Botnet boss faces up to 60 years in jail

November 12, 2007 Sophos Press Release

Botnet computers under the remote control of a hacker can be used for identity theft. Image copyright (c) Sophos
Botnet computers under the remote control of a hacker can be used for identity theft.

Experts at IT security and control firm Sophos have welcomed news that a man faces a stiff sentence, after admitting he controlled an army of 250,000 compromised PCs in order to harvest PayPal usernames and passwords and other personal information.

John Schiefer, a 26-year-old computer security consultant for 3G Communications, faces up to 60 years in a federal jail and a fine of $1.75 million, after collecting - with other gang members - a botnet comprising of a quarter of a million computers, sometimes controlling them from work.

Los Angeles-based Schiefer, who used the names "Acid" and "Acidstorm" online, faces charges of developing and distributing malware to poorly-defended computers, and then using them for the purposes of identity theft. Having stolen PayPal usernames and passwords, Schiefer and other gang members, made purchases from unwitting victims' accounts.

Under terms of a plea agreement filed by Schiefer on 9 November, he will plead guilty to four felony counts: accessing protected computers to conduct fraud, disclosing illegally intercepted electronic communications, wire fraud and bank fraud.

"Everyone who has a computer runs the risk of it becoming part of a cybercriminal botnet. Only by properly securing PCs with up-to-date anti-virus, firewalls, security patches and a good serving of common sense, can consumers defend themselves from having their Windows computers silently taken over by hackers for their own ends," said Graham Cluley, senior technology consultant for Sophos. "The authorities should be applauded for investigating crimes like this and bringing criminals to justice, but there are plenty of other hackers engaged in these activities who are still managing to escape the clutches of the law."

Zombie computers - are your PCs under someone else's control?

Botnet computers, also known as zombies, can be used by criminal hackers to launch distributed denial-of-service attacks, spread spam messages or to steal confidential information.

As spammers become more aggressive, collaborating with virus writers to create armies of zombie computers, legitimate organizations with hijacked computers are being identified as a source of spam. This not only harms the company's reputation, but can also cause the business's email to be blocked by others.

Sophos ZombieAlert™ advises service subscribers when any computer on their network is found to have sent spam to Sophos's extensive global network of spam traps, and provides rapid notification to customers if their Internet Protocol (IP) addresses are listed in public Domain Name Server Block Lists (DNSBL). This information helps customers locate, disinfect, and protect these systems from future attacks.

Sophos recommends companies protect themselves with a consolidated solution which can control network access and defend against the threats of spam, hackers, spyware and viruses.