Botnet Brain Pleads Guilty

spge writes "Now that Jeanson James Ancheta has plead guilty to spamming, computer misuse and fraud, it might be worth scanning through the original indictment document, which includes a step-by-step account of how someone goes about setting up an adware business, manages botnets and (thankfully) gets caught." From the BBC article: "'Mr Ancheta was responsible for a particularly insidious string of crimes,' said a spokesman for the US attorney's office in Los Angeles, Thom Mrozek. 'He hijacked somewhere in the area of half a million computer systems. This not only affected computers like the one in your home, but it allowed him and others to orchestrate large-scale attacks.'" We discussed Ancheta's arrest back in October of last year.

Problems with today's internet.

[PlayCleverFully]

I am a teenager and I have gotten in trouble with school for "hacking"

I had no malintentions, but I see why they have to do such penalties.

However, the main problem is that the code is not secure, not that I was messing around during a free period and found a way to bypass the "security."

I encourage students and others curious to set their own "box" up and use that to "hack" into.

I do not see hobbyist computer hacking as a REAL threat, because if they can hack into a system, that system is definitely NOT secure from true hackers with illegal, immoral fraud schemes, etc in mind.

Remember, set up your own comp to hack into, you will gain the knowledge from seeing how these things work, and not get in trouble.

Re:Problems with today's internet.

[SnarfQuest]

1. The correct word is cracking not hacking. Hacking was originally a word representing something good and useful, but has been taken over by the news media to bean somethine vile and disguisting. Cracking means breaking into something, in order to do vile and dispicable things. What you were doing was cracking, not hacking.

2. However, the main problem is that the code is not secure, not that I was messing around during a free period and found a way to bypass the "security."

So, if I threw a brick through a window of your home, would you thank me for showing that it was not "secure"? Especially after I backed up a sewage truck to the broken window and unloaded it into your house? Why shouldn't IT people be upset when you dump your shit into their systems?

3. I do not see hobbyist computer hacking as a REAL threat, because if they can hack into a system, that system is definitely NOT secure from true hackers with illegal, immoral fraud schemes, etc in mind.

I don't think you should get upset when I dump a tanker full of shit into your house, because it's possible that someone who was a REAL threat might someday come around, they could do something worse. Your house isn't completely secure, so you should thank me for that tanker full of shit.

4. Oh, and every time you fix your house, I'll just try to find another way to fill it full of shit.

You can thank me in advance.

Re:Problems with today's internet.

[Billosaur]

I am a teenager and I have gotten in trouble with school for "hacking"

Good. That's the idea.

I had no malintentions, but I see why they have to do such penalties.

Word of advice: instead of hacking, trying paying attention in English class, specifically grammar.

However, the main problem is that the code is not secure, not that I was messing around during a free period and found a way to bypass the "security."

The problem is that you don't see your hacking as a problem. No one asked you to hack their system, it is not your job to test the school's security, and frankly it is irresponsible. That's like saying the main problem is they lock the vaults, noth that I'm trying to break in and rob the bank.

I encourage students and others curious to set their own "box" up and use that to "hack" into.

That's fine, though perhaps instead of hacking you could be learning to churn out first-class code to do useful work.

I do not see hobbyist computer hacking as a REAL threat, because if they can hack into a system, that system is definitely NOT secure from true hackers with illegal, immoral fraud schemes, etc in mind.

Since when is hacking a hobby? You're trying to compromise a computer system, which is fine if it's your own system, but illegal if it's not. The level of security of the system does not matter, what matters is the system is not your plaything.

Remember, set up your own comp to hack into, you will gain the knowledge from seeing how these things work, and not get in trouble.

Try simply reading books and taking courses in computer programming from people with knowledge and passion and you'll learn a lot more.

Re:Problems with today's internet.

[mooingyak]

The correct word is cracking not hacking

Language evolves over time, and sometimes out of the control of the group that originally coined the phrase(s). Of course the real problem is that the word 'hacking' (or hacker or any other variation) is a piss poor choice of a word if you want it to be associated with something good. His use of the word hacking is just fine, even if it doesn't mean now what it used to.

Second, while I agree that he has no right to bypass security and enter other people's systems, he's also not dumping shit all over. He's not doing any permanent damage or anything that takes time/effort/money to fix. It's much closer to noticing that someone's front door is unlocked, and then letting yourself in and looking around a bit. He might see some things that no one wanted him to see, and they might have to take some steps to convince themselves that he really didn't steal or damage anything. That's about it. No dumptrucks full of sewage.

Again, that doesn't make it okay, it just means that the real damage isn't quite what you described.

Re:Problems with today's internet.

[javaxman]

You are dead on with most of your comments, except...

