Botmasters herded up by the FBI

Last week the newspapers were full of stories about the teenager arrested in New Zealand, accused of heading up an international hacking ring that broke into millions of computers around the world.  The arrest came about following the successful co-operation between the FBI and the crime-fighting authorities in New Zealand and The Netherlands. 

What some commentators may have missed, however, is that this arrest is just part of an ongoing battle against the bot herders – those hackers who can control hundreds of thousands of PCs around the world, like master-puppeteers, for the purposes of spamming, identity theft, installing adware, and distributed denial-of-service (DDoS) attacks.

At the same time as news broke of the Kiwi arrest, the FBI announced the results of the latest phase of their continuing investigation into the criminal use of botnets.

According to the FBI, it has recorded more than one million victim computers that have been turned into ‘network robots’, and uncovered more than $20 million in economic losses.

Individuals identified by the FBI operation, dubbed “Bot Roast II”, include:

  • 21-year-old Ryan Brett Goldstein, of Ambler, Pennsylvania.  Goldstein was indicted on 1 November 2007 for using a botnet to launch a DDoS attack against a major Philadelphia area university.
  • 27-year-old Adam Sweaney, of Tacoma, Washington.  Pled guilty on 24 September 2007.  Gained control of hundreds of thousands of compromised computers, and used them to launch spam campaigns and DDoS attacks.
  • Florida resident Robert Matthew Bentley, of Panama City, was indicted on 27 November 2007 for his involvement in botnet-related activity involving coding and adware schemes.
  • 38-year-old Alexander Dmitriyevich Paskalov was sentenced to 42 months in prison on 12 October 2007, for his part in a phishing operation that targeted a major Midwest financial institution.  According to the FBI this scheme resulted in multi-million dollar losses.
  • 21-year-old Azizbek Takhirovich Mamadjanov, a resident of Florida, was sentenced in June 2007 to 24 months in prison for his part in the same Midwest bank phishing scheme.
  • 26-year-old John Schiefer, of Los Angeles, California, plead guilty on 8 November 2007 and faces up to 60 years in jail.  Schiefer used malware to intercept internet communications, steal usernames and passwords and defraud businesses.  With the information he then bought goods for himself.
  • 21-year-old Gregory King, of Fairfield, California, was indicted on 27 September 2007 on four counts of transmission of code to cause damage to a protected computer. King is alleged to have launched DDoS attacks against various companies including a firm which combats phishing and malware.
  • 24-year-old Jason Michael Downey, of Dry Ridge, Kentucky, was sentenced on 23 October 2007 to 12 months in prison.  Downey operated a large botnet that conducted numerous DDoS attacks. 

There is little doubt that computer criminals have the ability to make a lot of money from their botnet activities, and there are probably plenty of hackers who have – so far – avoided identification by the authorities.

The message to home users and businesses alike is to securely defend their secure defenses.  Up-to-date anti-virus software, firewalls, and security patches are a must.  Proactive protection against zero-day attacks and network access control are also invaluable.