Ex-security pro admits running huge botnet
Faces 60 years in prison after pleading guilty to identity theft, fraud, wiretapping
Computerworld - A former security researcher admitted to hijacking a quarter of a million PCs, using spyware to steal bank and PayPal account information, and making money by installing adware on the massive botnet.
John Schiefer, 26, of Los Angles agreed Friday to plead guilty to four felony counts, including accessing protected computers, disclosing illegally intercepted electronic communications, wire fraud and bank fraud. He faces a total of 60 years in prison and fines of $1.75 million for his part in building and then using the botnet. Several others, named only by their online monikers, were listed as accomplices.
According to Assistant U.S. Attorney Mark Krause, Schiefer, also known as "Acidstorm" and "Acid," was the first to be charged under federal wiretap statutes for using a botnet.
He and his co-schemers infected PCs with malware -- likely Trojan horses, although the court papers didn't specify the malicious code -- that added the compromised systems to a botnet and then stole usernames and passwords stored by Microsoft Corp.'s Internet Explorer browser. IE, like other browsers, will save that information to speed future log-ons. Schiefer mined the data retrieved from the botnet to access multiple PayPal accounts as well as other financial accounts and then plundered them.
Some of the looted PayPal funds were used to pay for more Web hosting space and bandwidth to continue spreading the malware and adding to the botnet, prosecutors said.
Schiefer and his cohorts -- some of whom were minors -- also installed adware on more than 137,000 of the quarter-million machines in the botnet. The ad-generating software was provided by TopConverting, which at the time was an adware affiliate of a Dutch marketing company, Simpel Internet. TopConverting, also known as Crazywinnings, is now defunct, but as recently as the summer of 2006 it was well known to anti-adware experts, who said it was often installed by unauthorized drive-by downloads.
The gang collected approximately 14 cents per adware installation, or nearly $20,000, from Simpel, and repeatedly told the Dutch company that the installs were legitimate, according to the government's charges.
Schiefer rode herd not only on the botnet, but also on his accomplices, court documents showed. In June 2005, he chewed out a co-conspirator with the online nickname of "Butthead" because the malware wasn't infecting enough PCs for his liking. The underperforming malware, said Schiefer, was "sketching [him] out."
He also told Butthead to keep the number of malware-infected machines at a consistent number to avoid detection, saying, "Make sur ur running that dl on ur chans so we can keep the stats stable."
Schiefer blasted another accomplice, dubbed "Adam," for worrying about stealing money from the compromised PayPal accounts. Schiefer reminded Adam that he was a minor and then told him he should just "quit being a bitch and claim it."
Schiefer was employed by 3G Communications Corp. of Los Angeles as a security consultant until early 2006. He used both work and home computers to oversee the botnet.
An arraignment hearing has been scheduled for Dec. 3 in federal court in Los Angeles.
Read more about Security in Computerworld's Security Topic Center.
- Silicon Valley's 19 Coolest Places to Work
- Is Windows 8 Development Worth the Trouble?
- 8 Books Every IT Leader Should Read This Year
- 10 Hot Hadoop Startups to Watch
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- Neustar 2014 DDoS Attacks and Impact Report For the third consecutive year, Neustar surveyed hundreds of companies on distributed denial of service (DDoS) attacks. The survey reveals evidence that the...
- Acxiom Case Study This case study, which focuses on Acxiom, explores how the company was able to secure employee data, reduce migration costs and boost productivity...
- Windows® XP Migration: Protect and Secure Critical Data With the end of the Microsoft Windows XP operating system's lifecycle on April 8, 2014, businesses are faced with the decision to migrate...
- Enhancing Application Protection and Recovery with a Modern Approach to Snapshot Management This CommVault Business Value and Technology White Paper explains how Simpana IntelliSnap® Recovery Manager can make your application recovery fast and reliable.
- Live Webcast LIVE EVENT: 5/7, The End of Data Protection As We Know It. Introducing a Next Generation Data Protection Architecture. Traditional backup is going away, but where does this leave end-users?
- LIVE EVENT: 5/7, The End of Data Protection As We Know It. Introducing a Next Generation Data Protection Architecture. Traditional backup is going away, but where does this leave end-users?
- On-demand webinar: "Mobility Mayhem: Balancing BYOD with Enterprise Security" Check out this on-demand webinar to hear Sophos senior security expert John Shier deep dive into how BYOD impacts your enterprise security strategy... All Security White Papers | Webcasts