In the first U.S. prosecution of its kind, a well-known member of the "botnet underground" was charged Friday with using botnets to steal the identities of victims across the country by extracting information from their personal computers and wiretapping their communications.
John Schiefer, 26, of Los Angeles, has agreed to plead guilty to four felony counts: accessing protected computers to conduct fraud, disclosing illegally intercepted electronic communications, wire fraud, and bank fraud. Schiefer faces a maximum sentence of 60 years in federal prison and a fine of $1.75 million.
The criminal information and plea agreement filed Friday in U.S. District Court in Los Angeles outlines a series of schemes in which Schiefer and several associates developed malicious computer code and distributed that code to vulnerable computers. Schiefer and the others used the illicitly installed code to assemble armies of up to 250,000 infected computers, which they used to engage in a variety of identity theft schemes. Schiefer also used the compromised computers to defraud a Dutch advertising company.
In his plea agreement, Schiefer acknowledged installing malware that acted as a wiretap on compromised computers. Because the users of those compromised computers were unaware that their computers had been turned into zombies, they continued to use their computers to engage in commercial activities, the court said.
Schiefer used the malware, which he called a "spybot," to intercept electronic communications being sent over the Internet from the zombie computers to PayPal and other Websites. Schiefer and the others sifted through the data to mine usernames and passwords, according to the court.
With PayPal usernames and passwords, they accessed bank accounts to make purchases without the consent of the true owners, the court said. Schiefer also acknowledged in the plea agreement that he transferred both the wiretapped communications and the stolen PayPal information to others.
It is the first time that someone has been charged under the U.S. federal wiretap statute for conduct related to botnets.
In another scheme, Schiefer installed malware on zombie computers running Microsoft operating systems, causing them to disgorge usernames and passwords from a secure storage area known as the PStore. Schiefer and his co-schemers caused the zombie computers to send that account access information to computers that Schiefer and his co-schemers controlled. Once again, Schiefer located PayPal usernames and passwords among this data and used that authentication information to access victim bank accounts.
Finally, Schiefer acknowledged defrauding an Internet advertising company with his botnets. He signed up as a consultant with a Dutch Internet advertising company and promised to install the company's programs on computers only when the owners gave consent. Instead, Schiefer and two co-schemers installed that program on approximately 150,000 computers that were infected with their malware.
To avoid detection by the advertising company, Schiefer instructed his associates to moderate the number of installations so it appeared they were legitimate and not the result of a malicious computer program that was propagating itself. Schiefer was ultimately paid more than $19,000 by the advertising company.
Schiefer has agreed to make an initial appearance in Los Angeles on November 28 and to be arraigned on December 3.
Have a comment on this story? Please click "Discuss" below. If you'd like to contact Dark Reading's editors directly, send us a message.