Feeds

I Was A Teenage Bot Master

The Confessions of SoBe Owns

Seven Steps to Software Security

The Botnet Victims Fund

Ancheta's 57-month sentence immediately rocked chat rooms where SoBe and other would-be botherders spent time. Because the federal system generally doesn't award time off for good behavior, it meant Ancheta would have spent roughly one-fifth of his life behind bars by the time he was released. This came as a severe shock to SoBe.

"Everyone thinks its retarded pretty much," said SoBe. "But its not going to stop anyone from doing bots. i think at most he shouldve faced a fine, probation, etc not be sentenced to jail for stupid shit that didnt hurt anyone if you think about it."

Even then, SoBe was having a hard time accepting that he might have to walk away permanently from a line of work he had found so easy and lucrative. "there are people still making what james made in 6 months in one month, for a year straight," he said. "they will never be caught." He continued: "me and james wouldnt be in this situation if he never opened #botz4sale," wallpapering over the substantial role he played in his own demise.

While SoBe spent the next year-and-half agonizing over the prospect of being indicted, Ancheta sat behind bars, first in a federal facility in California and eventually at the Federal Correctional Institution in Allenwood, Pennsylvania.

It was precisely the kind of routine SoBe dreaded. It called for Ancheta to work 37.5 hours a week at just $1.15 per hour doing manual labor. Worse - from Ancheta's perspective anyway - was a requirement that 50 per cent of his income be subtracted from his paycheck and paid as restitution to some of his botnet victims under something dubbed IFRP, or inmate financial responsibility program.

Receipt FBI left after confiscating SoBe's

My house was raided and all I got was this receipt

"In light of the fact that defendant is being coerced and extorted to acquiesce into the (IFRP) Program which is a core judicial function that is 'only' delegated to the sentencing court, defendant requests of the court to allow him to set a scheduling payment with the court upon his release," Ancheta argued in a petition he filed in December on his own behalf. Ancheta argued that while he was incarcerated, he should only pay $25 every three months toward the more than $14,000 he was required to pay in restitution.

US District Judge Gary Klausner, the same jurist who sentenced Ancheta to nearly five years in prison, was largely unmoved by the arguments. Klausner ordered Ancheta to pay 40 per cent of his earnings while he is in prison.

Run For The Border?

Despite claims that he had been close to Ancheta, SoBe remained unaware of his friend's new life behind bars because he never bothered to send him a letter. Instead, SoBe, the youngest of three teenage kids, continued to live at home with his parents. My correspondence with him remained largely dormant until he received word that feds were close to indicting a botnet confederate who went by the name Acid.

"Time for me to pack up and go to mexico or something," SoBe said last August. "If they got him to talk about other people he could easily put away dozens and those dozens lead to more."

In November, after getting a link to a story reporting that Acid, who in real life was 26-year-old John Kenneth Schiefer, agreed to plead guilty to four felonies connected to botnets, he was verbally upset.

"Dynamic what a fag," SoBe said, referring to another online alias Schiefer used. "I hope he gets jail time. I just linked that to a friend and hes like 'DUDE FUCK I CONTROLL ALL OF HIS SHIT WTF.' Oh well time to go buy a new hd."

Within a month, SoBe said federal prosecutors told him he was going to be charged and suggested he plead guilty. SoBe's attorney made arrangements for him to fly to Los Angeles to be arraigned rather than being arrested in Florida and flown out by the FBI. Three months later, SoBe pleaded guilty to criminal charges.

By then, SoBe's parents had, at long last, canceled his internet connection, so his thoughts during the final weeks leading up to his sentencing are unknown. According to an older brother, SoBe spent his days taking classes to prepare for the General Educational Development tests, in keeping with his settlement agreement with prosecutors.

But if one of his last conversations is any guide, SoBe had grown tired of wondering if he was going to be charged.

"At least ill know if its finally over," he said. "they told me like 2 years ago i was being indicted then never said anything after that so i sort of figured it was coming. it sucks, but i guess i have to pay for shit i did when i was a kid." ®

Mobile application security vulnerability report

More from The Register

next story
HIDDEN packet sniffer spy tech in MILLIONS of iPhones, iPads – expert
Don't panic though – Apple's backdoor is not wide open to all, guru tells us
Mozilla fixes CRITICAL security holes in Firefox, urges v31 upgrade
Misc memory hazards 'could be exploited' - and guess what, one's a Javascript vuln
BMW's ConnectedDrive falls over, bosses blame upgrade snafu
Traffic flows up 20% as motorway middle lanes miraculously unclog
LibreSSL RNG bug fix: What's all the forking fuss about, ask devs
Blow to bit-spitter 'tis but a flesh wound, claim team
Manic malware Mayhem spreads through Linux, FreeBSD web servers
And how Google could cripple infection rate in a second
Yorkshire cops fail to grasp principle behind BT Fon Wi-Fi network
'Prevent people that are passing by to hook up to your network', pleads plod
Don't look, Snowden: Security biz chases Tails with zero-day flaws alert
Exodus vows not to sell secrets of whistleblower's favorite OS
Researcher sat on critical IE bugs for THREE YEARS
VUPEN waited for Pwn2Own cash while IE's sandbox leaked
prev story

Whitepapers

Designing a Defense for Mobile Applications
Learn about the various considerations for defending mobile applications - from the application architecture itself to the myriad testing technologies.
How modern custom applications can spur business growth
Learn how to create, deploy and manage custom applications without consuming or expanding the need for scarce, expensive IT resources.
Reducing security risks from open source software
Follow a few strategies and your organization can gain the full benefits of open source and the cloud without compromising the security of your applications.
Boost IT visibility and business value
How building a great service catalog relieves pressure points and demonstrates the value of IT service management.
Consolidation: the foundation for IT and business transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.