Jeanson James Ancheta was arrested on charges of infecting almost 400,000 computers operated by the U.S. military and others with Trojan horses and adware.
Among the computers he attacked were some at the Weapons Division of the U.S. Naval Air Warfare Center in China Lake, California, and at the U.S. Department of Defense.
Ancheta, 20, who prosecutors say was a well-known member of the "Botmaster Underground" — or the secret network of computer users skilled at bot attacks — was taken into custody after FBI agents called him into their offices to pick up two computers that had been seized in December 2004.
According to the feds, Ancheta built his botnet by infecting thousands of computers with a variant of the rxbot Trojan horse, which caused the computers to become part of the bot network without the knowledge or consent of their owners.
The botnets, each with thousands of Internet-connected computers, then reported to an Internet Relay Chat channel Ancheta controlled, prosecutors allege.
In a separate IRC channel, Ancheta allegedly advertised the sale of his botnets for spam purposes -- thereby illegally profiting from his crime -- or for launching denial-of-service attacks.
After receiving payment from customers, Ancheta would allegedly give customers control of enough botnets to accomplish their specified task, along with an instruction manual, according to prosecutors.
He is also accused of allowing advertising software (adware) to be downloaded onto the infected computers that were part of his botnet armies.
Prosecutors say Ancheta was an affiliate of several different advertising service companies, which paid him a commission based on how many computers he infected with so-called adware.
"With one command he could redirect thousands of computers to another server he controlled, and instruct those infected computers to pick up or receive the modified adware," said prosecutors.
From June 2004 to June 2005, Ancheta allegedly made about $60,000 in commissions by surreptitiously installing a modified adware program, known as a "clicker," on the infected PCs. The payments came from adware companies including Gammacash.com and Loudcash.com (now known as Zango), which pay a fee to affiliates for referring traffic or getting Internet users to install their adware.
Ancheta also allegedly made around $3,000 by renting out bots to spammers or people who wanted to perform denial-of-service attacks.
According to the indictment, Ancheta at one point told an associate, "it's immoral, but the money makes it right."
Ancheta faces a 17-count federal indictment that charges him with conspiracy, attempted transmission of code to a protected computer, transmission of code to a government computer, accessing a protected computer to commit fraud and money laundering. If convicted on all counts, Ancheta could face 50 years in prison.
U.S. Attorney's spokesman Thom Mrozek said the prosecution was unique because, unlike in previous cases, Ancheta was accused of profiting from his attacks, by selling other hackers access to his botnets.
"Normally what we see in these cases, where people set up these bot systems to do, say, denial of service attacks, they are not doing it for profit, they are doing it for bragging rights," Mrozek said. "This is the first case in the nation that we're aware of where the guy was using various bot nets in order to make money for himself."
E-mail this story
Printer-friendly version 
Bookmark this page