Slashdot Mirror

← Back to Stories (view on slashdot.org)

Botnet Brain Pleads Guilty

Posted by Zonk on from the there-are-better-ways-to-make-a-buck dept.

spge writes "Now that Jeanson James Ancheta has plead guilty to spamming, computer misuse and fraud, it might be worth scanning through the original indictment document, which includes a step-by-step account of how someone goes about setting up an adware business, manages botnets and (thankfully) gets caught." From the BBC article: "'Mr Ancheta was responsible for a particularly insidious string of crimes,' said a spokesman for the US attorney's office in Los Angeles, Thom Mrozek. 'He hijacked somewhere in the area of half a million computer systems. This not only affected computers like the one in your home, but it allowed him and others to orchestrate large-scale attacks.'" We discussed Ancheta's arrest back in October of last year.

31 of 137 comments (clear)

  1. In other news... by dada21 · · Score: 2, Funny

    Security-testing software creator pleads guilty to helping thousands of Internet users see the security issues they're unwilling and too irresponsible to fix, opening the door for other security experts to blog about easy fixes to prevent attacks in the future.

  2. Come on, by Anonymous Coward · · Score: 2, Funny

    Let the worm off the hook. He's learned his lesson. Look at how bad he feels!

  3. Legal spybot generation guide by poeidon1 · · Score: 2, Interesting

    "...includes a step-by-step account of how someone goes about setting up an adware business, manages botnets and (thankfully) gets caught..". Free and legal guide for spybot attacks

    --
    They called me mad, and I called them mad, and damn them, they outvoted me. -Nathaniel Lee
    1. Re:Legal spybot generation guide by Rob+T+Firefly · · Score: 3, Insightful

      Also a free and legal guide to stopping things set up in this way from working.

      --
      Slashdot Burying Stories About Slashdot Media Owned
    2. Re:Legal spybot generation guide by ZachPruckowski · · Score: 2, Insightful

      Admiral Ackbar - "It's a trap!"

      I mean, if they release it, they may well be keeping an eye on those methods, and hopefully include ways that are mostly patched.

    3. Re:Legal spybot generation guide by theJML · · Score: 2, Funny

      Next thing you know they'll be selling it on E-bay. Buy it now for $5.95+s/h. Now you can learn how to start your own business and pull in thousands of dollars a week from your 1 bedroom apartment!

      --
      -=JML=-
  4. Hmmm... by Otter · · Score: 2, Funny
    Now that Jeanson James Ancheta has plead guilty to spamming, computer misuse and fraud...

    I read that thinking "Jenna Jameson did what? And how badly did the submitter mangle her name?"

    --
    What I'm listening to now on Pandora...
    1. Re:Hmmm... by gowen · · Score: 5, Funny
      "Jenna Jameson did what?"
      I believe the answer to that question is "Practically everyone"
      --
      Athletic Scholarships to universities make as much sense as academic scholarships to sports teams.
    2. Re:Hmmm... by Pollardito · · Score: 2, Funny

      yet another mangled submission that can be chalked up to typing with one hand

  5. Problems with today's internet. by PlayCleverFully · · Score: 4, Interesting

    I am a teenager and I have gotten in trouble with school for "hacking"

    I had no malintentions, but I see why they have to do such penalties.

    However, the main problem is that the code is not secure, not that I was messing around during a free period and found a way to bypass the "security."

    I encourage students and others curious to set their own "box" up and use that to "hack" into.

    I do not see hobbyist computer hacking as a REAL threat, because if they can hack into a system, that system is definitely NOT secure from true hackers with illegal, immoral fraud schemes, etc in mind.

    Remember, set up your own comp to hack into, you will gain the knowledge from seeing how these things work, and not get in trouble.

    --
    Windows? I haven't used that since 1999. Fix the Slashdot Problems
    1. Re:Problems with today's internet. by SnarfQuest · · Score: 5, Insightful

      1. The correct word is cracking not hacking. Hacking was originally a word representing something good and useful, but has been taken over by the news media to bean somethine vile and disguisting. Cracking means breaking into something, in order to do vile and dispicable things. What you were doing was cracking, not hacking.

      2. However, the main problem is that the code is not secure, not that I was messing around during a free period and found a way to bypass the "security."

      So, if I threw a brick through a window of your home, would you thank me for showing that it was not "secure"? Especially after I backed up a sewage truck to the broken window and unloaded it into your house? Why shouldn't IT people be upset when you dump your shit into their systems?

      3. I do not see hobbyist computer hacking as a REAL threat, because if they can hack into a system, that system is definitely NOT secure from true hackers with illegal, immoral fraud schemes, etc in mind.

      I don't think you should get upset when I dump a tanker full of shit into your house, because it's possible that someone who was a REAL threat might someday come around, they could do something worse. Your house isn't completely secure, so you should thank me for that tanker full of shit.

      4. Oh, and every time you fix your house, I'll just try to find another way to fill it full of shit.

      You can thank me in advance.

      --
      Who would win this election: Andrew Weiner vs Andrew Weiner's weiner.
    2. Re:Problems with today's internet. by Billosaur · · Score: 4, Insightful
      I am a teenager and I have gotten in trouble with school for "hacking"

      Good. That's the idea.

