Menu
True crime: The botnet barons

True crime: The botnet barons

Two weeks ago, the feds revealed the names of eight people who had used botnets to engage in nefarious activity. Here are their stories

When federal agents announced on November 29 that they'd indicted or convicted eight individuals accused of using botnets (networks of computers infected with Trojan horse applications) to engage in criminal activity, the press release barely explained the nature and extent of the men's crimes -- or the investigations that led to arrests in an operation the FBI and other law enforcement agencies have termed Bot Roast II.

When InfoWorld decided to dig a little deeper, we found that the motivations of each perpetrator were far richer, and the nature of the crimes more complex, than a simple rundown of their rap sheets could express.

In fact, the eight Bot Roast II criminals committed a broad range of online crimes, which together make up a representative sample of motives and patterns common to these kinds of crimes. The following story is our attempt to profile the people behind the crimes.

The Perp: Adam Sweaney Pleaded guilty to: felony fraud and computer crimes, Plea date: September 24, 2007

Sweaney, a 27-year-old computer technician from Tacoma, Wash., seems to have started out on the side of the good guys. In Internet postings to the Yahoo Answers message board, a man who signed his messages "Adam Sweaney, Tacoma PC Repair" appeared to help computer users with their problems relating to worms and malware. But at some point, Sweaney switched allegiances to the Dark Side. From as early as May 2006 and for nearly a year, Sweaney was infecting PCs with Trojan horses that built a botnet he later used to transmit spam messages on behalf of others.

Court papers filed by the USAttorney prosecuting the case say that Sweaney's goal was to earn money by leasing out access to the botnet (which he called "proxies"), a common business practice for bot-herders. He advertised his proxies on message boards where spammers and bot-herders made business deals, boasting of his spamming prowess with posts such as "last month sents 50 million gi domains, delivery 87% price US$500.00 Also still have full FTP server setup with lots of data ... plus updated last weekend with some fresh files/shyt." For just US$500, you could hire Sweaney to send 50 million spams, 87 percent of which were guaranteed to make it to live e-mail accounts.

In July, 2006, an FBI undercover agent contacted Sweaney posing as a spammer interested in his offerings. Sweaney gave the agent free access to the botnet for 20 minutes, then engaged the agent in a discussion of what services were available, including a list of 18 million Hotmail e-mail addresses he was selling for US$10 for each million addresses. The agent bought those addresses, as well as 14 million Yahoo addresses, and access to the botnet for a period of two weeks. In the course of the investigation, the FBI discovered that one of the bot-infected computers belonged to the Justice Department's Antitrust Division in Washington, DC.

The Perp: Gregory King Indicted for: four counts of "transmission of code to cause damage to a protected computer", Indictment date: Sept. 27, 2007

Among the people happy to hear about Greg King's indictment were the operators of two Web sites, Killanet and Castlecops, which King repeatedly attacked using his botnet. The latter site, a clearinghouse for information about malware, botnets, and spammers, was subjected to a massive distributed denial-of-service attack in February 2007. But let's not get ahead of ourselves.

The owners of the Web sites that the 21-year-old King harassed alleged in court filings that he engaged in a campaign of harassment, intimidation, threats, and finally massive DDoS attacks. Using the online monikers Silenz and GregK to taunt his victims in brazen online posts of threats and links to porn sites in IRC chat channels and message boards, he launched repeated attacks on Killanet, a Web site aimed at children and teenagers, dating back to June 2004 and continuing through October 2006. According to published news reports, King's motivation was revenge for perceived slights.

King had no interest in subtlety or in masking where his attacks originated from, and reportedly even dropped hints as to his real-life identity. He controlled his botnet from his parents' home in Fairfield, Calif., as well as from a nearby library, a McDonalds, and from a Best Buy store near his home.

In February 2007, King used his botnet to DDoS the servers used by Castlecops for five continuous days. The motivation for the attack: Castlecops moderators had deleted or modified some of King's more vitriolic posts to the message board. "If you edit my post once more, you will be sorry," King wrote in a post on February 13th. Four minutes later he was banned from the message board. That night, King launched his attack.


Follow Us

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

Featured

Slideshows

Meet the leading female front runners of the Kiwi channel

Meet the leading female front runners of the Kiwi channel

Reseller News honoured the leading female front runners of the New Zealand channel at the 2018 Women in ICT Awards (WIICTA) in Auckland. The awards honoured standout individuals across seven categories, spanning Entrepreneur; Innovation; Rising Star; Shining Star; Community; Technical and Achievement.

Meet the leading female front runners of the Kiwi channel
Meet the top performing customer-centric Microsoft channel partners

Meet the top performing customer-centric Microsoft channel partners

Microsoft honoured leading partners across the channel following a year of customer innovation and market growth in New Zealand. The 2018 Microsoft Partner Awards recognised excellence within the context of the end-user, spanning a host of emerging and established providers.

Meet the top performing customer-centric Microsoft channel partners
Reseller News launches new-look Awards at 2018 Judges’ Lunch

Reseller News launches new-look Awards at 2018 Judges’ Lunch

Introducing the Reseller News Innovation Awards, launched to the channel at the 2018 Judges’ Lunch in Auckland. With more than 70 judges now part of the voting panel, the new-look awards will reflect the changing dynamics of the channel, recognising excellence across customer value and innovation - spanning start-ups, partners, distributors and vendors.

Reseller News launches new-look Awards at 2018 Judges’ Lunch
Show Comments