Malware Distributor & Bot Network Master Sentenced To 4 Years

Use Netsparker


It seems to the feds are really cracking down on cybercrime recently, with a special kind of attention paid to botnets and their handlers. The sentences are getting stiffer too, this time with 4 years in prison for running a botnet and data theft.

I hope they keep it up, botnets are the scourge of the Internet and people should feel safe about their bank accounts and Paypal money. The Internet is becoming a bad neighborhood with people looking over their shoulders all the time.

A Los Angeles man was sentenced late Wednesday in federal court to four years in prison after pleading guilty last year to infecting as many as 250,000 computers and stealing thousands of peoples’ identities and hijacking their bank accounts.

The Los Angeles authorities said John Schiefer, 27, was the nation’s first defendant to plead guilty to wiretapping charges (.pdf) in connection to using botnets.

Schiefer, who went by the online handle “acidstorm,” faced as many as 60 years in prison and acknowledged using a botnet to remotely control computers across the United States. Once in control of the computers, the authorities said, (.pdf) his spybot malware allowed him to intercept computer communications. He mined usernames and passwords on accounts such as PayPal and made purchases totaling thousands of dollars without consent.

The first one to plead guilty eh? I guess the others will fall later with charges that can rack up some serious prison time with back to back sentences. I guess pleading guilty saved him from the possible 60 year sentence.

It must be hard to track the exact amount he conned from people and stole from Paypal accounts as there’s no real way to audit it. But as the law goes estimates are made by extrapolating whatever hard data they do have.

The authorities said he worked by day as an information security consultant with 3G Communications. After his guilty plea, Schiefer was hired at Mahalo, the so-called “human powered search engine.” Its founder, Jason Calacanis wrote that the company failed to realize that the Los Angeles company had hired a man who had pleaded guilty to being a hacker.

The defendant was among eight individuals indicted or successfully prosecuted in a crack down on black hat hackers who use armies of zombie computers to commit financial fraud, attack web sites with floods of traffic and send spam. The crimes at issue involved more than $20 million in losses, according to the FBI.

The FBI dubbed the eight cases “Operation Bot Roast II” — the second round of its investigations against botnets, one of the most dangerous threats online today. The first FBI crackdown on botnets was announced in June, 2007.

$20 million in losses seems a fairly generous estimate, but then I guess it makes for better headlines right? I wonder when “Operating Bot Roast III” will begin?

It won’t be too long I imagine, I hope they crack down on the botnets sending out spam – those are the ones that REALLY irk me.

Source: Wired (Thanks Navin)

Posted in: Legal Issues, Malware

, , , , , ,


Latest Posts:


Eraser - Windows Secure Erase Hard Drive Wiper Eraser – Windows Secure Erase Hard Drive Wiper
Eraser is a hard drive wiper for Windows which allows you to run a secure erase and completely remove sensitive data from your hard drive by overwriting it several times with carefully selected patterns.
Insecure software versions are a problem Web Security Stats Show XSS & Outdated Software Are Major Problems
Netsparker just published some anonymized Web Security Stats about the security vulnerabilities their online solution identified on their users’ web applications and web services during the last 3 years.
CTFR - Abuse Certificate Transparency Logs For HTTPS Subdomains CTFR – Abuse Certificate Transparency Logs For HTTPS Subdomains
CTFR is a Python-based tool to Abuse Certificate Transparency Logs to get subdomains from a HTTPS website in a few seconds.
testssl.sh - Test SSL Security Including Ciphers, Protocols & Detect Flaws testssl.sh – Test SSL Security Including Ciphers, Protocols & Detect Flaws
testssl.sh is a free command line tool to test SSL security, it checks a server's service on any port for the support of TLS/SSL ciphers, protocols as well as recent cryptographic flaws and more.
Four Year Old libSSH Bug Leaves Servers Wide Open Four Year Old libssh Bug Leaves Servers Wide Open
A fairly serious 4-year old libssh bug has left servers vulnerable to remote compromise, fortunately, the attack surface isn't that big as neither OpenSSH or the GitHub implementation are affected.
CHIPSEC - Platform Security Assessment Framework CHIPSEC – Platform Security Assessment Framework For Firmware Hacking
CHIPSEC is a platform security assessment framework for PCs including hardware, system firmware (BIOS/UEFI), and platform components for firmware hacking.


3 Responses to Malware Distributor & Bot Network Master Sentenced To 4 Years

  1. navin March 11, 2009 at 7:06 pm #

    cheers!! :)

  2. defcon March 16, 2009 at 2:14 pm #

    this dude should be made to clean up those computers and get community service, there is too many ppl in jail anyways and they come out more fucked up then when they come in

  3. John May 21, 2009 at 8:23 pm #

    I agree with defcon…. nerds