True crime: The botnet barons

Two weeks ago, the feds revealed the names of eight people who had used botnets to engage in nefarious activity. Here are their stories

When federal agents announced on November 29 that they'd indicted or convicted eight individuals accused of using botnets (networks of computers infected with Trojan horse applications) to engage in criminal activity, the press release barely explained the nature and extent of the men's crimes -- or the investigations that led to arrests in an operation the FBI and other law enforcement agencies have termed Bot Roast II.

When InfoWorld decided to dig a little deeper, we found that the motivations of each perpetrator were far richer, and the nature of the crimes more complex, than a simple rundown of their rap sheets could express.

In fact, the eight Bot Roast II criminals committed a broad range of online crimes, which together make up a representative sample of motives and patterns common to these kinds of crimes. The following story is our attempt to profile the people behind the crimes.

The Perp: Adam Sweaney Pleaded guilty to: felony fraud and computer crimes, Plea date: September 24, 2007

Sweaney, a 27-year-old computer technician from Tacoma, Wash., seems to have started out on the side of the good guys. In Internet postings to the Yahoo Answers message board, a man who signed his messages "Adam Sweaney, Tacoma PC Repair" appeared to help computer users with their problems relating to worms and malware. But at some point, Sweaney switched allegiances to the Dark Side. From as early as May 2006 and for nearly a year, Sweaney was infecting PCs with Trojan horses that built a botnet he later used to transmit spam messages on behalf of others.

Court papers filed by the USAttorney prosecuting the case say that Sweaney's goal was to earn money by leasing out access to the botnet (which he called "proxies"), a common business practice for bot-herders. He advertised his proxies on message boards where spammers and bot-herders made business deals, boasting of his spamming prowess with posts such as "last month sents 50 million gi domains, delivery 87% price US$500.00 Also still have full FTP server setup with lots of data ... plus updated last weekend with some fresh files/shyt." For just US$500, you could hire Sweaney to send 50 million spams, 87 percent of which were guaranteed to make it to live e-mail accounts.

In July, 2006, an FBI undercover agent contacted Sweaney posing as a spammer interested in his offerings. Sweaney gave the agent free access to the botnet for 20 minutes, then engaged the agent in a discussion of what services were available, including a list of 18 million Hotmail e-mail addresses he was selling for US$10 for each million addresses. The agent bought those addresses, as well as 14 million Yahoo addresses, and access to the botnet for a period of two weeks. In the course of the investigation, the FBI discovered that one of the bot-infected computers belonged to the Justice Department's Antitrust Division in Washington, DC.

The Perp: Gregory King Indicted for: four counts of "transmission of code to cause damage to a protected computer", Indictment date: Sept. 27, 2007

Among the people happy to hear about Greg King's indictment were the operators of two Web sites, Killanet and Castlecops, which King repeatedly attacked using his botnet. The latter site, a clearinghouse for information about malware, botnets, and spammers, was subjected to a massive distributed denial-of-service attack in February 2007. But let's not get ahead of ourselves.

The owners of the Web sites that the 21-year-old King harassed alleged in court filings that he engaged in a campaign of harassment, intimidation, threats, and finally massive DDoS attacks. Using the online monikers Silenz and GregK to taunt his victims in brazen online posts of threats and links to porn sites in IRC chat channels and message boards, he launched repeated attacks on Killanet, a Web site aimed at children and teenagers, dating back to June 2004 and continuing through October 2006. According to published news reports, King's motivation was revenge for perceived slights.

King had no interest in subtlety or in masking where his attacks originated from, and reportedly even dropped hints as to his real-life identity. He controlled his botnet from his parents' home in Fairfield, Calif., as well as from a nearby library, a McDonalds, and from a Best Buy store near his home.

In February 2007, King used his botnet to DDoS the servers used by Castlecops for five continuous days. The motivation for the attack: Castlecops moderators had deleted or modified some of King's more vitriolic posts to the message board. "If you edit my post once more, you will be sorry," King wrote in a post on February 13th. Four minutes later he was banned from the message board. That night, King launched his attack.

Join the PC World newsletter!

Error: Please check your email address.

Our Back to Business guide highlights the best products for you to boost your productivity at home, on the road, at the office, or in the classroom.

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Andrew Brandt

InfoWorld
Show Comments

Essentials

Microsoft L5V-00027 Sculpt Ergonomic Keyboard Desktop

Learn more >

Lexar® JumpDrive® S57 USB 3.0 flash drive

Learn more >

Mobile

Lexar® JumpDrive® S45 USB 3.0 flash drive 

Learn more >

Exec

Lexar® JumpDrive® C20c USB Type-C flash drive 

Learn more >

Audio-Technica ATH-ANC70 Noise Cancelling Headphones

Learn more >

Lexar® Professional 1800x microSDHC™/microSDXC™ UHS-II cards 

Learn more >

HD Pan/Tilt Wi-Fi Camera with Night Vision NC450

Learn more >

Budget

Back To Business Guide

Click for more ›

Most Popular Reviews

Latest News Articles

Resources

PCW Evaluation Team

Azadeh Williams

HP OfficeJet Pro 8730

A smarter way to print for busy small business owners, combining speedy printing with scanning and copying, making it easier to produce high quality documents and images at a touch of a button.

Andrew Grant

HP OfficeJet Pro 8730

I've had a multifunction printer in the office going on 10 years now. It was a neat bit of kit back in the day -- print, copy, scan, fax -- when printing over WiFi felt a bit like magic. It’s seen better days though and an upgrade’s well overdue. This HP OfficeJet Pro 8730 looks like it ticks all the same boxes: print, copy, scan, and fax. (Really? Does anyone fax anything any more? I guess it's good to know the facility’s there, just in case.) Printing over WiFi is more-or- less standard these days.

Ed Dawson

HP OfficeJet Pro 8730

As a freelance writer who is always on the go, I like my technology to be both efficient and effective so I can do my job well. The HP OfficeJet Pro 8730 Inkjet Printer ticks all the boxes in terms of form factor, performance and user interface.

Michael Hargreaves

Windows 10 for Business / Dell XPS 13

I’d happily recommend this touchscreen laptop and Windows 10 as a great way to get serious work done at a desk or on the road.

Aysha Strobbe

Windows 10 / HP Spectre x360

Ultimately, I think the Windows 10 environment is excellent for me as it caters for so many different uses. The inclusion of the Xbox app is also great for when you need some downtime too!

Mark Escubio

Windows 10 / Lenovo Yoga 910

For me, the Xbox Play Anywhere is a great new feature as it allows you to play your current Xbox games with higher resolutions and better graphics without forking out extra cash for another copy. Although available titles are still scarce, but I’m sure it will grow in time.

Featured Content

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?