US botnet master confesses to crimes
Security consultant to plead guilty, could face heavy sentence.
A Los Angeles man has agreed to plead guilty to several counts of fraud and unauthorised interfering with computer
systems, having built a botnet comprising up to 250,000 machines, installing adware and using harvested data to
defraud money from bank accounts, both directly and via PayPal.
The man, 28-year-old John Kenneth Sheifer, worked as an IT security consultant, and is thought to have planted malware
on many of the machines he was charged with securing. Along with several co-conspirators, he built up and ran the
large networks of infected systems, using data-stealing software to access details of online banking and
PayPal accounts. Adware was also installed on the systems to gather affiliate commissions amounting to almost
$20,000.
The affiliate fees will be repaid as part of the plea agreement, which results from a lengthy investigation including
newly available wire-tapping techniques, and leaves Sheifer facing maximum jail sentences of 60 years and fines of up to
$1.75 million. Though such extreme sentences are unlikely, a similar case earlier this year saw a botmaster sentenced
to five years in prison.
More details on the case are in the LA Times
here or
The Register here.
12 November 2007
Tags:
botnet, identity theft, legal, sentence.
del.icio.us 
digg this
This month's VB100 test saw some major changes and a radical overhaul of the VB100 test methodology - for the first time allowing products to use their 'cloud' look-up systems. John Hawes has all the details.