To print: Click here or Select File and then Print from your browser's menu

This story was printed from silicon.com, located at http://www.silicon.com/

Story URL: http://management.silicon.com/government/0,39024677,39169114,00.htm

Security consultant pleads guilty to bot attacks
Admits infecting 250,000 computers...

By Reuters

Published: Monday 12 November 2007

A US man has admitted infecting 250,000 computers and stealing the identities of thousands of people by wiretapping their communications and accessing their bank accounts.

John Schiefer agreed to plead guilty to four counts of fraud and wiretap charges, which could lead to a $1.75m fine and send him to prison for up to 60 years, the Los Angeles US Attorney's office said.

Prosecutors said Schiefer and an unspecified number of conspirators installed malicious computer code that acted as a wiretap on compromised computers and intercepted messages to Paypal and similar websites.

Agenda Setters 2007

Find out who made this year's Agenda Setters list of the top technology movers and shakers.

He retrieved usernames and passwords and used them to access an unknown number of bank accounts. Prosecutors said they are still investigating the amount stolen and the number of victims.

They said Schiefer worked by day as an information security consultant but was a well-known "botmaster" among the underground network of hackers skilled in "botnet attacks".

A bot is a program that surreptitiously installs itself on a computer so a hacker can control it. A botnet is a network of such computers that can harness their collective powers to cause problems.

In another scheme, Schiefer installed malicious code on computers running Microsoft operating systems, causing them to disgorge usernames and passwords from a secure area and enable him to access the victims' bank accounts.

Schiefer also admitted defrauding the Dutch internet advertising company Simpel Internet, which signed him up as a consultant, of more than $19,000. He installed his spyware program on approximately 150,000 of the company's computers. He is expected to be arraigned on 3 December.