Jeanson James Ancheta, 20, of Downey, California pleaded guilty
to charges of conspiring to violate the Computer Fraud Abuse Act,
conspiring to violate the CAN-SPAM Act, causing damage to computers
used by the federal government in national defence, and accessing
protected computers without authorisation to commit fraud.
It is thought to be the first time that someone has been
prosecuted for profiting from the use of botnets.
According to prosecutors, Ancheta admitted using computer
servers to transmit malicious code over the internet to scan for
and exploit vulnerable computers. Thousands of these compromised
computers were then directed to a channel in Internet Relay Chat
controlled by Ancheta, where they were instructed to scan for other
computers vulnerable to similar infection, and to remain "zombies"
vulnerable to further unauthorised accesses.
Ancheta further admitted that, in more than 30 separate
transactions, he earned approximately $3,000 by selling
access to his botnets to other computer users wishing to
launch distributed denial of service (DDoS) attacks or to send
spam.
Ancheta acknowledged discussing with customers the nature and
extent of the DDoS attacks or proxy spamming they were interested
in conducting. He suggested the number of bots or proxies they
would need to accomplish the specified acts, tested the botnets
with them to ensure that the DDoS attacks or proxy spamming were
successfully carried out, and advised on how to properly maintain,
update and strengthen the purchased armies.
On the computer fraud count, Ancheta admitted generating roughly
$60,000 in advertising affiliate proceeds by
directing more than 400,000 infected computers to computer servers
where modified adware would surreptitiously download onto the
zombies.
Ancheta hid his actions from the advertising affiliate companies
by varying the download times and rates of the adware
installations, as well as by redirecting the compromised computers
between various servers equipped to install different types of
modified adware.
Ancheta further admitted using the advertising affiliate
proceeds he earned to pay for, among other things, the multiple
servers he used to conduct his illegal activity.
According to prosecutors, Ancheta agreed to pay roughly
$15,000 in restitution to the Weapons Division of
the United States Naval Air Warfare Center in China Lake and the
Defense Information Systems Agency, whose national defence networks
were intentionally damaged by Ancheta’s malicious code.
Ancheta also agreed to hand over all of the proceeds of his
illegal activity, including more than $60,000 in cash, a
BMW automobile and computer equipment.
Sentencing is scheduled for 1st May. Ancheta faces up
to 25 years in prison.
