Botnet Hacker Pleads Guilty, Faces Prison

A computer hacker responsible for creating armies of computers to launch Internet-based attacks and selling those "botnets" to spammers and other miscreants pleaded guilty Monday to federal criminal charges in Los Angeles, according to a prosecutor with the U.S. Attorney’s Office.

Jeanson James Ancheta pleaded guilty in a U.S. District Court in Los Angeles to four felony charges and could face from five to 25 years in prison, said James Aquilina, assistant U.S. attorney with the cyber and intellectual property crimes section of the U.S. Attorney’s Office.

The case is the first time in the U.S. that a hacker has been convicted not only for creating and spreading malicious code but also for making money from it, Aquilina said.

A sentencing hearing for Ancheta has been scheduled for May 1 in the U.S. District Court of California, Central Division. Judge R. Gary Klausner is presiding over the case and must approve the plea agreement.

Last November the U.S. Federal Bureau of Investigation arrested 20-year-old Ancheta, whom they believe to be part of a "botmaster underground" that seizes control of computers to and sells those computer armies to people who want to commit cybercrimes.

Ancheta pleaded guilty to two counts of conspiracy, one for selling botnets that were used to launch Internet-based attacks and send spam, and the other for directing botnets to adware servers that downloaded adware surreptitiously to the hijacked systems, Aquilina said.

Ancheta made about a profit of about US$3,000 from selling botnets, and about $60,000 from the adware scam, Aquilina said.

The hacker also pleaded guilty to government intrusion for breaking into computers at both the Weapons Division of the United States Naval Air Warfare Center in China Lake, California, and the Defense Information Systems Agency (DISA), a component of the U.S. Department of Defense. The last count in the guilty plea is computer fraud, for accessing computers without authorization with the intent of profiting from it, Aquilina said.

Under the terms of the plea agreement, which was entered on Friday, Ancheta must surrender more than $58,000 in profits and give up a BMW he purchased with money from illegal activity, as well as computers and other evidence seized in the investigation, Aquilina said. In addition, Ancheta has agreed to pay the U.S. government restitution of about $20,000 for infecting computers at China Lake and at DISA, the attorney said.

By Elizabeth Montalbano - IDG News Service (San Francisco Bureau)

Copyright © 2006 IDG Communications, Inc.

7 hot cybersecurity trends (and 2 going cold)