Botmaster Robert Matthew Bentley AKA LSDigital Sentenced

Another one bites the dust with another reasonably hefty sentence, this time a botherder or botnet master.

Just under 4 years and a big chunk of change as a fine, I guess he probably has plenty of cash stashed somewhere though. These guys can really rake it in with their mass infectors of doom.

A US-based hacker has been sentenced to 41 months in jail for breaking into corporate computers in Europe and making them part of a money-generating botnet.

Robert Matthew Bentley, 21, of Panama City, Florida, was also ordered to perform three years of supervised release once his prison time is over and to pay $65,000 in restitution, according to federal prosecutors in Pensacola, Florida.

In March, Bentley, who sometimes went by the alias LSDigital, pleaded guilty to two felony counts related to his botnet activities, which inflicted more than $150,000 worth of damage on Newell Rubbermaid. Starting as early as December 2006, Bentley and several unnamed co-conspirators installed customized bots on hundreds of the company’s computers. The malware generated so much traffic on Rubbermaid’s servers that its network stopped functioning.

He pleaded guilty which might have saved him from getting an even heavier punishment, I guess he know they had enough evidence to nail him soundly so he may as well look after his interests.

I wonder if his conspirators will get busted too?

New infections from the attack were being detected as recently as March, four months after Bentley was arrested. Federal agents continue to investigate the uncharged suspects. At least one of them lived in Philadelphia.

Federal prosecutors began their case after the Metropolitan Police Computer Crime Unit in London fielded a complaint from Rubbermaid representatives in Europe. According to court documents, Bentley and his cronies generated “thousands of dollars” by installing adware from on the infected machines.

The bot masters used the domain name as a command and control channel. They breached Newell Rubbermaid using at least three malicious files bearing the names 84785_redworld[1].exe, mssecure.exe and msiupdate.exe.

It looks like they had it pretty well wrapped up and by the looks of it (new infection in March) they are still going strong.

I wonder what the status is now?

They were busted as part of the FBI campaign known as Operation Bot Roast.

Source: The Register

Posted in: Legal Issues, Malware

, , , ,

Latest Posts:

Socialscan - Command-Line Tool To Check For Email And Social Media Username Usage Socialscan – Command-Line Tool To Check For Email And Social Media Username Usage
socialscan is an accurate command-line tool to check For email and social media username usage on online platforms, given an email address or username,
CFRipper - CloudFormation Security Scanning & Audit Tool CFRipper – CloudFormation Security Scanning & Audit Tool
CFRipper is a Python-based Library and CLI security analyzer that functions as an AWS CloudFormation security scanning and audit tool
CredNinja - Test Credential Validity of Dumped Credentials or Hashes CredNinja – Test Credential Validity of Dumped Credentials or Hashes
CredNinja is a tool to quickly test credential validity of dumped credentials (or hashes) across an entire network or domain very efficiently.
assetfinder - Find Related Domains and Subdomains assetfinder – Find Related Domains and Subdomains
assetfinder is a Go-based tool to find related domains and subdomains that are related to a given domain from a variety of sources including Facebook and more.
Karkinos - Beginner Friendly Penetration Testing Tool Karkinos – Beginner Friendly Penetration Testing Tool
Karkinos is a light-weight Beginner Friendly Penetration Testing Tool, which is basically a 'Swiss Army Knife' for pen-testing and/or hacking CTF's.
Aclpwn.Py - Exploit ACL Based Privilege Escalation Paths in Active Directory Aclpwn.Py – Exploit ACL Based Privilege Escalation Paths in Active Directory is a tool that interacts with BloodHound< to identify and exploit ACL based privilege escalation paths.

20 Responses to Botmaster Robert Matthew Bentley AKA LSDigital Sentenced

  1. Sleepy June 23, 2008 at 8:18 pm #

    As long as they keep going after the real criminals with these harsher sentences, I support – them. I just hope we don’t see kids in prison for 5+ years for defacing their high school’s website or cracking their neighbors wep . Don’t get me wrong; those are still crimes too, but I hope they keep perspective, I’d hate to see mischievous kids going to prison to come out hardened criminals, for today’s equivalent of the burning bag of poo on old Mr Johnson’s porch.

  2. Navin June 23, 2008 at 10:03 pm #

    @sleepy, your nightmare’s come true already!! Some kid got in for 38 years for breaking into his high skool database and changed all his grades from F’s to A’s!! His partner goes in for 3 years!!

  3. Sleepy June 23, 2008 at 10:24 pm #

    @Navin 38 years?! That’s crazy! While I do consider changing grades a step beyond “mischievous” and therefore deserving of stern punishment, 38 years seems excessive to me for the situation. IMO 1-3 would be just right, of course I’m no lawyer. Sad though, the kid made a mistake, no one got hurt (I assume) and they pretty much took his life away for it.

    What does everyone else think? Am I a softie or does that seem crazy to you too?

  4. razta June 23, 2008 at 10:55 pm #

    At the age of 21 the botmaster made thousands of dollars! I disagree in the way that he made his money however he must be a clever lad, not so clever to get caught tho.

    As for the teenager who changed his grades, I cant belive he got 38 years for such a crime, there must be an over exageration some where, do you have a link to the original story?

    And lol @ Operation Bot Roast

  5. Navin June 24, 2008 at 12:08 am #

    @ sleepy Read this

    He’s facing an amazing 69 counts including altering and stealing public records, computer fraud, burglary, identity theft, receiving stolen property and conspiracy.

    I do agree wid u in saying 38 yrs is amazingly harsh!! But th’s the law in Ur country!! In my country India, it’d be considered great if he was even traced!!

