John Kenneth Schiefer Botmaster aka Acid" and "Acidstorm Pleads Guilty

Scrub · #1 11-10-07, 11:00 AM

An American computer security consultant on Friday admitted using massive botnets to illegally install software on at least 250,000 machines and steal online banking identities of Windows users by evesdropping on them while they made financial transactions.

John Kenneth Schiefer, 26, of Los Angeles, pleaded guilty to four felonies, including accessing protected computers to conduct fraud, disclosing illegally intercepted electronic communications, wire fraud and bank fraud. He faces a maximum sentence of 60 years in federal prison and a fine of $1.75m, according to documents filed Friday in federal court.

Schiefer, who went by names such as "Acid" and "Acidstorm," has long been a fixture in underground hacking circles. He sometimes adorned his instant message handles with phrases such as "remember the name or feel the pain" and "crime pays, and it also has an excellent benefits package." He was employed at a Los Angeles-based security firm known as 3G Communications, where he sometimes carried out his crimes, according to court documents.

The plea agreement caps an investigation involving the FBI that began in 2005, said Assistant US Attorney Mark Krause. He declined to say if charges would be filed against several conspirators mentioned in court documents, who went by names including "revolt," "Harr0," "butthead," "pr1me" and "dynamic". The case is the first time a crime related to botnets has been charged under US wiretap statutes.

Schiefer, referred questions to his attorney, who was out of town and didn't immediately return a phone call.

According to prosecutors, Schiefer and several accomplices developed malware they dubbed "spybot" that made vulnerable Windows machines part of botnet. They controlled the zombies using servers from various hosting companies, herding as many as 250,000 machines at a time. Schiefer controlled the machines using computers at his home and place of employment.

The malware contained a sniffing feature that siphoned PayPal credentials from Protected Store, a section of Windows that stores passwords users have opted to have saved. Although Pstore, as the Windows feature is often called, encrypts the information before storing it, Schiefer's malware was able to read it, presumably by escalating its Windows privileges.

"Once in possession of those intercepted communications, defendant and co-schemers known and unknown would sift through the data to obtain PayPal information, namely usernames and passwords, as well as usernames and passwords for other online accounts," according to a plea agreement that was jointly prepared by prosecutors and defense attorneys.

At one point, a conspirator who went by the name "Adam" expressed concern about a plan to steal money using the malware. Schiefer responded by reminding Adam he was not yet 18 years old. "Quit being a ***** and claim it", Schiefer said, according to the plea agreement.

Schiefer often used the PayPal and bank account information he appropriated to transfer money out of victims' accounts. On one occasion, in December 2005, he moved money out of a Suffolk National Bank account to buy undisclosed domain names from a registrar by the name of Dynadot. Additionally, Schiefer sold appropriated information to others, according to prosecutors.

Schiefer also used the botnet to collect more than $19,000 in commissions from a Dutch company called Simpel Internet for installing its adware on end users' machines without their permission. In June 2005 he made more than $14,000 by surreptitiously installing the software on more than 110,000 machines. The next month, he made more than $4,700. Schiefer took pains to conceal the scheme from people at Simpel. Among other things, he directed accomplices to throttle the number of installations, so they would appear to be legitimate.

In agreeing to plead guilty, Schiefer pledged to pay restitution of $19,128.35, the full amount he made in affiliate fees. While he almost certainly won't get anything close to 60 years, his sentence could still be substantial, judging from penalties meted out in the past. In May 2006, Jeanson James Ancheta was sentenced to five years in federal prison after pleading guilty to four felony botnet charges in the same court. There is no time off for good behavior in the federal system.

Schiefer is scheduled to make an initial appearance in federal court in Los Angeles on November 28. His arraignment is slated for December 3. ®

Botmaster owns up to 250,000 zombie PCs | The Register

ScamBuster · #2 11-11-07, 04:42 AM

No surprised here. We at ScamFraudAlert.com believe that California - The San Francisco Bay Area and Los Angeles are the hub for cybercrimes. The majority of cybercirme activities we see have some roots in Los Angeles and expands or extends to the rest of the world.

This is Good News for us ALL.