Since when is hacking a hobby?

Pretty much since computers had a way to communicate with one another... actually, before then, surely someone here has a story of trying to escalate their user privileges on some mainframe system somewhere. For most people who get into what should more correctly be called cracking, it's just something done for fun- trying to do something you aren't supposed to be able to do.

Yea, it may seem to you like breaking into computer systems is a hobby like breaking into houses is a hobby, but really, it's a hobby and it's been a hobby for a long, long time. Not a great hobby, not one that should be encouraged, but it's still a hobby. I'd encourage anyone thinking about picking up that hobby to waste time writing games, creating websites, and reading instead, though... it's best to have a hobby that can't result in jail time.

Re:Problems with today's internet.

[DeanFox]

Imagine a time when you're no longer a teenager and have your own home.

If while at work, some neighbor kid is picking the locks to your home. He's pushing and pulling on the windows to see if they'll open. Perhaps seeing if reaching in from a dog door he can open the door lock.

After discovering the "insecurities" of your home, he lets himself in and does a walk through of your house. Perhaps taking a mental inventory of your music collection and admiring your PC setup. He leaves, stealing nothing.

You get home from work and figure out someone has been in your home. You call the police and they catch this kid while he's looking around inside another neighbors house.

Taking him to jail, all the time he's crying "but I just did it out of curiosity! They should be thankful I wasn't a *real* burglar". On and on he cries...

Grow up and start respecting other people's property. They didn't use you as an example; they punished you for the crime you committed.

JMHO

Re:Legal spybot generation guide

[Rob+T+Firefly]

Also a free and legal guide to stopping things set up in this way from working.

Thats all?

[catahoula10]

From the link:
"Under a plea agreement, Mr Ancheta is expected to receive from four years to six years in prison when he is sentenced on 1 May, though the deal has to be approved by a judge.
He also agreed to pay $15,000 (£8,800) in restitution to the military facilities affected and forfeit the proceeds of his illicit activities, including more than $60,000 (£35,000) in cash and a 1993 BMW. "

Anyone believe he had only 60 thousand in the bank?

4-6 years, will probably get out in 2.

Just a slap on the hand.

Re:Thats all?

[John+Hasler]

> Just a slap on the hand.

Even two years in prison is certainly not a "slap on the hand". The problem here is not insufficient punishment. it's insufficient enforcement. If he had not made the mistake of breaking into military computers he would have never been prosecuted.

Re:Thats all?

[abbamouse]

This is a federal trial. There is no parole in federal prison. Six years means six years. Oh, and I suspect they'll insist on the standard "you can't work with a computer" clause that will keep the guy from making a decent living for another decade after he leaves prison.

Not that I have any sympathy for the scum.

"ZOMG HE HAXORED TEH MILITARY!11!111"

[Caspian]

The "mainstream media" story on this guy that I read (on cnn.com, probably provided via the Associated Press) prominently mentioned the fact that some of the computers this guy controlled were military computers. The first thing that struck me upon reading that was "they're just trying to make tihs guy seem more sinister than he actually is; his software probably infected those military computers randomly, the same way they infected any others." How much do you wanna bet that all this "ZOMG HE HAXORED TEH MILITARY!11!111 EVIL TERORIST HAXOR!111!111" brouhaha boils down to some lame-brained civvies working menial office or consulting jobs for the military getting their work machines (connected to the commodity Internet) infected?

The story was phrased in such a way that would easily make a technologically naive reader go "Wow, he 'hacked into' the military, so evil", but in reality, it was probably all done by his software.

Re:Hmmm...

[gowen]

"Jenna Jameson did what?"

I believe the answer to that question is "Practically everyone"

I wonder if MS could get more bang for its buck...

[buddyglass]

...by just offering bounties to law enforcement agencies for the arrest and incarceration of guys like this? I mean, they've got cash to burn, and are by all accounts sinking alot into security enhancement, regardless of how effective you think that effort has been. Maybe offering $100k to the individual(s) responsible for getting a conviction would motivate law enforcment officials to devote more energy to these types of crimes. MS could also supply engineers with technical expertise if a smaller agency didn't have the requisite know-how in-house.

heh

[JavaLord]

From Page 2 of the pdf:

ACHETA used the following usernames ...., IamJames85@yahoo.com...

That must have been a tough catch. Obviously this man is a super hacker.

Send presents

[www.sorehands.com]

Why not send his cellmate some of the penis enlargment pills and cialis pills that his botnet sent?

Re:Rope. Tree. Neck.

[Cheeze]

I think they should ship him off to India to be a tech support lackey for a few years. At least then, he indirectly gets to clean up his own mess.