In mid-April 2008, in the first prosecution of its kind in the United States (U.S.), a man known to the "botnet underground" as the botherder "acidstorm" pled guilty to using botnets—armies of compromised computers—to steal the identities of victims by extracting information from PCs and wiretapping their communications. John Schiefer, 26, of Los Angeles, pled guilty to accessing protected computers to conduct fraud, disclosing illegally intercepted electronic communications, and wire and bank fraud.
Schiefer admitted that he gained access without authorization to hundreds of thousands of computers in the U.S. and that he remotely controlled these compromised machines via servers. Once in control of the "zombie" computers, Schiefer used his botnets to search for vulnerabilities in other computers, intercept electronic communications, and engage in identity theft.
"While computer criminals have many technological resources, we have our own technology experts, as well as legal remedies to punish those who exploit the Internet for nefarious purposes," said U.S. Attorney Thomas P. O'Brien. "As Internet criminals develop new techniques, we quickly respond to their threats and prosecute those who compromise our ability to safely use the Internet."
In connection with the wiretapping, Schiefer admitted that he and others installed malware on zombie PCs that captured electronic communications in real time. Because victims did not know that their computers had become infected, they continued to use them to engage in commerce, such as online purchases.
Schiefer's "spybot" malware allowed him to intercept communications sent between victims' computers and financial institutions, such as PayPal. Schiefer sifted through those intercepted communications and mined account usernames and passwords. Using the stolen usernames and passwords, he made purchases and transferred funds without the consent of the victims. Schiefer also gave the stolen usernames and passwords, as well as the wiretapped communications, to others. He is the first person in the nation to plead guilty to wiretapping charges in connection with the use of botnets.
He also admitted stealing information from numerous computers by accessing the PStore, which is intended to be a secure storage area on computers running Windows operating systems. To accomplish this, Schiefer installed malware on computers that caused them to send account access information, including usernames and passwords for PayPal and other financial Web sites, to computers controlled by Schiefer and his coconspirators. He used that information to make unauthorized purchases using funds transferred directly from victims' bank accounts. Schiefer is the first known defendant to plead guilty to harvesting information from PStores.
Finally, Schiefer admitted defrauding a Dutch Internet advertising company with his armies of zombie computers. Schiefer signed up as a consultant with the advertising company and promised to install the company's programs on computers only when the owners of those computers gave consent. Instead, Schiefer and two coconspirators installed that program on approximately 150,000 zombie computers whose owners did not give consent. Schiefer was ultimately paid more than $19,000 by the company.
Schiefer is scheduled to be sentenced Aug. 20, 2008, facing a maximum sentence of 60 years in federal prison and a fine of $1.75 million. In addition to his guilty pleas to the criminal charges, Schiefer has agreed to pay approximately $20,000 in restitution to the Dutch company and financial institutions that he defrauded.
"Los Angeles has been on the front lines in the war against botnets," said Salvador Hernandez, assistant FBI director, Los Angeles. "As demonstrated by the Schiefer investigation, criminals increasingly use computers to facilitate illegal activities. As technology advances, so do the techniques of cybercrime to exploit computers and users. The FBI is meeting the evolving threats in cyberspace by identifying and building cases on the worst offenders. This case should send a message to would-be cyber-culprits: the FBI may only be a few mouse clicks away from you."
©2011 Check Point Software Technologies Ltd. All rights reserved.