Slashdot Mirror
Interview with a Botmaster
An anonymous reader writes "The Washington Post is running a fascinating feature profiling a couple of botnet operators who make thousands of dollars each month installing adware on machines they infect. This is by far the most detailed examination of this issue I've seen so far -- and includes an interview with the CEO of 180Solutions, as well as interviews with some of the botmasters' victims. From the story: 'Most days, I just sit at home and chat online while I make money,' 0x80 says. 'I get one check like every 15 days in the mail for a few hundred bucks, and a buncha others I get from banks in Canada every 30 days.' He says his work earns him an average of $6,800 per month, although he's made as much as $10,000. Not bad money for a high school dropout.'"
This is sick. This is a terrible misuse of the internet. People installing this sort of software on other peoples' computers should be shot on sight - or connection. There needs to be a removal of the incentive for them - such as cutting the money they would receive down to almost nothing.
Show this to your friends and family that don't know what a real hacker is
So he sits home and chat all day? that sounds like a pretty empty and dull life to me.
I would not mind not having to work for the money, but i would properly do some programming or simular nerd activites.
Just sitting and chatting is okay, but not allday everyday.
Freedom or George Bush
I see a mod of "monster" hunters in this guy's future. --on the other hand, that's a nice chunk of change per month.. Oh, Wait... I've had to remove that Ad-Ware from customer machines... He's a witch. BURN HIM!!!!
Selling crack to highschoolers he could make a multiple of that.
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
I'm frankly astounded that no other major newspaper has a guy on the computer security beat full time, though technically I think Brian Krebs is attached to the Post's Web site. In any event, I think Krebs is absolutely the best reporter writing about computer security in the mainstream media today. At least since I stopped :-).
The young hacker, who has agreed to be interviewed only if he isn't identified by name or home town,...
... I'm sorta surprised they haven't caught me yet," he says.
From the attached photo: LOCATION: Roland, OK
"To tell the truth
Oops.
Follow your Euro bills at EBT
It's not victimless crime.
Just think if you're running mon & pop business and your daily earnings depends on PC that is infected.
Also, how do you explain that XXX icon's are popping up on your desktop to wife who uses same computer or is very religious?
I can think multiple ways what he does could hurt people in their private life or business.
Also, doesn't infecting one computer also open door to others too? What's stops from somebody else taking over already installed exploits and take with him/her stuff like passwords etc.?
On the other hand, some plame does go to MS and major tehcnology players. These kind of problems shouldn't be totally unexpected. Either there should be somekind of requirements akin to drivers license to go to Net or solutions should be such that no highschool dropout could hack himself in when he likes to.
Nobody knows the trouble I've seen, nobody knows has the trouble seen me, even I sometimes wonder why I write these line
It is a fascinating article, a kind of anti-CEBIT that must be played out in thousands of trailer parks and down-at-heel developments all over the world. No real surprises, though. Organized criminal activities are probably the same everywhere: long periods of boredom punctuated by brief spurts of intense activity, and all supported by lies of the "Naturally I wouldn't sink this low if my victims weren't so dumb they deserved it" kind.
I'd still like to see the CEO's of the top six IT companies put on a public platform and made to answer some tough questions. Like, with all their personal billions and access to hundreds of billions in corporate funds, what are they actually doing to track down guys like these and nail them? So far as I can see, the answer is "As little as we can get away with". And the Feds seem to be used as a get out: we've handed the matter over to the Feds so there's absoutely nothing we can do, nudge nudge wink wink, wanna buy Symantec Internet Security cheap to you squire?
Until the IT industry grows up enough to start dealing with some of the consequences it has created, I don't think it deserves anyone's support. And meanwhile Botmaster Dirtbags everywhere will continue to flourish. Just my two cents.
Las qué passoun
tournoun pas maï
is that what we are calling script kiddies these days?
There are only around 1500 males resident in the town, that's not a large haystack.
I kill botmasters for money. Quick and Discrete. Give target's name and credit card number (with sec. code) on the thread to order.
You're just jealous because I've been chatting online with hot babes all day!
The first, Bill Gates, when are you going to produce a secure OS that does not get owned in the millions by the first kiddy who tries?
The second to Joe "Windows == computers" Average, when are you going to treath your computer like you would treath your house or car and lock it properly and not put all you valuables on the seat of your convertable with the top down?
Botnets exist for two reasons, lousy software and the people that use it. Not very suprising the article totally failed to touch on this issue. I wonder how much MSFT spends in advertising at the wasinghton post.
