Ex-security pro admits running huge botnet
Faces 60 years in prison after pleading guilty to identity theft, fraud, wiretapping
Computerworld - A former security researcher admitted to hijacking a quarter of a million PCs, using spyware to steal bank and PayPal account information, and making money by installing adware on the massive botnet.
John Schiefer, 26, of Los Angles agreed Friday to plead guilty to four felony counts, including accessing protected computers, disclosing illegally intercepted electronic communications, wire fraud and bank fraud. He faces a total of 60 years in prison and fines of $1.75 million for his part in building and then using the botnet. Several others, named only by their online monikers, were listed as accomplices.
According to Assistant U.S. Attorney Mark Krause, Schiefer, also known as "Acidstorm" and "Acid," was the first to be charged under federal wiretap statutes for using a botnet.
He and his co-schemers infected PCs with malware -- likely Trojan horses, although the court papers didn't specify the malicious code -- that added the compromised systems to a botnet and then stole usernames and passwords stored by Microsoft Corp.'s Internet Explorer browser. IE, like other browsers, will save that information to speed future log-ons. Schiefer mined the data retrieved from the botnet to access multiple PayPal accounts as well as other financial accounts and then plundered them.
Some of the looted PayPal funds were used to pay for more Web hosting space and bandwidth to continue spreading the malware and adding to the botnet, prosecutors said.
Schiefer and his cohorts -- some of whom were minors -- also installed adware on more than 137,000 of the quarter-million machines in the botnet. The ad-generating software was provided by TopConverting, which at the time was an adware affiliate of a Dutch marketing company, Simpel Internet. TopConverting, also known as Crazywinnings, is now defunct, but as recently as the summer of 2006 it was well known to anti-adware experts, who said it was often installed by unauthorized drive-by downloads.
The gang collected approximately 14 cents per adware installation, or nearly $20,000, from Simpel, and repeatedly told the Dutch company that the installs were legitimate, according to the government's charges.
Schiefer rode herd not only on the botnet, but also on his accomplices, court documents showed. In June 2005, he chewed out a co-conspirator with the online nickname of "Butthead" because the malware wasn't infecting enough PCs for his liking. The underperforming malware, said Schiefer, was "sketching [him] out."
He also told Butthead to keep the number of malware-infected machines at a consistent number to avoid detection, saying, "Make sur ur running that dl on ur chans so we can keep the stats stable."
Schiefer blasted another accomplice, dubbed "Adam," for worrying about stealing money from the compromised PayPal accounts. Schiefer reminded Adam that he was a minor and then told him he should just "quit being a bitch and claim it."
Schiefer was employed by 3G Communications Corp. of Los Angeles as a security consultant until early 2006. He used both work and home computers to oversee the botnet.
An arraignment hearing has been scheduled for Dec. 3 in federal court in Los Angeles.
Read more about Security in Computerworld's Security Topic Center.
- Best iPhone, iPad Business Apps for 2014
- 14 Tech Conventions You Should Attend in 2014
- 10 Desktop Apps to Power Your Windows PC
- How to Add New Job Skills Without Going Back to School
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- The 12 PCI DSS 3.0 requirements addressed by Peer 1 Hosting This handy quick reference outlines the 12 PCI DSS 3.0 requirements, who needs to be compliant and how Alert Logic solutions address the...
- Defense Throughout the Vulnerability Life Cycle This whitepaper provides insight into how to leverage threat and log management technologies to protect your IT assets throughout their vulnerability life cycle.
- Mobile Policy Checklist Here's what to consider when putting together a mobile policy designed to support a highly productive workforce.
- Securing BYOD Mobile computing is becoming so ubiquitous that people no longer bat an eye seeing someone working two devices simultaneously. Individuals and organizations are...
- Live Webcast On-demand webinar: "Mobility Mayhem: Balancing BYOD with Enterprise Security" Check out this on-demand webinar to hear Sophos senior security expert John Shier deep dive into how BYOD impacts your enterprise security strategy...
- Live Webcast Endpoint Backup & Restore: Protect Everyone, Everywhere Arek Sokol from the bleeding-edge IT team at Genentech/Roche explains how he leverages cross-platform enterprise endpoint backup in the public cloud as part...
- Streamline Software Asset Management, Compose a software Management Symphony Keeping track of your organization's software is easy with effective software management solutions from CDW. View the videos in our software solutions channel
- Druva inSync: Endpoint Data Protection & Governance CLICK HERE to watch this video about protecting corporate data on laptops and mobile devices, sponsored by Druva. All Security White Papers | Webcasts