Slashdot Mirror

← Back to Stories (view on slashdot.org)

US Bot Herder Admits Infecting 250K Machines

Posted by kdawson on from the security-consultant-gone-wild dept.

AceCaseOR writes "In Los Angeles criminal court, security consultant John Schiefer, 26, has admitted infecting the systems of his clients with viruses to form a botnet containing a maximum of 250,000 systems. Schiefer used his zombies to steal users' PayPal usernames and passwords to make unauthorized purchases, as well as to install adware on their computers without their consent. Schiefer agreed to plead guilty to four felony charges of accessing protected computers to commit fraud, disclosing illegally intercepted electronic communications, wire fraud, and bank fraud. He will be sentenced Dec. 3 and faces up to 60 years in prison and a fine of $1.75 million."

7 of 206 comments (clear)

  1. A better article, names companies involved, etc. by trolltalk.com · · Score: 5, Informative
    http://www.scamfraudalert.com/f142/john-kenneth-schiefer-botmaster-aka-acid-acidstorm-pleads-guilty-10692/

    1. He was employed at a Los Angeles-based security firm known as 3G Communications,
    2. The malware contained a sniffing feature that siphoned PayPal credentials from Protected Store, a section of Windows that stores passwords users have opted to have saved. Although Pstore, as the Windows feature is often called, encrypts the information before storing it, Schiefer's malware was able to read it, presumably by escalating its Windows privileges.
    3. On one occasion, in December 2005, he moved money out of a Suffolk National Bank account to buy undisclosed domain names from a registrar by the name of Dynadot
    4. Schiefer also used the botnet to collect more than $19,000 in commissions from a Dutch company called Simpel Internet for installing its adware on end users' machines without their permission.
    --
    Kevin Smith on Prince
  2. Re:broken justice? by Kopiok · · Score: 2, Informative

    Well, from what I know what happens, the Prosecution gives a sentencing offer and the defendant will agree to plead guilty in order to accept the sentence. Either that or I watched too much Law and Order.

  3. Re:broken justice? by RenderSeven · · Score: 5, Informative

    I guess he can always appeal, right?

    You cant appeal a guilty plea.
  4. Re:Crime and Punishment by despisethesun · · Score: 4, Informative

    Extrapolating ludicrously, could a european citizen not subject to capital punishment be indicted by an america where their internet-based crime warrants the death penalty?
    It's worth noting that most countries without the death penalty will not extradite you to a country with the death penalty if you're facing that punishment when you get there. They generally require assurances that you will face life without parole if convicted instead.
    --
    This poo is cold.
  5. Re:What about Sony by Kjella · · Score: 3, Informative

    If he gets a fine this large and jail time for infecting 0.25 million computers, where's the appropriate sentence for Sony for knowingly infecting millions of computers with the rootkit on their CDs? Ah, you can just hear the angry raving mob forming, ready to burn down Sony headquarters.

    four felony charges of accessing protected computers to commit fraud, disclosing illegally intercepted electronic communications, wire fraud, and bank fraud. Maybe when Sony has actually committed anything like this? The only charge that has the slightest whiff of relevance is that the rootkit CDs may be be considered fraudulent, but to legally charge Sony with fraud they must gain some benefit through fraud, and I don't see what that could be. Yes, they should have been slapped under some sort of hacking law but this is comparing apples and oranges.
    --
    Live today, because you never know what tomorrow brings
  6. Re:Crime and Punishment by AceCaseOR · · Score: 3, Informative

    Murder is already a capital crime in a number of US states. People are already being executed in many countries for crimes other than murder. Drug trafficking, serious sexual offences, could it be a relatively a small step for internet crimes to escalate into capital territory? I'm going to say this isn't very likely. At least in the US, people are only executed for crimes where they cause direct physical harm to another person (generally murder and occasionally rape). For other offences you generally get a life sentence, or defacto life sentence (say 135 years in the clink).
    --
    Zagreus sits inside your head, Zagreus lives among the dead, Zagreus sees you in your bed and eats you in your sleep.
  7. Security Fix has an exclusive interview by tsu+doh+nimh · · Score: 2, Informative

    from the story:....Schiefer said he and his friends spread the bot programs mainly over AOL Instant Messenger (AIM). By using malicious "spreader" programs such as Niteaim and AIM Exploiter, Schiefer and his co-conspirators spammed out messages inviting recipients to click on a link. Anyone who took the bait had a "Trojan horse" program downloaded to their machine, an invader that then tried to fetch the malicious bot program." Read more at this link here.

    --
    ...because you never know who you're dealing with.