      I had no malintentions, but I see why they have to do such penalties.

      Word of advice: instead of hacking, trying paying attention in English class, specifically grammar.

      However, the main problem is that the code is not secure, not that I was messing around during a free period and found a way to bypass the "security."

      The problem is that you don't see your hacking as a problem. No one asked you to hack their system, it is not your job to test the school's security, and frankly it is irresponsible. That's like saying the main problem is they lock the vaults, noth that I'm trying to break in and rob the bank.

      I encourage students and others curious to set their own "box" up and use that to "hack" into.

      That's fine, though perhaps instead of hacking you could be learning to churn out first-class code to do useful work.

      I do not see hobbyist computer hacking as a REAL threat, because if they can hack into a system, that system is definitely NOT secure from true hackers with illegal, immoral fraud schemes, etc in mind.

      Since when is hacking a hobby? You're trying to compromise a computer system, which is fine if it's your own system, but illegal if it's not. The level of security of the system does not matter, what matters is the system is not your plaything.

      Remember, set up your own comp to hack into, you will gain the knowledge from seeing how these things work, and not get in trouble.

      Try simply reading books and taking courses in computer programming from people with knowledge and passion and you'll learn a lot more.

      --
      GetOuttaMySpace - The Anti-Social Network
    3. Re:Problems with today's internet. by mooingyak · · Score: 5, Insightful

      The correct word is cracking not hacking

      Language evolves over time, and sometimes out of the control of the group that originally coined the phrase(s). Of course the real problem is that the word 'hacking' (or hacker or any other variation) is a piss poor choice of a word if you want it to be associated with something good. His use of the word hacking is just fine, even if it doesn't mean now what it used to.

      Second, while I agree that he has no right to bypass security and enter other people's systems, he's also not dumping shit all over. He's not doing any permanent damage or anything that takes time/effort/money to fix. It's much closer to noticing that someone's front door is unlocked, and then letting yourself in and looking around a bit. He might see some things that no one wanted him to see, and they might have to take some steps to convince themselves that he really didn't steal or damage anything. That's about it. No dumptrucks full of sewage.

      Again, that doesn't make it okay, it just means that the real damage isn't quite what you described.

      --
      William of Ockham had no beard. The most likely explanation is that it was chewed off by squirrels every morning.
    4. Re:Problems with today's internet. by javaxman · · Score: 3, Insightful
      You are dead on with most of your comments, except...

      Since when is hacking a hobby?

      Pretty much since computers had a way to communicate with one another... actually, before then, surely someone here has a story of trying to escalate their user privileges on some mainframe system somewhere. For most people who get into what should more correctly be called cracking, it's just something done for fun- trying to do something you aren't supposed to be able to do.

      Yea, it may seem to you like breaking into computer systems is a hobby like breaking into houses is a hobby, but really, it's a hobby and it's been a hobby for a long, long time. Not a great hobby, not one that should be encouraged, but it's still a hobby. I'd encourage anyone thinking about picking up that hobby to waste time writing games, creating websites, and reading instead, though... it's best to have a hobby that can't result in jail time.

    5. Re:Problems with today's internet. by DeanFox · · Score: 3, Insightful


      Imagine a time when you're no longer a teenager and have your own home.

      If while at work, some neighbor kid is picking the locks to your home. He's pushing and pulling on the windows to see if they'll open. Perhaps seeing if reaching in from a dog door he can open the door lock.

      After discovering the "insecurities" of your home, he lets himself in and does a walk through of your house. Perhaps taking a mental inventory of your music collection and admiring your PC setup. He leaves, stealing nothing.

      You get home from work and figure out someone has been in your home. You call the police and they catch this kid while he's looking around inside another neighbors house.

      Taking him to jail, all the time he's crying "but I just did it out of curiosity! They should be thankful I wasn't a *real* burglar". On and on he cries...

      Grow up and start respecting other people's property. They didn't use you as an example; they punished you for the crime you committed.

      JMHO

  6. There's a Botnet named Brain? by Prairiewest · · Score: 2, Funny

    Every once in a while I misread the Slashdot article titles - albeit because they're worded in such as way as to be easily misconstrued. Do the editors do this on purpose just to mess with my head? Is that part of the fun of being an editor? :)

  7. Thats all? by catahoula10 · · Score: 5, Interesting

    From the link:
    "Under a plea agreement, Mr Ancheta is expected to receive from four years to six years in prison when he is sentenced on 1 May, though the deal has to be approved by a judge.
    He also agreed to pay $15,000 (£8,800) in restitution to the military facilities affected and forfeit the proceeds of his illicit activities, including more than $60,000 (£35,000) in cash and a 1993 BMW. "

    Anyone believe he had only 60 thousand in the bank?

    4-6 years, will probably get out in 2.

    Just a slap on the hand.

    --
    This has been another valuable and informative opinion from:
    Catahoula!
    1. Re:Thats all? by John+Hasler · · Score: 3, Insightful

      > Just a slap on the hand.

      Even two years in prison is certainly not a "slap on the hand". The problem here is not insufficient punishment. it's insufficient enforcement. If he had not made the mistake of breaking into military computers he would have never been prosecuted.