MMO Quests are like orgasms:
You may solo them, I prefer them in a group.
$6800-$10000 per month income. As checks. I'd bet that:
1. None of these companies are withholding federal and state taxes and social security
2. I'm also pretty sure he's not getting 1099'd either
3. He does not report this money as income
The IRS would love to get their mitts on this guy. Any income (including illegal income) is still taxable income to them.
I tried every decent and legal way I could think of to resolve the issue w/the business before I rented the chicken suit
Sounds like he's painted as someone in an economically depressed area with few opportunities, using his skills to make a lot of money for himself.
Which would be the same as with a lot of criminal activities, it seems.
By the end of TFA he's wondering why he hasn't been caught yet, waiting for his little game to blow up in his face. Then talking about joining the Army so he can get into college and make a sustainable future for himself.
Interesting perspective. Not a bad article.
The worst thing is that Microsoft is going to make m/billions more by charging $49.95 a year from every freaked-out Windows user who reads this article and it still won't do a damn thing to help them.
I might know what I'm talkin' about, but then again, this is Slashdot...
Whilst I don't like scum like the guy interviewed in TFA, if there was no financial incentive the professional botmasters would have to, you know, actually earn a living somehow other than screwing people over.
It's a cop out for the companies whose software is being installed to say, "Hey! Look, guys, honestly, we don't know anything about it!" They don't really care.
It's even more of a cop out for the companies whose ads are running on the adware that's being used - "We didn't know it was going to be showing without users' consent!" But they don't care either.
If companies showed some sort of sense of ethics this wouldn't happen. HAH! There's no room for ethics in business today.
One has little impact on anyone but himself, the other causes headaches for people all over the world.
Some priorities!
There are times when I wonder why some people think it's "cool" to pervert technology. Phone Phreaks, crackers, virus writers, and now botnets. I've seen them for almost 25 years, and each generation uses the same lame justifications for their behavior. "It's easy money." "It's free." "People are dumb." "If I didn't do it, someone else would." etc., etc., etc.
It isn't cool, and it's not a "victimless crime." People who get infected are victims, because they have software they don't want on their computers, risk identity theft, suffer through poor performance with their computers, and end up having to pay someone to help them. Companies and businesses lose, because they have to spend money and time fixing problems that could be spent doing something productive. We all are victims, since each one of those botnets create problems for us by taking useful services off-line through DDOS attacks, or forcing admins to block traffic from various IP's - and we might just be in that batch of blocked IPs. Even the ad company's are getting ripped off.
I found this quote from the article ironic: "It sucks, too, because the companies will shaft you, and there isn't a lot you can do about it," says Majy, 19, who claims to have had as many as 30,000 computers in his botnet."
He's complaining about being ripped off by the people he's trying to rip off! Excuse me while I devote a nanosecond to feeling sorry for him. They need to get a clue. Yeah, maybe with a real education and job you won't make 10 grand a month now and then. But, you also don't have to worry about people crashing through your door, and spending a few years getting pwned by the guys at the prison.
These articles are just so wrong on so many levels. First the accuracy. "Adware also known as spyware"? Now I know there are similarities but you can't say they are one in the same. Many other small inaccuracies. Then you have the victims who admit they would rather buy a new computer than fix the one they have. Come on! It's just your OS! Reload it! And they don't want to be bothered with learning how to secure their computer. Then the sysadmin who is notified that he has 10,000 machines on his network infected and he doesn't know what to do about it. And finally are the people involved in the underbelly of the botnet/spyware scene. The guy lets cigarette ashes drop onto his laptop and has to "gently kick away" a dog with matted fur. What a loser. I don't care how much money he makes. I'd much rather make my own modest income which is enough to live in a nice little house. Then the way the people involved treat each other. I swear this article was about all the different ways they screw each other. Then 180 Solutions. These are the ones to actually collect the money from the advertisers. At least they could be honest in what they do. Wait, no they couldn't. If they were honest, they'd be out of business. It was an entertaining and fascinating read. But all I can do is shake my head. Wow.
But why is the rum gone?
So the botnet guy is getting his money, and when someone has to call you to clean up, you get paid, too. Where's the real incentive for anyone with technical knowledge to make real advances in protection against these kinds of intrusions?
Admission: I am also the guy who gets paid to clean up adware, among other things. Adware cleaning is quite the profitable business, and there's little risk to it, since anything that goes wrong can be attributed to the malicious software, which the client is already embarrassed about having.
