http://seattlepi.nwsource.com/local/282561_botnet25.html By MIKE BARBER P-I REPORTER August 25, 2006 A 20-year-old California hacker who created a virus that jeopardized patients at Northwest Hospital in Seattle, damaged computers at U.S. military installations worldwide and affected thousands of others will be sentenced today. Federal prosecutors will ask U.S. District Judge Marsha Pechman to send Christopher Maxwell to prison for six years. Maxwell's lawyer will argue that only probation and community service is warranted, according to court documents. Defense attorney Steven Bauer cites Maxwell's lack of a criminal record and maintains that he did not intend such an extensive spread of his robot virus program, or "botnet" software. The key issues at sentencing revolve around how much damage Maxwell caused and how willfully he caused it. Maxwell, of Vacaville, Calif., pleaded guilty in May to conspiracy and intentionally damaging a protected computer. In a sentencing memorandum filed Aug. 18, Assistant U.S. Attorney Kathryn Warma said Maxwell "willfully and deliberately orchestrated a deliberate campaign of worldwide computer network attacks" and profited from it. Maxwell worked anonymously from his home but went to great lengths to cover his tracks -- "secure, apparently in the belief that the many steps he had taken to conceal his actions and identity would keep him forever above the law," Warma wrote. In addition to Northwest Hospital and 407 Defense Department locations, investigators say Maxwell's virus took down computers at the Colton (Calif.) Unified School District, rendering computer labs unusable for students and staff, and requiring extensive repairs. Overall, investigators have identified 441,000 computer systems hacked by Maxwell's robot virus, including 104 country domains, 276 ".net" domains, 128 ".com" domains, and 28 ".edu" domains. The virus was planted between July 2004 and July 2005, federal investigators said. But Bauer, in his pre-sentencing brief, stated that "it has appeared that the government wants a poster boy for this offense and has selected Mr. Maxwell to receive that privilege." "There is no doubt that the defendant in this matter had the intent to create the 'bot' and to launch it, but there is no evidence that he had any intent to cause the specific harm which occurred as a result," Bauer argued. Bauer also claimed Maxwell would have stopped had he known how much damage his botnet was causing. Bauer noted that Maxwell wants to make restitution and already has sought to help out in a hometown hospital. Warma said two unnamed youths who assisted Maxwell, both of whom live in Texas, are still facing charges. Botnets are sent over the Web to seek out computers with exploitable security flaws. They are programmed, according to court documents, to "do the bidding" of whoever is in control. They can receive commands, perform functions and provide information back to the botnet creator but also have a built-in feature to grow and spread to other computers. Federal prosecutors previously have said that Maxwell and the youths began by first compromising computer networks at California State University, the University of Michigan and the University of California-Los Angeles. They then incorporated those systems into a 13,000-computer network, or botnet, under Maxwell's control, prosecutors said. Having created the botnet, they said, Maxwell admitted to remotely installing adware and other unauthorized programs without the owners' knowledge in order to obtain commissions from adware companies. Adware causes advertisements to appear on an affected computer. Each installation earns the installer a commission. Adware can be legally bundled with products and sold with a consent understanding through a license agreement. Hackers, however, abuse the system by fraudulently taking money as an affiliate, then hacking into computers without the permission of the computer owner. Court documents said Maxwell sought to maximize profits that ranged from one cent to 20 cents "per install," making an estimated $100,000. He worked at a local Wal-Mart and was a community college student at the time, Warma said. Northwest Hospital was compromised on Jan. 9, 2005. The hospital's surgical, patient financing, information management, diagnostic imaging and laboratory systems were affected. Operating room doors wouldn't open, pagers were silenced, and computers in the intensive-care unit shut down. The Defense Department independently pursued its own investigation through the Joint Task Force-Global Network Operations. It alleges that Maxwell created and published a page on the Internet in which he "boasted" of getting paid by adware companies and urged visitors to click links to make money the same way. Botnets are the preferred method of Internet crooks and thieves, used often for phishing schemes, illegal spamming, stealing passwords and identities, and spreading pornography. Hackers can monitor users' keystrokes and steal passwords, credit card information and other confidential data. Software and hardware computer firewalls, and anti-virus and anti-spyware downloads are the best defenses against unauthorized intrusions, and should be updated regularly, computer experts say. 1996-2006 Seattle Post-Intelligencer _________________________________ HITBSecConf2006 - Malaysia The largest network security event in Asia 32 internationally renowned speakers 7 tracks of hands-on technical training sessions. Register now: http://conference.hitb.org/hitbsecconf2006kl/
This archive was generated by hypermail 2.1.3 : Thu Aug 24 2006 - 23:31:46 PDT