Sophos assists Computer Crime Unit in bringing botnet master to justice

June 12, 2008 Sophos Press Release

Behind bars
Botnet boss Bentley sentenced to 41 months behind bars.

IT security and control firm Sophos assisted the Metropolitan Police Computer Crime Unit in bringing a case against Robert Matthew Bentley. The hacker, of Panama City, Florida, who went by the alias 'LSDigital', had previously pleaded guilty to charges relating to botnet activities and has been sentenced by prosecutors in Pensacole, Florida, to 41 months behind bars and fined $65,000.

The Metropolitan Police Computer Crime Unit in the UK first brought Bentley's illegal activities to light when investigating complaints of suspicious activity from Newell Rubbermaid. The corporation, which counts popular stationery brands Parker and Papermate among its portfolio, had been targeted by Bentley's botnet operation which turned PCs into zombies, bringing so much traffic to the company's website that it ground to a halt. Bentley and his associates generated thousands of dollars by hijacking PCs and using them to display adverts.

In December 2006, the Metropolitan Police Computer Crime Unit worked with Sophos and the US Secret Service to identify Bentley as the person responsible, with other unidentified conspirators, for infecting a company's network of computers in Europe with adware. Bentley received payment through a Dutch-based operation called Dollar Revenue for these malicious hacks and the placement of adverts. Computers in Florida were used to commit the offences between October 2005 and November 2006.

"These computer criminals have no qualms about infecting computers around the world and causing thousands of pounds of damages," said Bob Burls Detective Constable with Metropolitan Police Computer Crime Unit . "In their greed, they cause devastating damage to both private and company computers. The sentence Bentley has received will act as a deterrent and show that regardless of where you are in the world, if you commit this type of crime, we will bring you to justice."

"I'm not going to say I'm delighted," said Paul Ducklin, Head of Technology at Sophos. "A prison sentence is never really a happy result for anyone. But I am encouraged that law enforcement are showing their willingness, and ability, to do something about cybercriminality."

Ducklin points out that, although Bentley doesn't count as a Mr Big in the world of cybercrime, this conviction is important and his activities inexcusable. "Stealing computer resources from someone else is a crime on its own," says Ducklin. "Using those stolen resources to commit further crimes, such as denial-of-service attacks or illegal software installs, just makes a bad thing worse."

Ducklin knows what he is talking about, having been fighting malware since the industry first started. On the 13 June, Ducklin is an invited expert attending a Visioning Forum in Sydney, part of the Australian Government's National E-Security Week.

Sophos recommends all computer users protect themselves with a consolidated solution which can control network access and defend against the threats of spam, hackers, spyware and viruses.