Scrub · #3 12-01-07, 08:37 PM

Press Release

For Immediate Release
November 29, 2007
Washington D.C.
FBI National Press Office
(202) 324-3691

'Bot Roast II' Nets 8 Individuals

Second Phase of Ongoing Cyber Investigation Reveals More Than $20 Million in Economic Loss and More Than One Million Victimized Computers. Public Urged To Take Precaution.

The FBI today announced the results of the second phase of its continuing investigation into a growing and serious problem involving criminal use of botnets. Since Operation 'Bot Roast' was announced last June, eight individuals have been indicted, pled guilty, or been sentenced for crimes related to botnet activity. Additionally, 13 search warrants were served in the U.S. and by overseas law enforcement partners in connection with this operation. This ongoing investigative effort has thus far uncovered more than $20 million in economic loss and more than one million victim computers.

FBI Director Robert S. Mueller, III said, "Today, botnets are the weapon of choice of cyber criminals. They seek to conceal their criminal activities by using third party computers as vehicles for their crimes. In Bot Roast II, we see the diverse and complex nature of crimes that are being committed through the use of botnets. Despite this enormous challenge, we will continue to be aggressive in finding those responsible for attempting to exploit unknowing Internet users."

A botnet is a collection of compromised computers under the remote command and control of a criminal "botherder." A botherder can gain control of these computers by unleashing malicious software such as viruses, worms, or trojan horses. By executing a simple task such as opening an attachment, clicking on an advertisement, or providing personal information to a phishing site (a fraudulent site that mimics a legitimate site), an individual computer user has unintentionally allowed unauthorized access. Bot operators will then typically use these compromised computers as vehicles to facilitate other actions such as commit identity theft, launch denial of service attacks, and install keystroke loggers.

FBI offices participating in Bot Roast II included Cincinnati, Detroit, Jacksonville, Los Angeles, Philadelphia, Sacramento, and Washington, D.C. As happens most often with complex cyber investigations, there was valuable intelligence sharing amongst law enforcement agencies that led to the success of Bot Roast II. Exchange of information between the U.S. Secret Service, the New Zealand Police, and the FBI led to the initiation and enhancement of additional botnet investigations. In one example, authorities in New Zealand, working in collaboration with the FBI Philadelphia Office, conducted a search this week at the residence of an individual who goes by the cyber ID of AKILL. AKILL is believed to be the ringleader of an elite international botnet coding group that is responsible for infecting more than one million computers.

The individuals identified as part of Bot Roast II are as follows:

