[ISN] California Man Charged with Botnet Offenses

From: InfoSec News (isn@private)
Date: Fri Nov 04 2005 - 09:10:31 PST


http://www.eweek.com/article2/0,1895,1881621,00.asp

By Paul F. Roberts 
November 3, 2005 

Botnets are big business - at least according to authorities who
announced the first U.S. case against an alleged computer hacker, who
authorities believe netted $60,000 in cash and a BMW from a personal
army of zombie computers.

Federal authorities arrested a 20-year-old California man Thursday and
charged him with running a network of 400,000 compromised computers
called a "botnet," including computers used by the U.S. government for
national defense.

Jeanson James Ancheta, of Downey, Calif., was arrested by FBI agents
Thursday morning and charged with spreading a Trojan horse program,
called "rxbot," and using it to build a network of around 400,000
infected computers.

He is also charged with illegally uploading advertising software
("adware") onto compromised systems.

Among Ancheta's alleged victims were computers at the Weapons Division
of the U.S. Naval Air Warfare Center, and machines belonging to the
U.S. Department of Defense's Defense Information Systems Agency,
according to a statement from Debra Wong Yang, U.S. Attorney for the
Central District of California.

Huge networks of compromised computers, known as "bots," have become a
pressing problem in recent months.

Security company Symantec Corp. said that its researchers identified
an average of 10,352 bots a day in the first half of 2005, compared to
around 5,000 a day in December 2004, according to the company's most
recent Internet Threat Report.

The arrest in California follows a similar crackdown in the
Netherlands that netted individuals believed to control a network of
1.5 million infected computers worldwide.

It is the first known prosecution of a botnet operator in the United
States, according to the statement.

Ancheta is alleged to have modified and distributed a Trojan horse
program called rxbot.

Once the Trojan was installed on victims' computers, he allegedly used
IRC (Internet Relay Chat) to communicate and control the systems, even
advertising use of the botnets for DoS (denial of service) attacks and
spam.

Symantec believes that the increase in bot networks is directly
related to an increase in DoS attacks and online extortion attempts,
the company reported.

Ancheta was also a member of affiliate networks used by unnamed
"advertising service companies," who paid him around $60,000 to
install their advertising software on the machines he controlled, the
statement alleges.

The case was investigated by the FBI as well as the Naval Criminal
Investigative Service and Defense Criminal Investigative Service.

Authorities are charging Ancheta with 17 counts, including conspiracy,
transmission of code to a protected computer, to a government
computer, and multiple counts of fraud and money laundering.

Authorities are also seeking more than $60,000 in cash and a BMW
automobile that they allege are illicit gains from the botnet
activity.



_________________________________________
Earn your Master's degree in Information Security ONLINE
www.msia.norwich.edu/csi
Study IA management practices and the latest infosec issues.
Norwich University is an NSA Center of Excellence.



This archive was generated by hypermail 2.1.3 : Fri Nov 04 2005 - 09:30:19 PST