Feeds

I Was A Teenage Bot Master

The Confessions of SoBe Owns

SANS - Survey on application security programs

Less Than Resilient

That their arrest and prosecution was inevitable was obvious to just about anyone familiar with the facts of the case, but for SoBe, the pill was just too bitter to swallow. In the immediate weeks after Ancheta's arrest, SoBe continued to maintain the case was so much grandstanding by a desperate and ineffectual agency.

"I think resilient is going to get off with nothing served," he said three weeks after Ancheta was indicted. "Probation at max."

His nonchalance was fueled by a combination of confidence in the superiority of their tactics and a warped belief that their commandeering of hundreds of thousands of PCs was perfectly acceptable, or in any case, no different than the way most online businesses behaved.

"Google toolbar is basically the same thing zangocash and loudcash toolbars are," he explained. "Me and james just changed it so it installed automatically. Take AOL AIM for instance, they sneak tons of shit into there installers. You think your installing aim but you get aol and toolbars and other stuff. I dont know why, but i really don't mind installing spyware on peoples computers."

SoBe was also fond of discussing his continuing work developing malware. "I've been working on a new worm," he proudly proclaimed in late November of 2005, just a few weeks after his friend was arrested. Once it took hold of a user's machine, it sent every buddy listed in AOL Instant Messenger a message containing a link to a silent installer.

"I mean if one of your good friends youve known for a while sends you an im. Hey look at this picture. Would you click on it? Most people click it without thinking twice. Its an endless possibilities of ways to make money. EVERY SINGLE bot you are getting, is from the USA. that is major money."

Boredom Breeds Bots

Over the next several months, SoBe seemed to have trouble figuring out how to pass the considerable amount of time he had on his hands. He had been warned by the feds that despite his age, he wasn't immune from prosecution and his chances of getting pinched would increase if he didn't walk away from his botnet activities.

"I feel myself slowly slipping from the bots etc," he said a couple months after Ancheta was arrested. "Moving more towards real life pretty much. motorcycles a lot funner." SoBe also spent time on Shadowserver.org, a network of volunteers dedicated to shutting down organized cybercrime, where he gave details about ways he and Ancheta had perpetrated their crimes.

Besides taking fast rides on his dirt bike, SoBe's other non-hacking pastimes included partying and downloading and watching movies and TV shows. On New Year's Eve, he said he attended a party that he didn't remember leaving.

"I woke up the next morning in my bed 10 miles away from the party I was at," he said. "How I made it up 2 flights of stars though, i dont know."

Before he blacked out at the party, SoBe recalled a "typical crackhead looking guy with no shirt on and he was bleeding" after pulling a knife on someone around the corner and demanding a eighth of an ounce of cocaine. The person around the corner ended up stealing the knife away and cutting his would-be assailant.

Picture of SoBe's dirt bike

SoBe's beloved dirt bike

"That's one thing I'll never understand, people robbing each other over a dime bag of weed and such," SoBe said.

But even as he tried to turn away from illegal hacking, SoBe found the seduction of illegal hacking too powerful to give up for good. In February 2006, after an extended spell of rain, he declared: "im pretty bored, weather has sucked lately, only done like 50 miles of riding in 3 days now. gonna start on a new bot."

Asked repeatedly over more than two years why he didn't apply his considerable energy to white-hat endeavors, SoBe said that was never something he saw himself doing. "To get a job like that, you need degrees, etc, all of that takes time," he explained. The money he and Ancheta generated, by contrast, "was nearly instant". Beyond that, he said, tracking miscreants for a security firm wouldn't provide the kind of thrill he got from being the miscreant himself.

Last page: The Botnet Victims Fund - Resilient 'coerced' to work 37.5-hour week at $1.15/hour

Combat fraud and increase customer satisfaction

More from The Register

next story
Parent gabfest Mumsnet hit by SSL bug: My heart bleeds, grins hacker
Natter-board tells middle-class Britain to purée its passwords
Obama allows NSA to exploit 0-days: report
If the spooks say they need it, they get it
Web data BLEEDOUT: Users to feel the pain as Heartbleed bug revealed
Vendors and ISPs have work to do updating firmware - if it's possible to fix this
Samsung Galaxy S5 fingerprint scanner hacked in just 4 DAYS
Sammy's newbie cooked slower than iPhone, also costs more to build
Mounties always get their man: Heartbleed 'hacker', 19, CUFFED
Canadian teen accused of raiding tax computers using OpenSSL bug
Snowden-inspired crypto-email service Lavaboom launches
German service pays tribute to Lavabit
One year on: diplomatic fail as Chinese APT gangs get back to work
Mandiant says past 12 months shows Beijing won't call off its hackers
prev story

Whitepapers

Designing a defence for mobile apps
In this whitepaper learn the various considerations for defending mobile applications; from the mobile application architecture itself to the myriad testing technologies needed to properly assess mobile applications risk.
3 Big data security analytics techniques
Applying these Big Data security analytics techniques can help you make your business safer by detecting attacks early, before significant damage is done.
Five 3D headsets to be won!
We were so impressed by the Durovis Dive headset we’ve asked the company to give some away to Reg readers.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Securing web applications made simple and scalable
In this whitepaper learn how automated security testing can provide a simple and scalable way to protect your web applications.