Feeds

I Was A Teenage Bot Master

The Confessions of SoBe Owns

The essential guide to IT transformation

Less Than Resilient

That their arrest and prosecution was inevitable was obvious to just about anyone familiar with the facts of the case, but for SoBe, the pill was just too bitter to swallow. In the immediate weeks after Ancheta's arrest, SoBe continued to maintain the case was so much grandstanding by a desperate and ineffectual agency.

"I think resilient is going to get off with nothing served," he said three weeks after Ancheta was indicted. "Probation at max."

His nonchalance was fueled by a combination of confidence in the superiority of their tactics and a warped belief that their commandeering of hundreds of thousands of PCs was perfectly acceptable, or in any case, no different than the way most online businesses behaved.

"Google toolbar is basically the same thing zangocash and loudcash toolbars are," he explained. "Me and james just changed it so it installed automatically. Take AOL AIM for instance, they sneak tons of shit into there installers. You think your installing aim but you get aol and toolbars and other stuff. I dont know why, but i really don't mind installing spyware on peoples computers."

SoBe was also fond of discussing his continuing work developing malware. "I've been working on a new worm," he proudly proclaimed in late November of 2005, just a few weeks after his friend was arrested. Once it took hold of a user's machine, it sent every buddy listed in AOL Instant Messenger a message containing a link to a silent installer.

"I mean if one of your good friends youve known for a while sends you an im. Hey look at this picture. Would you click on it? Most people click it without thinking twice. Its an endless possibilities of ways to make money. EVERY SINGLE bot you are getting, is from the USA. that is major money."

Boredom Breeds Bots

Over the next several months, SoBe seemed to have trouble figuring out how to pass the considerable amount of time he had on his hands. He had been warned by the feds that despite his age, he wasn't immune from prosecution and his chances of getting pinched would increase if he didn't walk away from his botnet activities.

"I feel myself slowly slipping from the bots etc," he said a couple months after Ancheta was arrested. "Moving more towards real life pretty much. motorcycles a lot funner." SoBe also spent time on Shadowserver.org, a network of volunteers dedicated to shutting down organized cybercrime, where he gave details about ways he and Ancheta had perpetrated their crimes.

Besides taking fast rides on his dirt bike, SoBe's other non-hacking pastimes included partying and downloading and watching movies and TV shows. On New Year's Eve, he said he attended a party that he didn't remember leaving.

"I woke up the next morning in my bed 10 miles away from the party I was at," he said. "How I made it up 2 flights of stars though, i dont know."

Before he blacked out at the party, SoBe recalled a "typical crackhead looking guy with no shirt on and he was bleeding" after pulling a knife on someone around the corner and demanding a eighth of an ounce of cocaine. The person around the corner ended up stealing the knife away and cutting his would-be assailant.

Picture of SoBe's dirt bike

SoBe's beloved dirt bike

"That's one thing I'll never understand, people robbing each other over a dime bag of weed and such," SoBe said.

But even as he tried to turn away from illegal hacking, SoBe found the seduction of illegal hacking too powerful to give up for good. In February 2006, after an extended spell of rain, he declared: "im pretty bored, weather has sucked lately, only done like 50 miles of riding in 3 days now. gonna start on a new bot."

Asked repeatedly over more than two years why he didn't apply his considerable energy to white-hat endeavors, SoBe said that was never something he saw himself doing. "To get a job like that, you need degrees, etc, all of that takes time," he explained. The money he and Ancheta generated, by contrast, "was nearly instant". Beyond that, he said, tracking miscreants for a security firm wouldn't provide the kind of thrill he got from being the miscreant himself.

Last page: The Botnet Victims Fund - Resilient 'coerced' to work 37.5-hour week at $1.15/hour

5 things you didn’t know about cloud backup

More from The Register

next story
Goog says patch⁵⁰ your Chrome
64-bit browser loads cat vids FIFTEEN PERCENT faster!
Chinese hackers spied on investigators of Flight MH370 - report
Classified data on flight's disappearance pinched
KER-CHING! CryptoWall ransomware scam rakes in $1 MEEELLION
Anatomy of the net's most destructive ransomware threat
NIST to sysadmins: clean up your SSH mess
Too many keys, too badly managed
Scratched PC-dispatch patch patched, hatched in batch rematch
Windows security update fixed after triggering blue screens (and screams) of death
Researchers camouflage haxxor traps with fake application traffic
Honeypots sweetened to resemble actual workloads, complete with 'secure' logins
prev story

Whitepapers

Gartner critical capabilities for enterprise endpoint backup
Learn why inSync received the highest overall rating from Druva and is the top choice for the mobile workforce.
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Rethinking backup and recovery in the modern data center
Combining intelligence, operational analytics, and automation to enable efficient, data-driven IT organizations using the HP ABR approach.
Consolidation: The Foundation for IT Business Transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.
Next gen security for virtualised datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.