Network News

X My Profile
View More Activity

Botmaster Sentenced to 57 Months in Prison

A 21-year-old California man was sentenced today to 57 months in prison for hacking into hundreds of thousands of computers and renting the network of hacked PCs out to spyware companies and to people who used the network to send spam and launch crippling attacks against Web sites.

Jeanson James Ancheta of Downey, Calif., admitted that he used Internet worms to seize control over a massive numbers of PCs running the Windows OS. He used those computers as an install base for online ad-serving software that netted him more than $61,000 and a BMW sports car.

Ancheta also pleaded guilty to breaking into computers at the weapons division of the U.S. Naval Air Warfare Center in China Lake and the Defense Information Systems Agency, causing roughly $15,000 worth of damage.

According to the indictment, Ancheta made about $3,000 renting out portions of his zombie network to spammers and other criminals, usually in increments of 10,000 hacked machines at a time.

This case represents a big "win" for the U.S. Justice Department, which billed it as "the first prosecution of its kind in the nation." Ancheta was in the exact same line of work as 0x80, the hacker I followed for a story I wrote for The Washington Post Sunday Magazine on botmasters and their role in the distribution of adware and spyware.

James Aquilina, the assistant US attorney who prosecuted Ancheta on behalf of the federal government, called it the longest sentence ever handed down for a case involving the spreading of computer viruses.

The Ancheta indictment document (which, while at 50+ pages is a bit long, contains some very interesting details about this case) also names an unindicted co-conspirator in Boca Raton, Fla., who goes by the online screen name "SoBe."

I first encountered SoBe online during the course of reporting another story on ShadowServer, a group of security experts who dedicate much of their free time to tracking down guys like SoBe and Ancheta. In fact, SoBe said he was introduced to the ShadowServer guys after reading my story.

I recorded SoBe's first visit to the ShadowServer Internet relay chat (IRC) channel, shortly after that story ran. Looking through all of the IRC logs from that channel that I recorded while reporting that story, it is clear SoBe was fascinated with the guys at ShadowServer, at points taunting and at other times sharing some very personal information about how he did his hacking and samples of the custom malware he used to enlist new victim PCs into his botnet.

Assistant US attorney Aquilina said he hopes the unprecedented sentencing sends a strong message to other botmasters and malicious young hackers.

"A lot of people thought [Ancheta] would simply get a slap on the wrist and never get any real jail time," Aquilina said. "My hope is that this sentence will deter others from using botnets to commit crimes, especially the youthful ones who commit these crimes and think they're immune from prosecution, that they'll never get caught."

By Brian Krebs  |  May 8, 2006; 6:30 PM ET
Categories:  Fraud  
Save & Share:  Send E-mail   Facebook   Twitter   Digg   Yahoo Buzz   StumbleUpon   Technorati   Google Buzz   Previous: Ransomware Rising
Next: Microsoft Issues Three Security Updates


He shouldn't get 57 months for a non-violent crime. Its the industries fault for not building more security against hackers. He's doing the industry a favor by making sure they tighten up their software flaws.

Posted by: Smart Guy | May 8, 2006 6:53 PM | Report abuse

If I where to break the window in your car and steal your car, would you blame the glass manufacturer for making weak glass? Is 57 months a harsh punishment? I do believe it is. I think a better punishment would be free lifetime tech support to the unfortunate computer owners that where infected. Computer intrusions are crimes, and just like crimes it will never be completely eradicated.

Posted by: J | May 8, 2006 7:24 PM | Report abuse

Smart Guy:

One thing people forget is how many systems the person broke into. How about being put in jail one day for each computer? hmm...That might be longer I guess. People seem to lump in a botnet with just a single entity but this is not the case. Botnets are sometimes comprised of several thousand (and more) individual systems that have been broken into in some way.

And I wondered where SoBe went. :)

Posted by: David Taylor | May 8, 2006 9:14 PM | Report abuse

You play, you pay.

It's not the PC owner's fault that Windoze built such a shoddy OS. This guy is just like the others who try to scheme and connive their way into easy money. Not much different than a Wall Street embezzler, except that he probably can't get as many chicks.

Posted by: Dr Techie | May 9, 2006 12:19 PM | Report abuse

Mr. Botnet is getting what he deserves:

I think the judge spoke to his help desk and then ran a scan of his own work and home PCs' with an anti-spyware scanner. Or read the archived portion of Security Fix. Either way, he probably realized just how bad the problem is.

I hope Ancheta is sent to Supermax.

Posted by: Ken L | May 9, 2006 2:56 PM | Report abuse

Weld the door shut on that little prick. He should have every one of his fingers chopped off at the first knuckle.

He got off easy, even with multiple repeated sphincter stretchings figured in.

Posted by: Henry | May 9, 2006 5:42 PM | Report abuse

Making a list of security holes in your system and giving it to you can be considered a service.

Exploiting them massively for his own gain is something entirely different.

Posted by: David | May 10, 2006 12:39 AM | Report abuse

Finally they start to prosecute these guys, the amount of damage is big. I agree with that they can cause very severe stress and even trigger suicides etc.. They think that they are smart, but they are nothing less than criminals. He got away to easy, considering the massive amount of break in, if you make 6,000 burgleries? Good that he will serve time, unfortunatlly it will probably not be served in full. -:((

Posted by: oldtimer | May 10, 2006 5:43 AM | Report abuse

Thank goodness something is finally being done about these miscreants who appear to be running wild over us and our electronic properties. I applaud the efforts of the prosecutors. Let's see more of the same, after all, there's plenty more where this guy came from.

BTW, don't ever tick off Henry (see above).

Posted by: Pete in Arlington | May 12, 2006 11:11 AM | Report abuse

short of cutting off your internet connection there is always going to be a security risk for a computer to be attacked/hacked.

The comment made about the industry while has some merit, is a little bit shortsighted. However, the comment posted by David hit the issue right on the head. While people like Ancheta may indeed help the industry pay more attention to security, the question is at what price. This guy had the intention of deviously manipulating other people's property for his own self gain, moreover his manipulation could cause other with worst intentions to possiblily inflict greater damage to these victim's financial and personal security and privacy, which is a right everyone has in this country.

Is 57 months to harsh? I don't think so, for as many computers he infected and in turn the number people affected. Not to mention according to the US Sentencing Commission the median length of robbery sentences is 71.0 in 2003. I choose robbery because essential this is what he is doing, taking privacy and security away from individuals without permission (regardless of force).

Posted by: another point | May 12, 2006 12:13 PM | Report abuse

The comments to this entry are closed.

RSS Feed
Subscribe to The Post

© 2010 The Washington Post Company