Zombie master Jeanson Ancheta pleads guiltyJanuary 23, 2006
Jeanson James Ancheta of Downey, Calif., pleaded guilty in U.S. District Court in Los Angeles to seizing control of hundreds of thousands of Internet-connected computers and renting the zombie network to people who used it to send out spam. Under a plea agreement, which must be approved by a judge, Ancheta must serve four to six years in prison, forfeit a 1993 BMW and more than $58,000 in profit.
He must also pay restitution of $15,000 US to the U.S. federal government for infecting the military computers.
Among the computers he attacked were some at the Weapons Division of the U.S. Naval Air Warfare Center in China Lake, California, and at the U.S. Department of Defense.
Ancheta, 20, who prosecutors say was a well-known member of the "Botmaster Underground" — or the secret network of computer users skilled at bot attacks — was taken into custody after FBI agents called him into their offices to pick up two computers that had been seized in December 2004.
Prosecutors said the case is the first to target profits derived from use of "botnets," the term used to describe large numbers of infected computers that work in unison to attack websites, send spam and carry out other tasks.
A November indictment charged Ancheta with 17 counts of conspiracy, fraud and other crimes connected to a 14-month hacking spree that started in June 2004 and that authorities say continued even after FBI agents raided his house the following December.
According to the indictment, Ancheta at one point told an associate, "it's immoral, but the money makes it right."
During the court hearing, Ancheta admitted using computer servers he controlled to transmit malicious code over the Internet to scan for and exploit vulnerable computers. Ancheta caused thousands of the compromised computers to be directed to a channel in Internet Relay Chat which he controlled, to scan for other computers vulnerable to similar infection, and to remain "zombies" vulnerable to further unauthorized accesses.
Ancheta further admitted that, in more than 30 separate transactions, he earned approximately $3,000 by selling access to his botnets to other computer users for the purpose of launching distributed denial of service (DDOS) attacks and sending unsolicited commercial email, which is commonly called spam. Ancheta acknowledged specifically discussing with those who leased his botnets the nature and extent of the DDOS attacks or proxy spamming they were interested in conducting. Ancheta suggested the number of bots or proxies they would need to accomplish the specified acts, tested the botnets with them to ensure that the DDOS attacks or proxy spamming were successfully carried out, and advised them on how to properly maintain, update and strengthen their purchased armies.
In relation to the computer fraud count, Ancheta admitted generating roughly $60,000 in advertising affiliate proceeds by directing more than 400,000 infected computers that were part of his botnet armies to other computer servers he controlled where adware he had modified would surreptitiously download onto the zombies. By varying the download times and rates of the adware installations, as well as by redirecting the compromised computers between various servers equipped to install different types of modified adware, Ancheta avoided detection by the advertising affiliate companies who paid him for every install. Ancheta further admitted using the advertising affiliate proceeds he earned to pay for, among other things, the multiple servers he used to conduct his illegal activity.
In addition to his guilty pleas to the criminal charges, Ancheta agreed to pay roughly $15,000 in restitution to the Weapons Division of the United States Naval Air Warfare Center in China Lake and the Defense Information Systems Agency, whose national defense networks were intentionally damaged by Ancheta's malicious code. Ancheta also stipulated to the forfeiture of all of the proceeds of his illegal activity, including more than $60,000 in cash, a BMW automobile and computer equipment.
Ancheta is scheduled to be sentenced by U.S. District Judge R. Gary Klausner on May 1. At sentencing, the defendant faces a statutory maximum sentence of 25 years in prison.
This case was investigated by the Los Angeles Field Office of the Federal Bureau of Investigation, which received assistance from the Southwest Field Office of the Naval Criminal Investigative Service and the Western Field Office of the Defense Criminal Investigative Service.
"Part of what's most troubling about those who commit these kinds of offenses is they think they'll never be caught," said Assistant U.S. Attorney James M. Aquilina, who spent more than a year investigating Ancheta and his online associates.
May 8, 2006 Zombie master Jeanson Ancheta sentenced to 5 years in prison
Alleged zombie master arrested
Zombies getting harder to find
Organized crime offers rent-a-zombie deals