Ads by TechWords

See your link here
Receive the latest technology news and information.
Security
Computerworld Daily News (First Look and Wrap-Up)
Computerworld Blogs Newsletter
The Weekly Top 10
Cloud Computing
View all newsletters




Privacy Policy
 

Botnet ringleader gets four years in prison for stealing data from PCs

Ex-security consultant John Schiefer was first botnet operator charged under wiretap statutes

March 5, 2009 12:00 PM ET

Active Comments
Anonymous says: The "Judge" really goofed this one up. Since this crook pled guilty how could he give such a light sentence??...
Anonymous says: What planet is this liberal thought process coming from? The perpetrator should have gotten 4 years for EACH PC that...


Computerworld - The first person to be charged under federal wiretap statutes for using a botnet to steal data and commit fraud was sentenced to four years in prison this week.

John Schiefer, a 27-year-old Los Angeles resident, was also ordered to pay $2,500 in fines. The sentence was handed down Wednesday by U.S. District Judge Howard Matz in federal court in Los Angeles.

Schiefer, a former security researcher, agreed to plead guilty in November 2007 to stealing usernames, passwords and financial data from more than 250,000 compromised systems, then installing adware on the massive botnet that he and several accomplices set up.

The guilty plea was formally entered and accepted last April, and sentencing was originally scheduled for last August but was extended several times because of motions filed by Schiefer. He faced a maximum of 60 years in prison and fines of $1.75 million after admitting to four felony counts involving illegal access to computers, illegal interception of data and wire fraud.

Schiefer, who used the online handle "acidstorm" as well as both "acid" and "storm," worked until early 2006 as a security consultant at a Los Angeles-based network services provider named 3G Communications Corp.

According to court documents, Schiefer used both home and work computers as part of the data theft scheme, in which he and his accomplices compromised systems and planted malware that added the machines to their botnet and enabled the cybercrooks to intercept and capture communications between the systems and various Web sites.

The documents said that Schiefer and his cohorts sifted through the intercepted data looking for usernames and passwords to PayPal and online bank accounts, then used the information to make fraudulent purchases and transfer funds out of the accounts.

The data thieves also used malware to steal user credentials directly from the Protected Storage, or PStore, subsystem offered in older versions of Windows. According to law enforcement officials, the malware would capture supposedly secure information from PStore and send it to servers controlled by Schiefer and his accomplices, at least one of whom was allegedly a minor.

In addition, Schiefer admitted to illegally installing adware programs on nearly 150,000 of the compromised systems without the consent of their owners. The adware was installed on the behalf of a Netherlands-based Internet advertising firm that had contracted with Schiefer to do the work, but the contract terms required him to get consent from users before doing installations.

When Schiefer agreed to plead guilty to the charges against him, he also said he would pay nearly $20,000 in restitution to the Dutch company and to financial institutions that he had defrauded, according to court documents.

Read more about cybercrime and hacking in Computerworld's Cybercrime and Hacking Knowledge Center.



Jump to comments

John Schiefer

Additional Resources

EFD vs. HDD - What You Need to Know
WHITE PAPER
Enterprise flash drives provide a new Tier 0 storage layer capable of delivering high I/O performance at a very low latency. Proper use of EFDs in an Oracle environment can deliver increased performance compared to fibre channel drives. Read the recommendations for identification of the best DB components for EFDs.
Gartner Research Report: Magic Quadrant for Application Delivery Controllers, 2009
WHITE PAPER
The market for products to improve the delivery of application software over networks remains dynamic and innovative. Vendors focused on solving enterprises' most-pressing application problems have become the top players.
Eight Criteria for Server Load Balancing
WHITE PAPER
Server load balancers are a simple yet highly effective means to scale an application environment while ensuring its availability. Today's solutions should also address application performance and security. Read about the top eight criteria you should consider when choosing a server load balancer and how Citrix NetScaler meets those requirements.

What People Are Saying

White Papers & Webcasts

Gene Kim's Practical Steps to Achieve and Maintain NERC Compliance
Learn seven steps operators can take to meet IT configuration requirements set forth in the NERC-CIP standards.  

The Workday User Experience Video
Watch Workday's Creative Director, Scott Lietzke, discuss the business-centered design philosophy at Workday.

Business Process Framework Demo
Learn about Configurable Business Processes and Calculated Fields. Watch Now!

Manager Experience Demo
Go beyond self-service solutions to perform more effectively. Watch Now.


IT Jobs