  6. Sleepy June 24, 2008 at 12:33 am #

    I’ll be keeping my eye on that case, thanks for the link Navin. I would hope a jury and judge would punish reasonably, but then again, as my professor (a cyber crimes police officer) always says; “You know what kind of people are on a typical jury?” “Twelve people too stupid to get out of jury duty”.

  7. Rightful June 24, 2008 at 1:37 am #

    Have to say, 38 years for a kid breaking into school record is too harsh, he was just lurking around, come on!!

    Well at least this guy pleaded guilty that he did the dirty job, saved him a couple more years.

    All this people are making money the wrong way, they should be caught and asked to pay back the money they obtained out of this, and sentenced a harsh punishment. If I’m not wrong there was a way to track botnets using their own tool and taking over the server by finding a bug on the program sort of exploiting it , it was demonstrated by a researcher last time.

    It would be nice if someone can post the link.

  8. Navin June 24, 2008 at 5:27 am #

    @ rightful, I’d heard of this method …it was discussed at a brainstorming session I was part of a few months back….I think this exploit was discovered by some security company in Europe…I’ll look for the link

    @ sleepy: Thats simply precious!! But frankly I think this guy’s life is totally screwed!!

  9. Navin June 24, 2008 at 5:55 am #

    Update: here it is

  10. Sleepy June 25, 2008 at 5:25 pm #

    Wow Navin, thanks for that link! The hacking counter-attack is genius. I can’t believe I haven’t thought about doing something like that! It has occurred to me (and my constantly screaming anti-virus) that some of my tools are a security risk residing on my local machine, but researching how to use that against hackers just went over my head for some reason. I love the idea and I’m defiantly going to allot some of my time towards these activities in the future. I find it really hard to focus on any one area of security or forensics, everyday, as I learn, more possibilities present themselves.

  11. Navin June 26, 2008 at 8:37 am #

    I agree Sleepy, I’ve almost grown used to my antivirus yelling at me (almost reminds me of my mom), pleading tht I delete a certain piece of software coz it recognises it as a virus…. There was once a age when U cud atleast store source codes in text files, compile the required tools when needed and then simply delete the files…but now antivirus programmes even read through txt files for strands of “malicious-looking” code…

    But frankly, i feel that such counter-attacks will only be possible on skiddies mainly because of the difficulty in back-tracing proxies tht most pro’s use!!

  12. grav June 28, 2008 at 7:49 pm #

    I think that if that kid that got 38 yrs in prison could hack into his school system, he could have done better than an “F” in class. Unless of course, he just did the “look over at your teacher’s password as he/she is typing” method : )

    Kudos to him, kind of dumb to use spyware and then access the computer FROM HOME probably without a string of around the world proxies.

    At least use an internet cafe…

  13. grav June 28, 2008 at 7:52 pm #

    @ Navin,

    I agree with you. Keeping stuff hidden from your antivirus is a pain in the @$$ : )

    Once I did a scan on my D: drive, something that I haven’t done in a long time, to find out that half my stuff was deleted!!!
    The real threats were still there and my “tools” were gone.

    Needless to say, I switched my antivirus that day…

  14. Navin June 29, 2008 at 5:24 am #

    which antivirus were U using?? I gotta keep away from dat one…currently using AVG, and it definitely is a pain in da a$$ as far as protecting my tools goes…..but then that’s what antivirus companies aim for right?? Eliminate all tools that can be used to crack passwords or attack servers…..Most if not all these tools are after all created for pen-testing!!

  15. Bogwitch June 29, 2008 at 3:56 pm #

    Pretty much any AV product will detect pentest tools as malware. It is worth noting that some tools are trojanised, it is up to you to determine what any particular tool is doing. When testing your tools, run them with an adjacent host running wireshark (or similar) to ensure that the tools are not communicating in ways that you were not expecting/ desiring.
    Run the tools with something like InCtrl5 to make sure they are not modifying your system is ways you do not want them to.

    Naturally, I would recommend using a ‘dirty’ machine for your tools, not a production machine, or at least have separate HDDs for pen testing and work (or gaming!) It is likely that you would want your pen-testing machine to run without AV, just be aware that you have no AV and act accordingly. (Read: Don’t surf for porn/ game cracks etc.) That said, it is likley that your pen testing machine will be running Linux, isn’t it?

  16. grav June 30, 2008 at 2:21 am #

    A cool thing I found out while browsing the internet was to test unreliable (shady) software on a virtual machine. It isn’t too hard to set one up and as a result, all your data is safe.

    I don’t know if just storing your h4x0r stuff on a different HDD would do anything, because if a virus infects you – or a worm – won’t it travel to all of your hard drives? I was under the impression that if one hard drive was infected, all of them would soon be. Please correct me.

    What I hate is when you are dling from a reliable source and you are blocked from opening a .zip or .rar because of a possible “threat.”

    AntiVirus- can’t live with it, can’t live without it!!!

    : )

    how do you do the cool smilies? The graphics ones? Just ctrl-c ctrl-v?

  17. grav June 30, 2008 at 2:22 am #

    A cool article for DarkNet would be one on DeepFreeze.
    I’ll post some cool stuff about it, but I have got to go right now.

  18. Bogwitch June 30, 2008 at 8:18 am #

    Sorry, I didn’t make myself clear. I have different PRIMARY hard disk drives for different operating enviroments in removable caddies to facilitate swapping easily.

  19. grav June 30, 2008 at 6:51 pm #

    @ Bogwitch

    Thanks for the clarification

  20. Changlinn July 8, 2008 at 6:49 am #

    Another one down, this sentence seems fair.
    As for the kid who got 38 years, that is just ludicrously wrong, he should barely get a slap on the wrist.
    My sister back in the day “accidentally” hacked into her schools fileserver and told the teachers she found the next days Bio test, they changed it and gave her an award for being honest. This of course was the 80’s so she probably just found the file and opened it.