sign up for) or is this another case of going after the ‘little guy’ and deliberately ignoring the top of the pyramid? Cause they must know who was paying them – since they know they got paid, and presumably must be able to prove a link between the payments and the adware owners, so was it a honeytrap then?

    I don’t see why anyone would agree to get spam adware installed, if it was a legit scheme that was exploited, but some people do sign up for alerts like that.

  3. THX_P February 28, 2008 at 6:02 pm #

    LOL! that sucks ! 4 years !!! .. poor guy ..

  4. NNM February 29, 2008 at 7:05 am #

    I think they should just get a medal and be hired as the new security staff of the computers they infected…
    And the current security/it staff should get blamed for the holes that could have led to much worse.
    They should take it as a valuable lesson.
    If such things are possible, then they have failed and should just be ashamed and happy it wasn’t worse..

  5. Pantagruel February 29, 2008 at 7:13 pm #


    The succes of a scripting kiddies can be contributed to bad admin work. Script kiddies are usually not capable of creating sophisticated hacks and exploits so it seems quite useless to make them the admin of the network they compromised. I do agree on the fact theat the current admin(s) should be fired because they have been lazy in keeping their systems well patched and protected.

  6. eM3rC March 1, 2008 at 3:09 am #

    I am in total agreement with what your saying but occasionally exploits come out before admins can patch them.
    Also companies will hire the cheapest person because a lot of people in this world are pretty stingy so I would like to say bad admin work would probably be the cause of this break-in.

    As for break-in in general, there have been a lot and there will be a lot so I guess it’s a battle to stay one step ahead. Although they may cost more a good admin is worth more than a trashed/broken into company. Hope people would learn that lesson sometime soon.

  7. Pantagruel March 1, 2008 at 1:58 pm #

    @ eM3rC

    True, sometimes a patch is simply too late.

    It’s kinda funny how they always seem to think of people with knowledge/skills as being expensive. Truth is , the damage due to an exploit (bad rep, publicity, probable loss of company details/patent/etc) can by far exceed the costs of a fit admin. At least that will reduce the risk of exposure.
    It’s usually after suffering such a thing they will appreciate a well kept box.

  8. eM3rC March 1, 2008 at 4:06 pm #

    I see what your saying and guess I worded my last post incorrectly. I wanted to say a good admin, expensive as he/she might be, will almost always cost less that damages caused by a hack attack.

  9. tekse7en March 2, 2008 at 6:11 am #

    No matter how bad this is, you must admit that it’s cool in a romantic, movieish sorta way. Yes, he cost people money, and yes, he is a script kiddie, but Jason Bourne kills people, and you know you envy his ass. So stop taking the high road and just admit it. Damn…

  10. J. Lion March 6, 2008 at 3:53 pm #

    Success of script kiddies also depends on who they know and what cool toy they got. If the kiddie got a hold of a zero day exploit – even the most expensive SysAdmin can have nightmares.

    @tekse7en – I thought Jason Bourne was a fictional character

  11. Pantagruel March 6, 2008 at 9:02 pm #


    True peer recognition has always been quite a driving force. But even the ‘kiddies’ know that you can make quite some cash if you can rent someone enough bots to dDos an opponent.