1. Ryan Brett Goldstein, 21, of Ambler, Pennsylvania, was indicted on 11/01/07 by a federal grand jury in the Eastern District of Pennsylvania for botnet related activity which caused a distributed denial of service (DDoS) attack at a major Philadelphia area university. In the midst of this investigation the FBI was able to neutralize a vast portion of the criminal botnet by disrupting the botnet's ability to communicate with other botnets. In doing so, it reduced the risk for infected computers to facilitate further criminal activity. This investigation continues as more individuals are being sought.
2. Adam Sweaney, 27, of Tacoma, Washington, pled guilty on September 24, 2007 in U.S. District Court, District of Columbia, to a one count felony violation for conspiracy fraud and related activity in connection with computers. He conspired with others to send tens of thousands of email messages during a one-year period. In addition, Sweaney surreptitiously gained control of hundreds of thousands of bot controlled computers. Sweaney would then lease the capabilities of the compromised computers to others who launched spam and DDoS attacks.
3. Robert Matthew Bentley of Panama City, Florida, was indicted on 11/27/07 by a federal grand jury in the Northern District of Florida for his involvement in botnet related activity involving coding and adware schemes. This investigation is being conducted by the U.S. Secret Service.
4. Alexander Dmitriyevich Paskalov, 38, multiple U.S. addresses, was sentenced on 10/12/2007 in U.S. District Court, Northern District of Florida, and received 42 months in prison for his participation in a significant and complex phishing scheme that targeted a major financial institution in the Midwest and resulted in multi-million dollar losses.
5. Azizbek Takhirovich Mamadjanov, 21, residing in Florida, was sentenced in June 2007 in U.S. District Court, Northern District of Florida, to 24 months in prison for his part in the same Midwest bank phishing scheme as Paskalov. Paskalov established a bogus company and then opened accounts in the names of the bogus company. The phishing scheme in which Paskolov and Mamadjanov participated targeted other businesses and electronically transferred substantial sums of money into their bogus business accounts. Immigrations Customs Enforcement, Florida Department of Law Enforcement, and the Panama City Beach Police Department were active partners in this investigation.
6. John Schiefer, 26, of Los Angeles, California, agreed to plead guilty on 11/8/2007 in U.S. District Court in the Central District of California, to a four felony count criminal information. A well-known member of the botnet underground, Schiefer used malicious software to intercept Internet communications, steal usernames and passwords, and defraud legitimate businesses. Schiefer transferred compromised communications and usernames and passwords and also used them to fraudulently purchase goods for himself. This case was the first time in the U.S. that someone has been charged under the federal wiretap statute for conduct related to botnets.
7. Gregory King, 21, of Fairfield, California, was indicted on 9/27/2007 by a federal grand jury in the Central District of California on four counts of transmission of code to cause damage to a protected computer. King allegedly conducted DDoS attacks against various companies including a web based company designed to combat phishing and malware.
8. Jason Michael Downey, 24, of Dry Ridge, Kentucky, was sentenced on 10/23/2007 in U.S. District Court, Eastern District of Michigan, to 12 months in prison followed by probation, restitution, and community service for operating a large botnet that conducted numerous DDoS attacks that resulted in substantial damages. Downey operated Internet Relay Chat (IRC) network Rizon. Downey stated that most of the attacks he committed were on other IRC networks or on the people that operated them. Downey's targets of DDoS often resided on shared servers which contained other customer's data. As a result of DDoS to his target, innocent customers residing on the same physical server also fell victim to his attacks. One victim confirmed financial damages of $19,500 as a result of the DDoS attacks.

FBI Assistant Director James E. Finch, Cyber Division, said, "The public is reminded once again that they can play a part in thwarting botnet activity. Practicing strong computer security habits such as updating anti-virus software, installing a firewall, using strong passwords, and employing good e-mail and web security practices are as basic as putting locks on your doors and windows. Without employing these safeguards, botnets, along with criminal and possibly terrorist activities, will continue to flourish."

It should be noted that the FBI does not contact the public online with requests for personal information. Computer users are urged to be wary of fraud schemes that request this type of information, especially via unsolicited emails. To report fraudulent activity or financial scams, contact either the local police or your local FBI field office as well as file an online complaint with the FBI's Internet Crime Complaint Center (IC3) at www.ic3.gov.

For more information on botnets and tips for cyber crime prevention, the public is encouraged to visit the following online resources:

* Federal Bureau of Investigation - Home Page
* OnGuard Online Homepage
* Looks Too Good To Be True
* US-CERT: United States Computer Emergency Readiness Team
* www.ic3.gov

Federal Bureau of Investigation - Press Release

Scrub · #4 12-01-07, 08:37 PM

Press Release

For Immediate Release
November 29, 2007
Washington D.C.
FBI National Press Office
(202) 324-3691

'Bot Roast II' Nets 8 Individuals

Second Phase of Ongoing Cyber Investigation Reveals More Than $20 Million in Economic Loss and More Than One Million Victimized Computers. Public Urged To Take Precaution.

The FBI today announced the results of the second phase of its continuing investigation into a growing and serious problem involving criminal use of botnets. Since Operation 'Bot Roast' was announced last June, eight individuals have been indicted, pled guilty, or been sentenced for crimes related to botnet activity. Additionally, 13 search warrants were served in the U.S. and by overseas law enforcement partners in connection with this operation. This ongoing investigative effort has thus far uncovered more than $20 million in economic loss and more than one million victim computers.

FBI Director Robert S. Mueller, III said, "Today, botnets are the weapon of choice of cyber criminals. They seek to conceal their criminal activities by using third party computers as vehicles for their crimes. In Bot Roast II, we see the diverse and complex nature of crimes that are being committed through the use of botnets. Despite this enormous challenge, we will continue to be aggressive in finding those responsible for attempting to exploit unknowing Internet users."

