Feeds

Botmaster owns up to 250,000 zombie PCs

He's a security consultant. Jail beckons

The Power of One eBook: Top reasons to choose HP BladeSystem

An American computer security consultant on Friday admitted using massive botnets to illegally install software on at least 250,000 machines and steal online banking identities of Windows users by evesdropping on them while they made financial transactions.

John Kenneth Schiefer, 26, of Los Angeles, pleaded guilty to four felonies, including accessing protected computers to conduct fraud, disclosing illegally intercepted electronic communications, wire fraud and bank fraud. He faces a maximum sentence of 60 years in federal prison and a fine of $1.75m, according to documents filed Friday in federal court.

Schiefer, who went by names such as "Acid" and "Acidstorm," has long been a fixture in underground hacking circles. He sometimes adorned his instant message handles with phrases such as "remember the name or feel the pain" and "crime pays, and it also has an excellent benefits package." He was employed at a Los Angeles-based security firm known as 3G Communications, where he sometimes carried out his crimes, according to court documents.

The plea agreement caps an investigation involving the FBI that began in 2005, said Assistant US Attorney Mark Krause. He declined to say if charges would be filed against several conspirators mentioned in court documents, who went by names including "revolt," "Harr0," "butthead," "pr1me" and "dynamic". The case is the first time a crime related to botnets has been charged under US wiretap statutes.

Schiefer, referred questions to his attorney, who was out of town and didn't immediately return a phone call.

According to prosecutors, Schiefer and several accomplices developed malware they dubbed "spybot" that made vulnerable Windows machines part of botnet. They controlled the zombies using servers from various hosting companies, herding as many as 250,000 machines at a time. Schiefer controlled the machines using computers at his home and place of employment.

The malware contained a sniffing feature that siphoned PayPal credentials from Protected Store, a section of Windows that stores passwords users have opted to have saved. Although Pstore, as the Windows feature is often called, encrypts the information before storing it, Schiefer's malware was able to read it, presumably by escalating its Windows privileges.

"Once in possession of those intercepted communications, defendant and co-schemers known and unknown would sift through the data to obtain PayPal information, namely usernames and passwords, as well as usernames and passwords for other online accounts," according to a plea agreement that was jointly prepared by prosecutors and defense attorneys.

At one point, a conspirator who went by the name "Adam" expressed concern about a plan to steal money using the malware. Schiefer responded by reminding Adam he was not yet 18 years old. "Quit being a bitch and claim it", Schiefer said, according to the plea agreement.

Schiefer often used the PayPal and bank account information he appropriated to transfer money out of victims' accounts. On one occasion, in December 2005, he moved money out of a Suffolk National Bank account to buy undisclosed domain names from a registrar by the name of Dynadot. Additionally, Schiefer sold appropriated information to others, according to prosecutors.

Schiefer also used the botnet to collect more than $19,000 in commissions from a Dutch company called Simpel Internet for installing its adware on end users' machines without their permission. In June 2005 he made more than $14,000 by surreptitiously installing the software on more than 110,000 machines. The next month, he made more than $4,700. Schiefer took pains to conceal the scheme from people at Simpel. Among other things, he directed accomplices to throttle the number of installations, so they would appear to be legitimate.

In agreeing to plead guilty, Schiefer pledged to pay restitution of $19,128.35, the full amount he made in affiliate fees. While he almost certainly won't get anything close to 60 years, his sentence could still be substantial, judging from penalties meted out in the past. In May 2006, Jeanson James Ancheta was sentenced to five years in federal prison after pleading guilty to four felony botnet charges in the same court. There is no time off for good behavior in the federal system.

Schiefer is scheduled to make an initial appearance in federal court in Los Angeles on November 28. His arraignment is slated for December 3. ®

Designing a Defense for Mobile Applications

More from The Register

next story
DARPA-derived secure microkernel goes open source tomorrow
Hacker-repelling, drone-protecting code will soon be yours to tweak as you see fit
How long is too long to wait for a security fix?
Synology finally patches OpenSSL bugs in Trevor's NAS
Don't look, Snowden: Security biz chases Tails with zero-day flaws alert
Exodus vows not to sell secrets of whistleblower's favorite OS
Roll out the welcome mat to hackers and crackers
Security chap pens guide to bug bounty programs that won't fail like Yahoo!'s
HIDDEN packet sniffer spy tech in MILLIONS of iPhones, iPads – expert
Don't panic though – Apple's backdoor is not wide open to all, guru tells us
Researcher sat on critical IE bugs for THREE YEARS
VUPEN waited for Pwn2Own cash while IE's sandbox leaked
Four fake Google haxbots hit YOUR WEBSITE every day
Goog the perfect ruse to slip into SEO orfice
prev story

Whitepapers

Designing a Defense for Mobile Applications
Learn about the various considerations for defending mobile applications - from the application architecture itself to the myriad testing technologies.
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Top 8 considerations to enable and simplify mobility
In this whitepaper learn how to successfully add mobile capabilities simply and cost effectively.
Seven Steps to Software Security
Seven practical steps you can begin to take today to secure your applications and prevent the damages a successful cyber-attack can cause.
Boost IT visibility and business value
How building a great service catalog relieves pressure points and demonstrates the value of IT service management.