Slashdot Mirror


US Bot Herder Admits Infecting 250K Machines

AceCaseOR writes "In Los Angeles criminal court, security consultant John Schiefer, 26, has admitted infecting the systems of his clients with viruses to form a botnet containing a maximum of 250,000 systems. Schiefer used his zombies to steal users' PayPal usernames and passwords to make unauthorized purchases, as well as to install adware on their computers without their consent. Schiefer agreed to plead guilty to four felony charges of accessing protected computers to commit fraud, disclosing illegally intercepted electronic communications, wire fraud, and bank fraud. He will be sentenced Dec. 3 and faces up to 60 years in prison and a fine of $1.75 million."

3 of 206 comments (clear)

  1. Auditing, Auditing... by BoRegardless · · Score: 4, Interesting

    This is why companies have outside auditors for their accounting departments.

    Should not companies now figure out how to audit their IT deparments regularly?

    This is NOT that uncommon, after reading some of the stuff written by the forensic snoops hired by private companies (who mostly do not want anyone to know that anything was compromised...shareholders & investors for instance).

  2. 3G Communications may go under because of him by Joce640k · · Score: 4, Interesting

    3G Communications may also go under because of this guy's actions.

    Would you trust them after this?

    --
    No sig today...
  3. Hard punishment? Hardly. by Opportunist · · Score: 4, Interesting

    I'm the last person to support insane prison time and fines as a deterrent. It ain't one. It never has been and never will be. Look at the insane punishments we got today for copyright infringement. And I'm not even talking about the civil suits for "damages" (or as I like to call it "the MI's new business model"). We now got 10 years prison time for that as a maximum sentence. For the same penalty, I could rob a bank, hold people hostage for a few hours and wreck a getaway card into a school.

    This isn't just a "simple" criminal using malware to steal IDs. He was the guy who was supposed to disallow exactly that. He was the one people trusted to keep them clean from malware. Now, he didn't just fail in his job and allow it despite his attempts, he deliberately and intentionally infected his clients' computers.

    That's why I don't think this punishment is overdone. We're talking about the maybe most insidious way of breaking a law: Getting people's trust, getting them to believe you you're going to keep them save from just what you want to do to them. It's like a cop breaking into your home or your babysitter ... ok, no thinkofthechildren examples. But you get the idea.

    This is NOT the punishment I'd see as adequate for a "normal" malware attacker (even though I would love to see them dangling from their dangling bits, but that's my personal opinion).

    As for those that expect him to get out after 5 years and have a great job then, I can tell you this: I can't say anything about his time, but his job opportunities are going to be slim. The security industry isn't big. People know each other. People like this are going to be not known, they are infamous. And nobody will willingly touch him with a 10 foot pole.

    --
    We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.