Texas Man Pleads Guilty To Building Botnet-For-Hire

← Back to Stories (view on slashdot.org)

Texas Man Pleads Guilty To Building Botnet-For-Hire

Posted by samzenpus on Wednesday April 28, 2010 @04:49PM from the best-little-botnet-in-Texas dept.

Julie188 writes "A Mesquite, Texas, man is set to plead guilty to training his 22,000-PC botnet on a local ISP — just to show off its firepower to a potential customer. David Anthony Edwards will plead guilty to charges that he and another man, Thomas James Frederick Smith, built a custom botnet, called Nettick, which they then tried to sell to cybercriminals at the rate of US$0.15 per infected computer, according to court documents."

30 of 95 comments (clear)

Min score:

Reason:

Sort:

Counts by LordLucless · 2010-04-28 16:55 · Score: 3, Funny

I hope they get charged with 1 count per infected PC - and screw concurrent sentencing.

--
Just because you're paranoid doesn't mean there isn't an invisible demon about to eat your face
1. Re:Counts by slick7 · 2010-04-28 17:13 · Score: 3, Interesting
  
  They aught to drag in the clients also, just for good measure. Hope it wasn't Goldman-Sachs.
  
  --
  The mind conceives, the body achieves, the spirit manifests.
2. Re:Counts by Sb1 · 2010-04-28 17:41 · Score: 2, Interesting
  
  "Both men face a maximum of five years in prison and a $250,000 fine on one count of conspiring to cause damage to a protected computer and to commit fraud."
  To bad there weren't some PC's compromised in Maricopa County Arizona. If so they should be sent over to that Sheriff Joe Arpaio and be on the chain gang for the whole 5 years. Yes I know it's voluntary (last I heard), but have a special one for some offenders. Or better yet have other states grow a backbone and have chain gangs set up in northern cold states in the US patching pot holes!!
3. Re:Counts by LordLucless · 2010-04-28 17:45 · Score: 4, Insightful
  
  So the one count they're charged with is for invading a corporate computer. And the thousands of individual citizens' PCs they compromised are ignored. Somehow, I'm not surprised.
  
  --
  Just because you're paranoid doesn't mean there isn't an invisible demon about to eat your face
4. Re:Counts by Anonymous Coward · 2010-04-28 18:19 · Score: 3, Interesting
  
  It's actually a little ironic. I used to know some botnet herders (around 10-11 years ago) who didn't use their bots for malicious purposes at all, or very seldomly at least. They would actively scan PCs and patch holes - sometimes by downloading Windows updates - and remove competing botnets and viruses. A lot of it tended to be automated, but some of it was genuinely manual labor.
  It wasn't their main attraction of course, but the net gain was (sometimes) an overall benefit. A few of the better trojans (Agobot?) took very little CPU time/memory usage, so the one running backdoor program likely affected their machines less than the AV or toolbars did.
  I sort of attribute it to the cat hoarding mentality. It wasn't common, but these [very] few guys weren't in it to do damage or somehow profit, but (I suppose) for the imaginary power, boredom (most were 13-18 years old), or the programming challenge. Actually, strike out the last part; most of these people were the most terrible programmers you ever met.
  (I am not attempting to justify their actions. It can't be justified. I just thought it was an amusing anecdote.)
5. Re:Counts by kcelery · 2010-04-28 19:11 · Score: 4, Interesting
  
  22000 machines, if each one got the mission done. There will be 22000 infected machines. If the guy is sentenced
  for 1 day each. He will be away for over 60 years.
6. Re:Counts by TheLink · 2010-04-28 20:55 · Score: 2, Interesting
  
  Hey if invading individual citizens PCs was a crime, someone should have been jailed for the Sony rootkit thing.
  --
  
  Too many replies beneath your current threshold
7. Re:Counts by jimicus · 2010-04-28 21:47 · Score: 2, Insightful
  
  So the one count they're charged with is for invading a corporate computer. And the thousands of individual citizens' PCs they compromised are ignored. Somehow, I'm not surprised.
  I don't think it's as clear cut as that. It's much easier to get evidence of 5,000 infections from a handful of sysadmins saying "We spent X hours cleaning up Y PCs as a result of this particular piece of malware" than it is to get 5,000 individuals to.
8. Re:Counts by Smallpond · 2010-04-28 23:40 · Score: 3, Informative
  
  You misunderstood. He used the botnet to attack one ISP, the PCs could be anywhere.
9. Re:Counts by LordLucless · 2010-04-28 23:50 · Score: 4, Informative
  
  It's not exactly rocket science for either of them. For the target, you need to look at logs. For the zombies, you need to look for the bot software. Hell, if they've cracked the control software for the bot network (which it sounds like they have), it's a hell of a lot easier to gather evidence for the zombies.
  
