IT pro gets four years for building botnets

A former Los Angeles IT professional has been sentenced to four years in prison for building a botnet army.

An employee of search engine startup Mahalo has been sentenced to four years in prison for infecting as many as 250,000 computers with malicious botnet computer code.

John Schiefer was sentenced Wednesday in federal court after previously pleading guilty to hacking, fraud and wiretapping charges. He was arrested in 2007 as part of a large U.S. Federal Bureau of Investigation enforcement action against botnet makers, called Operation Bot Roast II.

The case marks the first time that someone has been charged with operating a botnet under federal wiretapping laws. Schiefer could have been sentenced to as much as five years in prison on the charges.

When they hired him, Mahalo executives didn't know about his criminal activities. In a blog posting, Mahalo founder Jason Calacanis said company CTO Mark Jeffrey had "screwed up by not doing a simple Google search on John's name," but he stood by his employee, saying there is a fine line between hackers "who put one foot over the line" and commit minor indiscretions, and others like Schiefer, who "race past it."

"I consider myself a fairly decent judge of character, and after spending months with John, I'm convinced he was an angry stupid kid when he launched his botnet attack (which did .000000001% of the damage it could have)," Calacanis wrote. "Now he's an adult who just wants to make a decent living, spend time with his significant other and breathe the clean air off the Pacific Ocean by our offices in Santa Monica."

"When he comes out, I hope to be able to offer him a job and that we can work together again," Calacanis said.

Schiefer built his botnet army while a consultant at 3G Communications, a small Los Angeles telecommunications company. The network, built with the help of two accomplices, was used to snoop in on Internet traffic between victims' computers and financial institutions such as PayPal, prosecutors said. Schiefer would then make purchases or simply drain his victims' bank accounts.

He used several partners in the scheme -- some of them minors whom he "bullied ... into participating in the crimes," prosecutors said in the suit, filed in the U.S. District Court for the Central District of California.

When a minor named Adam expressed reservations about claiming stolen money from PayPal, Schiefer told Adam to "quit being a bitch and claim it," the filing states.

Online, Schiefer was known as Acidstorm. His MSN Messenger handle also included the tagline, "Remember the name or feel the pain."

In another scam, a Dutch online marketing company called Simpel Internet paid him more than US$19,000 for installing the company's TopConverting adware on PCs, which he did without the consent of his victims. As part of his plea agreement, Schiefer will pay US$20,000 in restitution to Simpel Internet and the financial institutions he defrauded.

He also used the botnet to launch distributed denial of service (DDOS) attacks, and in an interview with the FBI he claimed to have knocked the Los Angeles Times' Web site offline, prosecutors said.

According to an FBI affidavit filed in the case, Schiefer also accessed computers at an unnamed 3G Communications client without authorization.

Schiefer seemed happy with the money he was making from his scams. According to evidence entered into court, another one of his instant messaging signatures read: "Crime pays, and it also has an excellent benefits package."

Schiefer hopes to seek future employment in the information security field, prosecutors said.

Join the PC World newsletter!

Error: Please check your email address.
Rocket to Success - Your 10 Tips for Smarter ERP System Selection

Tags botnets

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Robert McMillan

IDG News Service
Show Comments

Most Popular Reviews

Latest Articles

Resources

PCW Evaluation Team

Matthew Stivala

HP OfficeJet 250 Mobile Printer

The HP OfficeJet 250 Mobile Printer is a great device that fits perfectly into my fast paced and mobile lifestyle. My first impression of the printer itself was how incredibly compact and sleek the device was.

Armand Abogado

HP OfficeJet 250 Mobile Printer

Wireless printing from my iPhone was also a handy feature, the whole experience was quick and seamless with no setup requirements - accessed through the default iOS printing menu options.

Azadeh Williams

HP OfficeJet Pro 8730

A smarter way to print for busy small business owners, combining speedy printing with scanning and copying, making it easier to produce high quality documents and images at a touch of a button.

Andrew Grant

HP OfficeJet Pro 8730

I've had a multifunction printer in the office going on 10 years now. It was a neat bit of kit back in the day -- print, copy, scan, fax -- when printing over WiFi felt a bit like magic. It’s seen better days though and an upgrade’s well overdue. This HP OfficeJet Pro 8730 looks like it ticks all the same boxes: print, copy, scan, and fax. (Really? Does anyone fax anything any more? I guess it's good to know the facility’s there, just in case.) Printing over WiFi is more-or- less standard these days.

Ed Dawson

HP OfficeJet Pro 8730

As a freelance writer who is always on the go, I like my technology to be both efficient and effective so I can do my job well. The HP OfficeJet Pro 8730 Inkjet Printer ticks all the boxes in terms of form factor, performance and user interface.

Michael Hargreaves

Windows 10 for Business / Dell XPS 13

I’d happily recommend this touchscreen laptop and Windows 10 as a great way to get serious work done at a desk or on the road.

Featured Content

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?