Botnet Operator Sentenced to 37 Months in Prison
A California man whose online criminal ring hacked into hundreds of thousands of computers and disrupted operations at a U.S. hospital and several military installations was sentenced Friday to 37 months in prison for his crimes.
Christopher Maxwell, 21, of Vacaville had pleaded guilty to running a criminal hacking operation that used computer viruses to seed infected Microsoft Windows computers with adware that earned he and his co-conspirators more than $100,000 in commissions, according to a Justice Department complaint.
Maxwell had infiltrated computers in U.S. military installations around the globe, including the headquarters of the 5th Signal Command in Manheim, Germany; the Directorate of Information in Fort Carson, Colo.; the Navy Network Information Center in Pensacola, Fla.; the Navy Computer and Telecommunications Area Master Station, Central Europe, in Naples; the Defense Department's Bureau of Medicine and Surgery in South Carolina; the headquarters of the Commander in Chief, U.S. Pacific Command, in Hawaii; the Defense Investigative Service in Maryland; the U.S. Central Command at MacDill Air Force Base in Florida; and the Health Care Systems Support Activity in San Antonio.
The details of Maxwell's operations were remarkably similar to that of Jeanson James Ancheta, another 21-year-old Californian who in May was sentenced to an unprecedented four years and nine months in prison for hacking into millions of computers in order to generate adware commissions.
In that case, Anchetta admitted that he used Internet worms to seize control over a massive numbers of PCs running the Windows OS. He used those computers as an installataion base for online ad-serving software that netted him more than $61,000 and a BMW sports car. Ancheta also pleaded guilty to breaking into computers at the weapons division of the U.S. Naval Air Warfare Center in China Lake, Calif., and the Defense Information Systems Agency, causing roughly $15,000 worth of damage.
In both cases, the judges appeared eager to use the accused to send a strong message to other criminal hackers who might be involved in such activities. According to a Justice Department statement, the judge presiding over Maxwell's case said a prison sentence is necessary as "deterrence for all those youth out there who are squirreled away in their basements hacking."
While I wholeheartedly agree that these guys deserve the tough sentences they received, I wonder whether the sentences themselves will serve as much of a deterrent. For one thing, I know for a fact that there are still plenty of young criminal hackers engaging in this kind of activity; most are pretty careful to avoid infecting computers that appear to be located at certain types of online domains that might attract the worst kind of attention (such as those associated with the U.S. military and other parts of the federal government).
There is also relatively little chance that most of these guys will get caught -- especially if they reside outside of the United States, as many do. I see this problem as somewhat analogous to the illicit drug trade. There is just too much money to be made here (and with far, far less risk to life and limb), and no shortage of potential victims.
The math makes the profit motive plain to see. According to government documents, in just the first two weeks of February 2005, Maxwell and his buddies were able to infiltrate more than 629,000 computers. Most of the adware companies pay "affiliates" between 2 and 40 cents per piece of adware gets installed using a unique number that identifies the distributor. Assuming, for the sake of this example, that Maxwell could install adware on each of these hijacked machines at the lowest going rate, he stood to gain more than $12,500 from that install run. The government claims that overall, Maxwell made more than $30,000 total from installing adware on machined he'd hacked.
In February, I profiled a young man of the same age who was running an identical operation, getting paid by shady online marketing companies a few pennies for each piece of online ad-serving software he installed. This kid, who claims he has since retired from the business, told me he was making between $6,000 to $10,000 each month installing multiple pieces of adware on Windows computers he had hacked.
Posted by: hogboss | August 28, 2006 4:37 PM | Report abuse
Posted by: h3 | August 28, 2006 5:24 PM | Report abuse
Posted by: S. H. | August 28, 2006 5:30 PM | Report abuse
Posted by: Bk | August 28, 2006 5:31 PM | Report abuse
Posted by: DT | August 29, 2006 12:20 PM | Report abuse
Posted by: Pete from Arlington | August 29, 2006 1:03 PM | Report abuse
Posted by: Yen-lung Wong | August 29, 2006 3:04 PM | Report abuse
Posted by: tdb | August 30, 2006 8:17 PM | Report abuse
Posted by: Richard B. Britton Charlottesville | September 8, 2006 11:28 AM | Report abuse
Posted by: Richard B. Charlottesville | September 8, 2006 11:47 AM | Report abuse
Posted by: ecfica | September 15, 2006 12:20 PM | Report abuse
The comments to this entry are closed.