By MIKE BARBER
August 25, 2006
A 20-year-old California hacker who created a virus that jeopardized
patients at Northwest Hospital in Seattle, damaged computers at U.S.
military installations worldwide and affected thousands of others will
be sentenced today.
Federal prosecutors will ask U.S. District Judge Marsha Pechman to send
Christopher Maxwell to prison for six years.
Maxwell's lawyer will argue that only probation and community service is
warranted, according to court documents.
Defense attorney Steven Bauer cites Maxwell's lack of a criminal record
and maintains that he did not intend such an extensive spread of his
robot virus program, or "botnet" software.
The key issues at sentencing revolve around how much damage Maxwell
caused and how willfully he caused it.
Maxwell, of Vacaville, Calif., pleaded guilty in May to conspiracy and
intentionally damaging a protected computer. In a sentencing memorandum
filed Aug. 18, Assistant U.S. Attorney Kathryn Warma said Maxwell
"willfully and deliberately orchestrated a deliberate campaign of
worldwide computer network attacks" and profited from it.
Maxwell worked anonymously from his home but went to great lengths to
cover his tracks -- "secure, apparently in the belief that the many
steps he had taken to conceal his actions and identity would keep him
forever above the law," Warma wrote.
In addition to Northwest Hospital and 407 Defense Department locations,
investigators say Maxwell's virus took down computers at the Colton
(Calif.) Unified School District, rendering computer labs unusable for
students and staff, and requiring extensive repairs.
Overall, investigators have identified 441,000 computer systems hacked
by Maxwell's robot virus, including 104 country domains, 276 ".net"
domains, 128 ".com" domains, and 28 ".edu" domains. The virus was
planted between July 2004 and July 2005, federal investigators said.
But Bauer, in his pre-sentencing brief, stated that "it has appeared
that the government wants a poster boy for this offense and has selected
Mr. Maxwell to receive that privilege."
"There is no doubt that the defendant in this matter had the intent to
create the 'bot' and to launch it, but there is no evidence that he had
any intent to cause the specific harm which occurred as a result," Bauer
Bauer also claimed Maxwell would have stopped had he known how much
damage his botnet was causing. Bauer noted that Maxwell wants to make
restitution and already has sought to help out in a hometown hospital.
Warma said two unnamed youths who assisted Maxwell, both of whom live in
Texas, are still facing charges.
Botnets are sent over the Web to seek out computers with exploitable
security flaws. They are programmed, according to court documents, to
"do the bidding" of whoever is in control. They can receive commands,
perform functions and provide information back to the botnet creator but
also have a built-in feature to grow and spread to other computers.
Federal prosecutors previously have said that Maxwell and the youths
began by first compromising computer networks at California State
University, the University of Michigan and the University of
They then incorporated those systems into a 13,000-computer network, or
botnet, under Maxwell's control, prosecutors said.
Having created the botnet, they said, Maxwell admitted to remotely
installing adware and other unauthorized programs without the owners'
knowledge in order to obtain commissions from adware companies.
Adware causes advertisements to appear on an affected computer. Each
installation earns the installer a commission. Adware can be legally
bundled with products and sold with a consent understanding through a
Hackers, however, abuse the system by fraudulently taking money as an
affiliate, then hacking into computers without the permission of the
Court documents said Maxwell sought to maximize profits that ranged from
one cent to 20 cents "per install," making an estimated $100,000. He
worked at a local Wal-Mart and was a community college student at the
time, Warma said.
Northwest Hospital was compromised on Jan. 9, 2005. The hospital's
surgical, patient financing, information management, diagnostic imaging
and laboratory systems were affected. Operating room doors wouldn't
open, pagers were silenced, and computers in the intensive-care unit
The Defense Department independently pursued its own investigation
through the Joint Task Force-Global Network Operations. It alleges that
Maxwell created and published a page on the Internet in which he
"boasted" of getting paid by adware companies and urged visitors to
click links to make money the same way.
Botnets are the preferred method of Internet crooks and thieves, used
often for phishing schemes, illegal spamming, stealing passwords and
identities, and spreading pornography. Hackers can monitor users'
keystrokes and steal passwords, credit card information and other
Software and hardware computer firewalls, and anti-virus and
anti-spyware downloads are the best defenses against unauthorized
intrusions, and should be updated regularly, computer experts say.
1996-2006 Seattle Post-Intelligencer
HITBSecConf2006 - Malaysia
The largest network security event in Asia
32 internationally renowned speakers
7 tracks of hands-on technical training sessions.
Register now: http://conference.hitb.org/hitbsecconf2006kl/