A botnet is a collection of compromised computers under the remote command and control of a criminal "botherder." A botherder can gain control of these computers by unleashing malicious software such as viruses, worms, or trojan horses. By executing a simple task such as opening an attachment, clicking on an advertisement, or providing personal information to a phishing site (a fraudulent site that mimics a legitimate site), an individual computer user has unintentionally allowed unauthorized access. Bot operators will then typically use these compromised computers as vehicles to facilitate other actions such as commit identity theft, launch denial of service attacks, and install keystroke loggers.

FBI offices participating in Bot Roast II included Cincinnati, Detroit, Jacksonville, Los Angeles, Philadelphia, Sacramento, and Washington, D.C. As happens most often with complex cyber investigations, there was valuable intelligence sharing amongst law enforcement agencies that led to the success of Bot Roast II. Exchange of information between the U.S. Secret Service, the New Zealand Police, and the FBI led to the initiation and enhancement of additional botnet investigations. In one example, authorities in New Zealand, working in collaboration with the FBI Philadelphia Office, conducted a search this week at the residence of an individual who goes by the cyber ID of AKILL. AKILL is believed to be the ringleader of an elite international botnet coding group that is responsible for infecting more than one million computers.

The individuals identified as part of Bot Roast II are as follows:

1. Ryan Brett Goldstein, 21, of Ambler, Pennsylvania, was indicted on 11/01/07 by a federal grand jury in the Eastern District of Pennsylvania for botnet related activity which caused a distributed denial of service (DDoS) attack at a major Philadelphia area university. In the midst of this investigation the FBI was able to neutralize a vast portion of the criminal botnet by disrupting the botnet's ability to communicate with other botnets. In doing so, it reduced the risk for infected computers to facilitate further criminal activity. This investigation continues as more individuals are being sought.
2. Adam Sweaney, 27, of Tacoma, Washington, pled guilty on September 24, 2007 in U.S. District Court, District of Columbia, to a one count felony violation for conspiracy fraud and related activity in connection with computers. He conspired with others to send tens of thousands of email messages during a one-year period. In addition, Sweaney surreptitiously gained control of hundreds of thousands of bot controlled computers. Sweaney would then lease the capabilities of the compromised computers to others who launched spam and DDoS attacks.
3. Robert Matthew Bentley of Panama City, Florida, was indicted on 11/27/07 by a federal grand jury in the Northern District of Florida for his involvement in botnet related activity involving coding and adware schemes. This investigation is being conducted by the U.S. Secret Service.
4. Alexander Dmitriyevich Paskalov, 38, multiple U.S. addresses, was sentenced on 10/12/2007 in U.S. District Court, Northern District of Florida, and received 42 months in prison for his participation in a significant and complex phishing scheme that targeted a major financial institution in the Midwest and resulted in multi-million dollar losses.
5. Azizbek Takhirovich Mamadjanov, 21, residing in Florida, was sentenced in June 2007 in U.S. District Court, Northern District of Florida, to 24 months in prison for his part in the same Midwest bank phishing scheme as Paskalov. Paskalov established a bogus company and then opened accounts in the names of the bogus company. The phishing scheme in which Paskolov and Mamadjanov participated targeted other businesses and electronically transferred substantial sums of money into their bogus business accounts. Immigrations Customs Enforcement, Florida Department of Law Enforcement, and the Panama City Beach Police Department were active partners in this investigation.
6. John Schiefer, 26, of Los Angeles, California, agreed to plead guilty on 11/8/2007 in U.S. District Court in the Central District of California, to a four felony count criminal information. A well-known member of the botnet underground, Schiefer used malicious software to intercept Internet communications, steal usernames and passwords, and defraud legitimate businesses. Schiefer transferred compromised communications and usernames and passwords and also used them to fraudulently purchase goods for himself. This case was the first time in the U.S. that someone has been charged under the federal wiretap statute for conduct related to botnets.
7. Gregory King, 21, of Fairfield, California, was indicted on 9/27/2007 by a federal grand jury in the Central District of California on four counts of transmission of code to cause damage to a protected computer. King allegedly conducted DDoS attacks against various companies including a web based company designed to combat phishing and malware.
8. Jason Michael Downey, 24, of Dry Ridge, Kentucky, was sentenced on 10/23/2007 in U.S. District Court, Eastern District of Michigan, to 12 months in prison followed by probation, restitution, and community service for operating a large botnet that conducted numerous DDoS attacks that resulted in substantial damages. Downey operated Internet Relay Chat (IRC) network Rizon. Downey stated that most of the attacks he committed were on other IRC networks or on the people that operated them. Downey's targets of DDoS often resided on shared servers which contained other customer's data. As a result of DDoS to his target, innocent customers residing on the same physical server also fell victim to his attacks. One victim confirmed financial damages of $19,500 as a result of the DDoS attacks.

