[ISN] FBI Cracks Down (Again) on Zombie Computer Armies

From: InfoSec News (alerts@private)
Date: Fri Nov 30 2007 - 01:14:01 PST


http://blog.wired.com/27bstroke6/2007/11/fbi-cracks-down.html

By Ryan Singel 
Wired.com - Threat Level
November 29, 2007

The FBI announced Thursday it had indicted or successfully prosecuted 
eight individuals in a crack down on black hat hackers who use armies of 
zombie computers to commit financial fraud, attack web sites with floods 
of traffic and send spam. The crimes at issue involved more than $20 
million in losses, according to the FBI.

The FBI dubbed the eight cases "Operation Bot Roast II" -- the second 
round of its investigations against botnets, one of the most dangerous 
threats online today. The first FBI crackdown on botnets was announced 
in June.

Hackers build their botnets by infecting computers with emailed trojans 
or with by infecting people through malicious code on web pages. They 
then tell the computers what to do from a central server or through chat 
applications. Botnet sizes vary, but the largest can comprise over a 
million computers, according to security researchers' estimates.

According to the FBI announcement, the individuals identified as part of 
Bot Roast II are as follows:
   
1. Ryan Brett Goldstein, 21, of Ambler, Pennsylvania, was indicted on 
   11/01/07 by a federal grand jury in the Eastern District of 
   Pennsylvania for botnet related activity which caused a distributed 
   denial of service (DDoS) attack at a major Philadelphia area 
   university. In the midst of this investigation the FBI was able to 
   neutralize a vast portion of the criminal botnet by disrupting the 
   botnet's ability to communicate with other botnets. In doing so, it 
   reduced the risk for infected computers to facilitate further 
   criminal activity. This investigation continues as more individuals 
   are being sought.
   
2. Adam Sweaney, 27, of Tacoma, Washington, pled guilty on September 24, 
   2007 in U.S. District Court, District of Columbia, to a one count 
   felony violation for conspiracy fraud and related activity in 
   connection with computers. He conspired with others to send tens of 
   thousands of email messages during a one-year period. In addition, 
   Sweaney surreptitiously gained control of hundreds of thousands of 
   bot controlled computers. Sweaney would then lease the capabilities 
   of the compromised computers to others who launched spam and DDoS 
   attacks.
   
3. Robert Matthew Bentley of Panama City, Florida, was indicted on 
   11/27/07 by a federal grand jury in the Northern District of Florida 
   for his involvement in botnet related activity involving coding and 
   adware schemes. This investigation is being conducted by the U.S. 
   Secret Service.
   
4. Alexander Dmitriyevich Paskalov, 38, multiple U.S. addresses, was 
   sentenced on 10/12/2007 in U.S. District Court, Northern District of 
   Florida, and received 42 months in prison for his participation in a 
   significant and complex phishing scheme that targeted a major 
   financial institution in the Midwest and resulted in multi-million 
   dollar losses.
   
5. Azizbek Takhirovich Mamadjanov, 21, residing in Florida, was 
   sentenced in June 2007 in U.S. District Court, Northern District of 
   Florida, to 24 months in prison for his part in the same Midwest bank 
   phishing scheme as Paskalov. Paskalov established a bogus company and 
   then opened accounts in the names of the bogus company. The phishing 
   scheme in which Paskolov and Mamadjanov participated targeted other 
   businesses and electronically transferred substantial sums of money 
   into their bogus business accounts. Immigrations Customs Enforcement, 
   Florida Department of Law Enforcement, and the Panama City Beach 
   Police Department were active partners in this investigation.
   
6. John Schiefer, 26, of Los Angeles, California, agreed to plead guilty 
   on 11/8/2007 in U.S. District Court in the Central District of 
   California, to a four felony count criminal information. A well-known 
   member of the botnet underground, Schiefer used malicious software to 
   intercept Internet communications, steal usernames and passwords, and 
   defraud legitimate businesses. Schiefer transferred compromised 
   communications and usernames and passwords and also used them to 
   fraudulently purchase goods for himself. This case was the first time 
   in the U.S. that someone has been charged under the federal wiretap 
   statute for conduct related to botnets.
   
7. Gregory King, 21, of Fairfield, California, was indicted on 9/27/2007 
   by a federal grand jury in the Central District of California on four 
   counts of transmission of code to cause damage to a protected 
   computer. King allegedly conducted DDoS attacks against various 
   companies including a web based company designed to combat phishing 
   and malware.
   
8. Jason Michael Downey, 24, of Dry Ridge, Kentucky, was sentenced on 
   10/23/2007 in U.S. District Court, Eastern District of Michigan, to 
   12 months in prison followed by probation, restitution, and community 
   service for operating a large botnet that conducted numerous DDoS 
   attacks that resulted in substantial damages. Downey operated 
   Internet Relay Chat (IRC) network Rizon. Downey stated that most of 
   the attacks he committed were on other IRC networks or on the people 
   that operated them. Downey's targets of DDoS often resided on shared 
   servers which contained other customer's data. As a result of DDoS to 
   his target, innocent customers residing on the same physical server 
   also fell victim to his attacks. One victim confirmed financial 
   damages of $19,500 as a result of the DDoS attack

Secure Computing's prinicipal research scientist Dmitri Alperovitch was 
quite happy about the news.

"We welcome this news and applaud the FBI's efforts and law enforcement 
worldwide in attempting to cleanup the cesspool of malware and 
criminality that the botmasters have promoted," Alperovitch said in a 
press release. "Since botnets are at the root of nearly all cybercrime 
activities that we see on the Internet today, the significant deterrence 
value that arrests and prosecutions such as these provide cannot be 
underestimated."

The prosecutions do not mean the FBI is interested in helping you clean 
your computer of malware, but they will take your computer crime 
complaint online.


__________________________________________________________________      
Visit InfoSec News
http://www.infosecnews.org/



This archive was generated by hypermail 2.1.3 : Fri Nov 30 2007 - 01:28:18 PST