  --
  Just because you're paranoid doesn't mean there isn't an invisible demon about to eat your face
10. Re:Counts by couchslug · 2010-04-29 01:02 · Score: 2, Insightful
  
  "screw concurrent sentencing."
  Concurrent sentencing is actually "sentence nullification" and should be banned.
  
  --
  "This post is an artistic work of fiction and falsehood. Only a fool would take anything posted here as fact."
11. Re:Counts by cstacy · 2010-04-29 02:12 · Score: 3, Interesting
  
  Or better yet have other states grow a backbone and have chain gangs set up in northern cold states in the US patching pot holes!!
  Fairfax chain gangs fill gaps for cash-strapped DOT
  By Derek Kravitz
  Washington Post Staff Writer
  Monday, April 26, 2010
  The vest-wearing, lawn-mower-pushing members of Fairfax County's modern chain gang don't look like jail inmates. Well-disciplined landscapers, yes. Orderly weed-whackers, perhaps. But not convicts. There are no chains, no handcuffs, no black-and-white striped jumpsuits. Just a handful of suntanned men wearing uniforms.
  But take a closer look, and you'll see the tell-tale signs that these aren't your normal grass cutters -- the faded gang tattoos, the jail-issued plastic ID bracelets, the armed sheriff's deputy patrolling nearby. Still, confusion is inevitable. "We get a lot of people asking us for business cards, and we have to point to our sheriff's office logo and say, 'Sorry,' " said Sheriff's Deputy Michael Pence, as he watched a handful of inmates mow grass on a recent Friday near a county office building in McLean.
12. Re:Counts by MikeBabcock · 2010-04-29 03:04 · Score: 2, Informative
  
  Concurrent sentencing prevents sending you to jail for 300 years for parking tickets.
  
  --
  - Michael T. Babcock (Yes, I blog)
13. Re:Counts by idontgno · 2010-04-29 04:46 · Score: 3, Interesting
  
  They have a nearly endless supply of lesser management pawns to absorb all blame
  Ooooh, that brings to mind a phrase which, if it hasn't been coined, should be.
  "Ablative managment": The layers and layers of expendable mid-level cannon fodder with enough responsibility to absorb blame, enough purported independence to support plausible deniability for their superiors, and enough commodity interchangeable to be easily and cheaply ejected and replaced. Used to shield the precious core of Board Members, CxOs, Senior VPs from PR or legal flamage.
  
  --
  Welcome to the Panopticon. Used to be a prison, now it's your home.
$3300.00 by ipquickly · 2010-04-28 17:02 · Score: 4, Funny

At just .15 per bot, this confirms that the economic downturn has affected the bot trade as well.
No stimulus package in sight. I'm holding on to my bots till the rebound.
1. Re:$3300.00 by slick7 · 2010-04-28 17:10 · Score: 3, Funny
  
  At just .15 per bot, this confirms that the economic downturn has affected the bot trade as well.
  No stimulus package in sight. I'm holding on to my bots till the rebound.
  My botsfrommumbi(trademark pending) are .0275 per bot. So don't hold your breath.
  
  --
  The mind conceives, the body achieves, the spirit manifests.
2. Re:$3300.00 by phantomfive · 2010-04-28 17:39 · Score: 3, Interesting
  
  Either that or getting a botnet isn't very hard these days. Supply is driving down the cost curve......how hard can it be if this guy did it? He doesn't seem like the brightest guy on the block....
  
  A $3000 transaction; for that he ran the risk of a $250,000 fine. Not worth it, find an honest way to make that money.
  
  --
  Qxe4
3. Re:$3300.00 by Opportunist · 2010-04-28 17:50 · Score: 3, Informative
  
  It's fairly easy.
  You need:
  1. A controlling server. Preferably located in some country ending in -stan or some other country where law enforcement laughs at interpol when they ask for aid.
  2. An infector and sheepifyer trojan. Trivial to code.
  3. A few million sheep. For pointers, see facebook&twitter.
  Additionally it is wise to create your trojan in such a way that you (and only you) can update it and redirect it to some other control server should yours get shut down for some odd reason. Make sure that you create a good enough challenge/response or be prepared for someone else to harvest your infections.
  
