Second helping of FBI's Bot Roast serves eight

LATEST NEWS

Computerworld is New Zealand's only specialised information systems fortnightly.
Subscribe now for $100 (23 issues) and save more than 37% off the cover price!

Get the latest news from Computerworld delivered via email.
Sign up now

The New Zealander using the online username AKILL is believed to be the leader of an international botnet coding group

By Jaikumar Vijayan | Framingham | Monday, 3 December, 2007

The FBI has announced that eight individuals have been indicted, pled guilty or have been sentenced to prison over the last few months for crimes related to botnet activity.

In addition, it said that 13 search warrants were served in the US and by overseas law enforcement authorities on individuals thought to be connected with botnet-related activities. Among those whose residences were searched was an individual in New Zealand using the online username AKILL, and who is believed to be the leader of an international botnet coding group, according to the FBI's statement.

All the individuals were targeted as part of the FBI's ongoing Operation Bot Roast, first announced in June, under which the agency is conducting a coordinated domestic and international campaign to disrupt the activities of the so-called bot-herders who operate the networks of hijacked computers.

So far, the operation has uncovered more than US$20 million in losses to consumers and businesses and more than two million infected PCs according to the FBI.

Botnets are vast networks of compromised or "zombie" systems each, of which can be remotely commanded by a malicious attacker to carry out tasks such as forwarding spam messages or participating in denial-of-service attacks against specific targets. Botnets can range from a few hundred computers to networks made up of tens of thousands of zombies. They are believed to be at the root of a vast majority of cybercrime activities these days.

When it announced the first phase of Operation Bot Roast in June, the FBI said it had detected more than 1 million bot infected PCs and arrested three individuals for using botnets for everything from spamming to infecting hospital systems.

Friday's announcement summarised the successes of Phase II of Operation Bot Roast.

A spokesman from the FBI's national press office said that during the second phase of Bot Roast, the FBI once again had uncovered over a million bot-infested PCs that were being used for a variety of purposes including spamming, phishing and identity theft. The agency is currently working to see if it can identify the owners of the infected systems and notify them of the issue, he said. He added that it is not clear yet how many of the infected systems were in North America.

Among those netted in Phase II of Operation Bot Roast were:

— Ryan Brett Goldstein, 21 year-old native of Ambler, Pennsylvania, who was indicted on November 1 for using a botnet to cause a distributed denial-of-service attack against an unidentified Philadelphia area university. Court documents show that Goldstein, who used the online name of Digerati, was a student at the university and sought the help of an unidentified bot-herder to launch a DOS attack against an IRC group that had banned him from participating in it. In addition, Goldestein also got the bot owner to launch attacks against two other IRC groups and against a website.

— Adam Sweaney, 27, of Tacoma, Washington, who pleaded guilty on Sept. 24 to one felony fraud charge for leasing out bot-infected computers to others, who then used them to launch DOS attacks and for forwarding spam. Court documents shows that Sweaney also offered to sell 50 million email addresses for US$500 and promised takers an 87% delivery rate.

— Gregory King, 21, from Fairfield, California, was indicted in September by a federal grand jury on four counts of transmission of code to cause damage to a protected computer. King, who employed several online aliases including Silenz, Silenz420 and Gregk707, allegedly used botnets to carry out denial-of-service attacks against various companies including an anti-phishing website.

Aslo caught in the FBI sweep was John Schiefer, a former security researcher who admitted to hijacking a quarter of a million PCs with the intent to steal bank and PayPal account information and to plant adware on the compromised systems. Schiefer who was also known as "Acidstorm" and "Acid," was a former security consultant at 3G Communications in Los Angeles, and was the first to be charged under federal wiretap statutes for using a botnet.

Three of the individuals named in Friday's FBI's announcement were sentenced to prison terms ranging from 12 months to 42 months.

Friday's FBI announcement is sending the right message to bot-herders, said Dave Marcus, security researcher with McAfee's Avert Labs. "It tells them they can't hide, or they have to do a lot better at hiding themselves," going forward, Marcus said.

What's especially encouraging is the fact that the FBI appears to have garnered quite a bit of support from overseas law enforcement in its efforts, Marcus said. "I like the fact that search warrants were served in other countries," in connection with the FBI initiative, he said, "This crime is global in nature, it's not just a US-centric thing," he said.

According to the FBI spokesman, the support from overseas law enforcement has been "exceptional" so far. "It's absolutely necessary. We can't do these types of investigations without close cooperation from our international partners," he said.

"Since botnets are at the root of nearly all cybercrime activities that we see on the internet today, the significant deterrence value that arrests and prosecutions such as these provide cannot be underestimated."