FBI Assistant Director James E. Finch, Cyber Division, said, "The public is reminded once again that they can play a part in thwarting botnet activity. Practicing strong computer security habits such as updating anti-virus software, installing a firewall, using strong passwords, and employing good e-mail and web security practices are as basic as putting locks on your doors and windows. Without employing these safeguards, botnets, along with criminal and possibly terrorist activities, will continue to flourish."

It should be noted that the FBI does not contact the public online with requests for personal information. Computer users are urged to be wary of fraud schemes that request this type of information, especially via unsolicited emails. To report fraudulent activity or financial scams, contact either the local police or your local FBI field office as well as file an online complaint with the FBI's Internet Crime Complaint Center (IC3) at www.ic3.gov.

For more information on botnets and tips for cyber crime prevention, the public is encouraged to visit the following online resources:

* Federal Bureau of Investigation - Home Page
* OnGuard Online Homepage
* Looks Too Good To Be True
* US-CERT: United States Computer Emergency Readiness Team
* www.ic3.gov

Federal Bureau of Investigation - Press Release

ScamBuster · #5 12-02-07, 08:05 AM

Arrests made in botnet crackdown Cash and keyboard, BBC/Corbis

The FBI said more than $20m has been stolen via botnets Police in New Zealand have questioned a teenager believed to be the ringleader of an international cyber-crime group.

The group is alleged to have infiltrated more than one million computers and skimmed millions of dollars from people's bank accounts.

The teenager, who is 18, cannot be named for legal reasons but was known by an alias as "Akill".

He was detained as part of an FBI crackdown on hi-tech criminals who run botnets - networks of hijacked PCs.

Global crackdown

After being questioned "Akill" was released without charge, but police say he is still being investigated.

Police allege that he was responsible for setting up a global network of hijacked PCs - known as a botnet.

The term describes the process of installing malicious software on PCs around the world to collect information such as login names, bank account details and credit card numbers.

The FBI estimates that 1.3 million computers were under the control of "Akill" and were used to embezzle millions of dollars.

The FBI is running a campaign against botnet controllers "Akill" was still at school when his hacking allegedly began, and he is said to be very bright and very skilled.

The 18-year-old was detained in New Zealand's North Island city of Hamilton.

He could face charges which carry a maximum sentence of 10 years in prison.

The arrest comes as part of the FBI's Operation Bot Roast II - the second phase of its campaign to tackle those who set up and run botnets for criminal gain. The running total of money stolen by the botnets is $20m (£9.7m).

The botnets were used to commit a variety of crimes. Some were simply used to steal saleable personal data, others acted as relays for spam and phishing and some were used to flood other websites with data to knock them offline.

The first phase of the FBI campaign identified more than one million computers in the US that were part of botnets and produced several arrests.

The second phase has resulted in three new indictments of people that ran botnets; jail sentences for three others and guilty pleas from a further two botnet controllers.

To stay safe, the FBI urged PC users to install and maintain anti-virus software, employ a firewall, use strong passwords and not open unknown attachments on e-mail messages.

BBC

Thread Tools
Show Printable Version Email this Page
Display Modes	Rate This Thread
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode	Rate This Thread: