AOH :: ISN-2913.HTM

Hacker faces prison for PC attacks

Hacker faces prison for PC attacks
Hacker faces prison for PC attacks 

August 25, 2006

A 20-year-old California hacker who created a virus that jeopardized 
patients at Northwest Hospital in Seattle, damaged computers at U.S. 
military installations worldwide and affected thousands of others will 
be sentenced today.

Federal prosecutors will ask U.S. District Judge Marsha Pechman to send 
Christopher Maxwell to prison for six years.

Maxwell's lawyer will argue that only probation and community service is 
warranted, according to court documents.

Defense attorney Steven Bauer cites Maxwell's lack of a criminal record 
and maintains that he did not intend such an extensive spread of his 
robot virus program, or "botnet" software.

The key issues at sentencing revolve around how much damage Maxwell 
caused and how willfully he caused it.

Maxwell, of Vacaville, Calif., pleaded guilty in May to conspiracy and 
intentionally damaging a protected computer. In a sentencing memorandum 
filed Aug. 18, Assistant U.S. Attorney Kathryn Warma said Maxwell 
"willfully and deliberately orchestrated a deliberate campaign of 
worldwide computer network attacks" and profited from it.

Maxwell worked anonymously from his home but went to great lengths to 
cover his tracks -- "secure, apparently in the belief that the many 
steps he had taken to conceal his actions and identity would keep him 
forever above the law," Warma wrote.

In addition to Northwest Hospital and 407 Defense Department locations, 
investigators say Maxwell's virus took down computers at the Colton 
(Calif.) Unified School District, rendering computer labs unusable for 
students and staff, and requiring extensive repairs.

Overall, investigators have identified 441,000 computer systems hacked 
by Maxwell's robot virus, including 104 country domains, 276 ".net" 
domains, 128 ".com" domains, and 28 ".edu" domains. The virus was 
planted between July 2004 and July 2005, federal investigators said.

But Bauer, in his pre-sentencing brief, stated that "it has appeared 
that the government wants a poster boy for this offense and has selected 
Mr. Maxwell to receive that privilege."

"There is no doubt that the defendant in this matter had the intent to 
create the 'bot' and to launch it, but there is no evidence that he had 
any intent to cause the specific harm which occurred as a result," Bauer 

Bauer also claimed Maxwell would have stopped had he known how much 
damage his botnet was causing. Bauer noted that Maxwell wants to make 
restitution and already has sought to help out in a hometown hospital.

Warma said two unnamed youths who assisted Maxwell, both of whom live in 
Texas, are still facing charges.

Botnets are sent over the Web to seek out computers with exploitable 
security flaws. They are programmed, according to court documents, to 
"do the bidding" of whoever is in control. They can receive commands, 
perform functions and provide information back to the botnet creator but 
also have a built-in feature to grow and spread to other computers.

Federal prosecutors previously have said that Maxwell and the youths 
began by first compromising computer networks at California State 
University, the University of Michigan and the University of 
California-Los Angeles.

They then incorporated those systems into a 13,000-computer network, or 
botnet, under Maxwell's control, prosecutors said.

Having created the botnet, they said, Maxwell admitted to remotely 
installing adware and other unauthorized programs without the owners' 
knowledge in order to obtain commissions from adware companies.

Adware causes advertisements to appear on an affected computer. Each 
installation earns the installer a commission. Adware can be legally 
bundled with products and sold with a consent understanding through a 
license agreement.

Hackers, however, abuse the system by fraudulently taking money as an 
affiliate, then hacking into computers without the permission of the 
computer owner.

Court documents said Maxwell sought to maximize profits that ranged from 
one cent to 20 cents "per install," making an estimated $100,000. He 
worked at a local Wal-Mart and was a community college student at the 
time, Warma said.

Northwest Hospital was compromised on Jan. 9, 2005. The hospital's 
surgical, patient financing, information management, diagnostic imaging 
and laboratory systems were affected. Operating room doors wouldn't 
open, pagers were silenced, and computers in the intensive-care unit 
shut down.

The Defense Department independently pursued its own investigation 
through the Joint Task Force-Global Network Operations. It alleges that 
Maxwell created and published a page on the Internet in which he 
"boasted" of getting paid by adware companies and urged visitors to 
click links to make money the same way.

Botnets are the preferred method of Internet crooks and thieves, used 
often for phishing schemes, illegal spamming, stealing passwords and 
identities, and spreading pornography. Hackers can monitor users' 
keystrokes and steal passwords, credit card information and other 
confidential data.

Software and hardware computer firewalls, and anti-virus and 
anti-spyware downloads are the best defenses against unauthorized 
intrusions, and should be updated regularly, computer experts say.

1996-2006 Seattle Post-Intelligencer

HITBSecConf2006 - Malaysia 
The largest network security event in Asia 
32 internationally renowned speakers 
7 tracks of hands-on technical training sessions. 
Register now: 

Site design & layout copyright © 1986-2014 CodeGods