By Charles Piller
Times Staff Writer
May 9, 2006
A Downey man was sentenced to nearly five years in federal prison
Monday for using malicious software to seize control of 400,000
computers and then selling access to the "zombie" machines to spammers
Prosecutors said the 57-month sentence for Jeanson James Ancheta, 21,
was the longest ever handed down for spreading computer viruses. The
case also marked the first federal prosecution for using such hacking
methods for financial gain.
Ancheta pleaded guilty in January to selling access to so-called
botnet software that can remotely control computers to deliver spam
and orchestrate distributed denial-of-service attacks against
websites. Such attacks send overwhelming streams of requests to the
sites, causing them to shut down.
Ancheta advertised his botnets online under the heading "botz4sale."
"Your worst enemy is your own intellectual arrogance that somehow the
world cannot touch you on this," U.S. District Judge R. Gary Klausner
said at the sentencing hearing.
Ancheta also admitted to directing armies of infected computers to
download adware =97 malicious software that causes advertising messages
to appear on the user's screen and can harm affected computers.
He collected $107,000 in commissions from the advertising companies.
Ancheta used an elaborate subterfuge to hide his actions from the
victims and from the companies whose messages were displayed on their
computers, said Assistant U.S. Atty. James M. Aquilina.
Ancheta also was ordered to pay $15,000 in restitution to the Naval
Air Warfare Center in China Lake and the Defense Information Systems
agency, whose computers were compromised by the botnet attacks.
"Every conviction raises the barrier to entry for these guys," said
Scott Weiss, CEO of IronPort Systems in San Bruno, Calif., which
produces anti-spam software.
But, he predicted, such crimes would remain common.
"Most of these bot networks are not being run from suburban L.A.,"
Weiss said. "They hire guys in places like Ukraine where the long arm
of the law doesn't reach as easily."
Attend the Black Hat Briefings and
Training, Las Vegas July 29 - August 3
2,500+ international security experts from 40 nations,
10 tracks, no vendor pitches.