Web 2.0 == Giant Blogspam Circle Jerk
Instead of going after every "botmaster", lets unite as geeks and nerds for justice and take down the enablers of these cybercrimes. Starting with www.180solutions.com
Meh.
From TFA:
0x80 says he got into writing viruses by accident after logging onto an AOL chat room named "Lesbians Only."
.]
"Someone sent me a virus that made it so that every time I typed anything on the keyboard it would pop a message up on the screen that said, 'I'M [expletive] GAY!'" 0x80 recalls. [. .
After that, 0x80 became obsessed with computer viruses and dedicated nearly all his time to tinkering with them.
So if any of you know the moron who spent his free time 7 years ago distributing comical viruses via lame AOL chat rooms. . . give him this message: the tech community which spends disgusting amounts of time fixing the problems your prodigy generates would like a word with you.
Come alone.
I just verified the location data in those two jpegs. I dragged the picture on my desktop (using Mac OS X) and clicked on 'Get Info'. E voila: Roland, OK. The info is still there.
It's still available on MirrorDot http://www.mirrordot.com/stories/98b92267951eee741 f97b5b169fd1236/index.html and does indeed contain the location...
SLUG: mag/hacker DATE: 12/19/2005 PHOTOGRAPHER: Sarah L. Voisin/TWP id#: LOCATION: Roland, OK
CAPTION:
PICTURED:
Not that I would ever do this, but am I the only one who finds the whole thing interesting? Who hasn't watched a movie with some high rolling criminal dude and thought, on some level, weeeee. Botnets are the perfect area for the average person to enter the world of illegal profit with a minimum of hassle. Be your own crime boss! And nobody dies! No children get sold drugs! This is a chance to make money, and get that special little naughty feeling, with very little moral violation. I just point this out to help emphasize the overall difficulty on stopping this sort of behavior, of course.
...
Check out the Washington Post's multimedia search results for roland, ok. The first three appear to be from this article and all indicate a location of Roland, OK in the search results.
You can see the pictures themselves
The metadata on the photos appears to be intact so I have no reason to doubt that the location information in the caption of each photo is accurate as well, although I suppose it could be disinformation or the place the photographer downloaded them or whatever. I had intended to display the metadata (EXIF picture/camera/exposure info + IPTC captions, etc) for each of the files here, but you'll have to go look at it yourselves because I can't quickly find a utility to export all of it to a nice text file. Even the small thumbnail photos still embedded in the story have the caption info showing the location, so just go expolore if you're looking for it.
1u3hr:
Not that anyone on slashdot really needs this, but here's the town on Google Maps.
From the story:
Gee, I wonder if we can find any user-car lots, gas stations or strip clubs in Roland, OK? Hmmm....
Well, here's the strip clubs and here's the used-car lots and here's the gas stations.
And ya know what I reckon? I reckon the asshole's house is probably right about here . Given the businesses described above, I'm guessing somewhere very close to the intersection of Broadway and South Main St.
He's described in the article as 21, which might be a decent starting point. Anyone in the vicinity feel like going through the local highschool's yearbook for the guy? Note that, as the story helpfully mentioned, he's a highschool dropout, so that might even make it even easier.
Well his details have been outed by the meta content of the jpeg. He's just dumb. Why?
"He claims he doesn't care but then confesses that he dedicates quite a bit of time to covering his tracks. "I do stay up very late each night trying to make sure nobody is going to kick in my front door . . . If I do [get caught], I'm not all that worried. I've got enough money. I can always get a good lawyer."
I've got enough money? Nope as your money is proceeds from a criminal enterprise, it is most certainly going to be frozen as restitution to his victims. Even if he makes $10,000 per month, a defense of these sorts of crimes is going to cost several hundred thousand dollars. I doubt very much this guys is saving much money. He just doesn't know how much these things cost. My prediction for this guy. 5 years in "pound me in the ass" federal prison.
Young and stupid.
Thalasar
...of the people who frequent /., a lot of you sure seem to be ignorant. How many of you actually completed reading the article? You're quick to talk all kinds of smack about this guy, what a douche he is, etc. but it seems nobody has read near the end of the article where he talks of coming to realize that what he's doing can't last forever, and isn't really all that great, and that he is actually looking at making something of himself instead of doing the crap he currently is. While I don't like what he's been doing, I do applaud his self realization, and the fact that on his own he is admitting it's not great, and actually voices aspirations to do better things, to gain a little discipline. The knowledge he has now and uses to do bad could just as easily be used to do good, and be every bit as lucrative and exciting for him.
Just a little advice folks, as with anything else, be sure to have the whole picture/story before going off half cocked, because it makes you look as dumb as the kid in the article sounds.
The usual places where you rent botnets, Specialham and Spamforum are down today. When the heat is on, they tend to go offline, but come back in days or weeks.
- 21 years Old
- Lives in Roland, OK
- Smokes cigarettes. Article mentions Marlboros but that's not what fills his ashtray (cigarettes with a white butt)
- blond hair (at least blond looking hairs on his arms)
- hair that covers his eyebrows
- lives with his parents in a "brick rambler"
- Mother is "really Christian"
- has a dog ("A small dog with matted fur")
- "accent a slurry of heavy Southern drawl and Midwestern nasality"
- is skinny ( "wiry frame", "tall and lanky", sez the article )
- high school dropout
- was an AOL customer 7 years ago
Roland has pop ~3000. Easy as hell
The guy really wants to get caught if he leaves that much information be published...
Anyone feels like saying him "hello", couldn't take more than 2 days to find him ;-)
One shall speak only if what one has to say is more beautiful than silence
It's not too surprising in some ways - I suspect the journalist behind the story didn't think anything of including a few splashes of what he thought to be completely generic local colour (eg. by mentioning the nearby businesses). But it all starts caving in around that one huge mistake of revealing the town in the image metatags.
If it wasn't such a small town, it might still be too difficult to find the guy. But with the above info, as you say, even a dedicated ordinary person should be able to find him with a bit of detective work. The police of course would find him much faster - if they could be motivated to look :-).
And who knows? The journalist could have dropped in a few bits of irrelevant bullshit just in case, to mislead any pissed-off geek detectives :). I have no idea how to guess if that's likely or not. The only thing I'm pretty damn sure about is that the 0x80 guy would have talked up his age a year or two to make himself 21.
Maybe it's just me, but I'm having trouble imagining a kid spending three (or more, depending on when exactly he dropped out of school) years living with his parents in a tiny little town like that, doing nothing more than IRCing and script kiddie "work". One or two, sure. Three or more... hm. How fucking depressing.
Yeah, you're right of course ... And actually I do remember the first few links being relevant ... I suppose my initial memory of the event was obscured by the porno just a few links down ... damn you porno, damn you
Okay, after a double-check I think I stuffed it up. Second try - I think Cheyenne Gentlemen's Club is the strip club, LP Bottle Express is the gas/convenience store (which didn't show up when I searched for "gas station", but did for just "gas" - and the name sounds like a convenience store), and Blue Ribbon Chevrolet is the used-car place.
If so, he'd be located about here . Just about halfway between the strip club and gas station on one side, and the used-car place on the other.
I think this fits much better than my previous attempt - which was way closer to Muldrow than Roland, and too close to a "Main" street that'd have lots of other businesses.
I never thought that journalists might leave metadata in their images -- I thought that they'd have some sort of automated content management system that would take in a TIFF or whatever and spit out a JPEG of the appropriate size for the current design of the web page.
I'm now wondering how many other news stories might have very much unintended data leaks through metadata tags in images. Possibly quite a hell of a lot.
Any program relying on (nontrivial) preemptive multithreading will be buggy.
He actually has half of his face in one of the pictures, and his mouth in another. If one were so inclined, you could splice together the two images to create something that looks like
this.
Not as great as a mugshot, especially with the slightly different perspectives of the two pictures, but it might do. A little reconstruction by a skilled artist, and you could have a really accurate full-face.
He must have gone to Roland High School. Anyone want to give them a call? (918) 427-7419
I feel bad if this kid really had been planning on getting out, but I've known people who "planned" on getting out for years and never did. And I've been cleaning spyware crap off of people's computers for years.
The ______ Agenda
Well, I think there's a couple of approaches you could take. First, from the story:
Perhaps try to contact someone at the FBI? Don't they have a computer-crime-specific department yet? If you could track down the top agent that dealt with the above guy, you might at least get a pointer to the right place to call. Second, also from the story:
Hmm. Access to thousands of government and military email accounts. Hello, Department of Homeland "Security"? Sounds like getting this dude would be about as useful as anything else they've ever done. :-)
You didn't find out what he had for breakfast this morning?