      --
      Warning: this article may contain humor, sarcasm, parody, and perhaps even irony. Read at your own risk.
    2. Re:Thats all? by abbamouse · · Score: 3, Insightful

      This is a federal trial. There is no parole in federal prison. Six years means six years. Oh, and I suspect they'll insist on the standard "you can't work with a computer" clause that will keep the guy from making a decent living for another decade after he leaves prison.

      Not that I have any sympathy for the scum.

      --
      Make cheese not war 8:)
  8. If he was smart... by Opportunist · · Score: 2

    he'd have made sure his bots don't infect .mil and .gov computers, and nobody would've cared...

    --
    We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
  9. "ZOMG HE HAXORED TEH MILITARY!11!111" by Caspian · · Score: 3, Interesting

    The "mainstream media" story on this guy that I read (on cnn.com, probably provided via the Associated Press) prominently mentioned the fact that some of the computers this guy controlled were military computers. The first thing that struck me upon reading that was "they're just trying to make tihs guy seem more sinister than he actually is; his software probably infected those military computers randomly, the same way they infected any others." How much do you wanna bet that all this "ZOMG HE HAXORED TEH MILITARY!11!111 EVIL TERORIST HAXOR!111!111" brouhaha boils down to some lame-brained civvies working menial office or consulting jobs for the military getting their work machines (connected to the commodity Internet) infected?

    The story was phrased in such a way that would easily make a technologically naive reader go "Wow, he 'hacked into' the military, so evil", but in reality, it was probably all done by his software.

    --
    With spending like this, exactly what are "conservatives" conserving?
  10. So that's how he got caught... by thePowerOfGrayskull · · Score: 2, Funny

    He also agreed to pay $15,000 (£8,800) in restitution to the military facilities affected and forfeit the proceeds of his illicit activities, including more than $60,000 (£35,000) in cash and a 1993 BMW.
    If he hadn't have gotten that BMW, they might have never suspected...

  11. Now that's an interesting legal precedent by 77Punker · · Score: 2, Funny

    The botnet brain plead guilty. That's really something. Now that a neural network of computers can be put on trial in court, what's next for our judicial system? Also, when did a "brain" of computers gain the ability to reason its own guilt?

    Well, no time to read the summary. Gotta go to class!

  12. I wonder if MS could get more bang for its buck... by buddyglass · · Score: 3, Insightful

    ...by just offering bounties to law enforcement agencies for the arrest and incarceration of guys like this? I mean, they've got cash to burn, and are by all accounts sinking alot into security enhancement, regardless of how effective you think that effort has been. Maybe offering $100k to the individual(s) responsible for getting a conviction would motivate law enforcment officials to devote more energy to these types of crimes. MS could also supply engineers with technical expertise if a smaller agency didn't have the requisite know-how in-house.

  13. heh by JavaLord · · Score: 3, Funny

    From Page 2 of the pdf:

    ACHETA used the following usernames ...., IamJames85@yahoo.com...

    That must have been a tough catch. Obviously this man is a super hacker.

  14. Re:KILL ALL HYPOCRITES! by Tarkadot · · Score: 2, Insightful

    Which would be what?
    Having to offer a coupon for 5$ worth of free pop-ups to each of his victims?

  15. Send presents by www.sorehands.com · · Score: 3, Funny

    Why not send his cellmate some of the penis enlargment pills and cialis pills that his botnet sent?

    --
    Fight Spammers!
  16. Re: Liability by mmell · · Score: 2, Funny
    Poor analogy. A computer OS is not like a pane of glass; it's understood that the glass windows on your house are subject to breaking easily, it's inherent in their nature. You can't say the same thing about Microsoft Wind. . .

    Oh, wait. Never mind.

  17. Re:Good deal for him by budgenator · · Score: 2, Informative

    No he'll serve a minimum of four years inside, and to get out early he'll have to
    agree to the terms of parole which will cover at least the remainder of the six years
    1. no computer or internet access
    2. his residence is searchable without probable cause
    3. he'll have to pay the restition (at least $15,000) and for his weekly appointments with his parole officer.
    4 he'll have to pay interest and penalties to the IRS for the income on ttheillicit proceeds he had to surrender.
    5. and of course he'll have to maintain a job while on parole and afterwards, probably flipping hamburgers for minimum wage

    he's fucked in ways most of us will never understand, just consider the implications of items 3 through 5.

    --
    Apocalypse Cancelled, Sorry, No Ticket Refunds
  18. Re:Rope. Tree. Neck. by Cheeze · · Score: 3, Funny

    I think they should ship him off to India to be a tech support lackey for a few years. At least then, he indirectly gets to clean up his own mess.

    --
    Why read the article when I can just make up a snap judgement?
  19. Doh! Forgot one line in my botnet program. by pahoran · · Score: 2, Funny

    He'd be rich now if he hadn't forgotten this little snippet:

    if (hostname == chinalake.mil ||
            hostname == disa.mil ||
            hostname == *.mil) { /* don't try to exploit this network */

    }

    --
    I'd give my right arm to be ambidextrous.