Feeds

I Was A Teenage Bot Master

The Confessions of SoBe Owns

High performance access to file storage

The Botnet Victims Fund

Ancheta's 57-month sentence immediately rocked chat rooms where SoBe and other would-be botherders spent time. Because the federal system generally doesn't award time off for good behavior, it meant Ancheta would have spent roughly one-fifth of his life behind bars by the time he was released. This came as a severe shock to SoBe.

"Everyone thinks its retarded pretty much," said SoBe. "But its not going to stop anyone from doing bots. i think at most he shouldve faced a fine, probation, etc not be sentenced to jail for stupid shit that didnt hurt anyone if you think about it."

Even then, SoBe was having a hard time accepting that he might have to walk away permanently from a line of work he had found so easy and lucrative. "there are people still making what james made in 6 months in one month, for a year straight," he said. "they will never be caught." He continued: "me and james wouldnt be in this situation if he never opened #botz4sale," wallpapering over the substantial role he played in his own demise.

While SoBe spent the next year-and-half agonizing over the prospect of being indicted, Ancheta sat behind bars, first in a federal facility in California and eventually at the Federal Correctional Institution in Allenwood, Pennsylvania.

It was precisely the kind of routine SoBe dreaded. It called for Ancheta to work 37.5 hours a week at just $1.15 per hour doing manual labor. Worse - from Ancheta's perspective anyway - was a requirement that 50 per cent of his income be subtracted from his paycheck and paid as restitution to some of his botnet victims under something dubbed IFRP, or inmate financial responsibility program.

Receipt FBI left after confiscating SoBe's

My house was raided and all I got was this receipt

"In light of the fact that defendant is being coerced and extorted to acquiesce into the (IFRP) Program which is a core judicial function that is 'only' delegated to the sentencing court, defendant requests of the court to allow him to set a scheduling payment with the court upon his release," Ancheta argued in a petition he filed in December on his own behalf. Ancheta argued that while he was incarcerated, he should only pay $25 every three months toward the more than $14,000 he was required to pay in restitution.

US District Judge Gary Klausner, the same jurist who sentenced Ancheta to nearly five years in prison, was largely unmoved by the arguments. Klausner ordered Ancheta to pay 40 per cent of his earnings while he is in prison.

Run For The Border?

Despite claims that he had been close to Ancheta, SoBe remained unaware of his friend's new life behind bars because he never bothered to send him a letter. Instead, SoBe, the youngest of three teenage kids, continued to live at home with his parents. My correspondence with him remained largely dormant until he received word that feds were close to indicting a botnet confederate who went by the name Acid.

"Time for me to pack up and go to mexico or something," SoBe said last August. "If they got him to talk about other people he could easily put away dozens and those dozens lead to more."

In November, after getting a link to a story reporting that Acid, who in real life was 26-year-old John Kenneth Schiefer, agreed to plead guilty to four felonies connected to botnets, he was verbally upset.

"Dynamic what a fag," SoBe said, referring to another online alias Schiefer used. "I hope he gets jail time. I just linked that to a friend and hes like 'DUDE FUCK I CONTROLL ALL OF HIS SHIT WTF.' Oh well time to go buy a new hd."

Within a month, SoBe said federal prosecutors told him he was going to be charged and suggested he plead guilty. SoBe's attorney made arrangements for him to fly to Los Angeles to be arraigned rather than being arrested in Florida and flown out by the FBI. Three months later, SoBe pleaded guilty to criminal charges.

By then, SoBe's parents had, at long last, canceled his internet connection, so his thoughts during the final weeks leading up to his sentencing are unknown. According to an older brother, SoBe spent his days taking classes to prepare for the General Educational Development tests, in keeping with his settlement agreement with prosecutors.

But if one of his last conversations is any guide, SoBe had grown tired of wondering if he was going to be charged.

"At least ill know if its finally over," he said. "they told me like 2 years ago i was being indicted then never said anything after that so i sort of figured it was coming. it sucks, but i guess i have to pay for shit i did when i was a kid." ®

High performance access to file storage

More from The Register

next story
Obama allows NSA to exploit 0-days: report
If the spooks say they need it, they get it
Parent gabfest Mumsnet hit by SSL bug: My heart bleeds, grins hacker
Natter-board tells middle-class Britain to purée its passwords
Web data BLEEDOUT: Users to feel the pain as Heartbleed bug revealed
Vendors and ISPs have work to do updating firmware - if it's possible to fix this
OpenSSL Heartbleed: Bloody nose for open-source bleeding hearts
Bloke behind the cockup says not enough people are helping crucial crypto project
One year on: diplomatic fail as Chinese APT gangs get back to work
Mandiant says past 12 months shows Beijing won't call off its hackers
Call of Duty 'fragged using OpenSSL's Heartbleed exploit'
So it begins ... or maybe not, says one analyst
Experian subsidiary faces MEGA-PROBE for 'selling consumer data to fraudster'
US attorneys general roll up sleeves, snap on gloves
Oz bank in comedy Heartbleed blog FAIL
Bank: 'We are now safely patched.' Customers: 'You were using OpenSSL?'
prev story

Whitepapers

Mainstay ROI - Does application security pay?
In this whitepaper learn how you and your enterprise might benefit from better software security.
Five 3D headsets to be won!
We were so impressed by the Durovis Dive headset we’ve asked the company to give some away to Reg readers.
3 Big data security analytics techniques
Applying these Big Data security analytics techniques can help you make your business safer by detecting attacks early, before significant damage is done.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Mobile application security study
Download this report to see the alarming realities regarding the sheer number of applications vulnerable to attack, as well as the most common and easily addressable vulnerability errors.