A 20-year-old man who seized control of hundreds of thousands of zombie computers, using them to display cash-generating adverts and renting them out to hackers to send spam campaigns and launch denial of service (DoS) attacks has pleaded guilty to several counts of conspiracy in a California court.
Jeanson James Ancheta, from Downey, Cal., profited by installing adware on a network of zombie computers. According to prosecutors, some of the computers attacked were at the Weapons Division of the U.S. Naval Air Warfare Center in China Lake, Cal., and at the U.S. Department of Defense.
Ancheta made over $60,000 from installing adware on the zombie computers, using the profits to pay for computer servers to carry out additional attacks. He also used the money to buy expensive clothes and a luxury BMW car. Ancheta also had a side business selling access to the zombie network to spammers, who used the third-party computers to launch spam campaigns and distributed denial of service (DDoS) attacks.
"There are a number of ways in which zombie botnets can generate healthy profits for hackers - they can install advertising pop-ups which generate income through affiliate schemes, rent out the network for hackers who wish to blackmail websites with DDoS attacks, or use them to steal information or pump out spam campaigns," said Graham Cluley, senior technology consultant for Sophos. "Hackers engaged in these kind of activities are guilty of a serious crime, and should be punished accordingly."
Others also welcomed the news.
"Those who actively target businesses and computer users with malicious activities will not get away with it," warns James Rendell, senior technology specialist at Internet Security Systems.
"Not only is it reassuring to see the U.S. government prosecuting his 20-year old where he actively targeted thousands of computer systems and infected them with malicious software for his own financial gain, but it also shows the seriousness of this crime spree," he said.
Last November, Ancheta was arrested by FBI agents who believed the man to be part of a "botnet underground".
Ancheta is likely to face up to six years in prison for his crimes, and will forfeit the profits made, including his luxury car.
Sentencing has been scheduled for early May. Judge R. Gary Klausner is presiding and must approve the plea agreement.