  --
  We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
4. Re:$3300.00 by vidnet · 2010-04-28 18:00 · Score: 2, Insightful
  
  A $3000 transaction; for that he ran the risk of a $250,000 fine
  He could probably have sold it a hundred times to a hundred different buyers.
5. Re:$3300.00 by jibjibjib · 2010-04-28 20:32 · Score: 2, Insightful
  
  If you're good you can make it a P2P network, like the Skype network or the BitTorrent DHT. Have all the commands cryptographically signed; it doesn't matter where a message is coming from as long as it has the right signature. Then it will be extremely difficult for attackers to find where the controlling server is. The commands to their computer will probably be forwarded to them from some other bot near them in the network, not directly from your control server, and they can't find out where the other bot gets its commands from. Once the botnet gets big enough and has a few semi-reliable hosts in it, you can dispense with DNS and centralised control altogether. Just like with Skype or BitTorrent, if you keep a list of addresses of semi-reliable hosts you can connect to one of them and discover its peers and connect to them and get onto the network without using DNS or a hardcoded central server. And then you can control your botnet from anywhere as long as you have the appropriate client program and private key, and it'll be hard to track you and impossible to shut you down.
6. Re:$3300.00 by Opportunist · 2010-04-28 22:42 · Score: 2, Insightful
  
  I don't really recommend using those kits. Few of them allow you to keep your precious bots all for yourself. ;)
  Seriously, what do you expect? You're buying (closed source) software to install backdoors in someone else's computer from a ... well, let's say not too reputable company. Do you really expect them to let you keep the bots? Be honest!
  
  --
  We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
$0.15 Per? by grcumb · 2010-04-28 17:07 · Score: 3, Insightful

Thomas James Frederick Smith, built a custom botnet, called Nettick, which they then tried to sell to cybercriminals at the rate of US$0.15 per infected computer....
That's, like, US $3300 for the lot. He's not going to get much hookers and blow outta that.
If he did any programming at all to develop the exploit, then his wages are in the basement. (Probably right next to his 'office'.) Once you factor in the time it would have taken to propagate, test and market the botnet, this guy stood to earning the merest pittance.
Then again, he was stupid enough to turn the thing on his own ISP, so we shouldn't marvel too much over his lack of business acumen.

--
Crumb's Corollary: Never bring a knife to a bun fight.
1. Re:$0.15 Per? by Xaositecte · 2010-04-28 17:17 · Score: 4, Interesting
  
  What's to stop him from leasing use of the botnet to multiple cyber-criminals now that he's built it up? I mean, the initial sale is just a little bit, but suppose the market for the botnet is more than just one organization, or suppose he charges by the day?
  I'm not really a professional botnet organizer, so I have no idea how plausible this is.
2. Re:$0.15 Per? by fake_name · 2010-04-28 17:37 · Score: 2, Interesting
  
  Maybe the $0.15 was a loss leader to help build up a reputation in his desired market segment, then you can up prices once you have a reputation for a solid reliable product.
Ah they broke rule #1 of cybercrime by CrazyJim1 · 2010-04-28 17:18 · Score: 3, Insightful

Don't perform cybercrime in the borders of the USA.

--
God spoke to me.
Botnet vs Hack by carp3_noct3m · 2010-04-28 17:29 · Score: 2, Interesting

It seems very interesting that they were able to do this, but limited the botnet to the local ISP. In TFA they also state they "attacked" a Planet hosted server but didn't say if it was a DDOS or what. (The Planet is one of the bigger north texas hosters/data centers, I got to have a personal tour there once while working on building a data center elsewhere, they are very professional) and TFA later states they comprimised another website. What confuses me is that most botnets are installed via some sort of social engineering, be it XSS, email spam, etc. But it seems that since they were able to build it in such a short time on such a targeted demographic, that it falls closer into the spectrum of a Storm style botnet, that uses DDOS as both attack and defense. But regarding that I also don't understand the compromises of the website via a large scale like that, usually a DDOS is just that, a denial of service, if there is a vulnerability what is the use of an entire botnet? Maybe used to brute force something, or obfuscate multiple scans of vulns, but overall it seems like this was someone who stood on the shoulders of other botnet writers (would be interesting to reverse engineer the code and see) in order to make a quick buck (which is easy to do on IRC's underbellies) Anyone who pays attention at all to botnet or other malicious writers knows that if attention is directed to your code, it's fairly easy to track you down. It is also notable that this happened in 2006, and so it took this long for law enforcement to build a good enough case against them. Anyway, interesting at least to me, as I've been training up on computer forensics so its interesting to look at things like this.

--
"It's ok, I'm completely secure as long as my iron is off"
Re:Obligatory by Sulphur · 2010-04-28 19:42 · Score: 2, Funny

Attack the Rebels' computers, Admiral Biet.
Re:$0.15? by pookemon · 2010-04-28 21:34 · Score: 2, Informative

$0.15 != 0.15 cents.

$0.15 == 15 cents.

You need to carry the one...

--
dnuof eruc rof aixelsid
Yeah, I have a question... by Viol8 · 2010-04-28 23:06 · Score: 4, Funny

Have you grown up yet?
Verizon reference by ub3r+n3u7r4l1st · 2010-04-29 02:57 · Score: 2, Funny

http://www.youtube.com/watch?v=D2isSJKntbg
According to Verizon rep, 0.002 dollar = 0.002 cent. So your parent is right.

--
New Economic Perspectives