By Stevie Smith Nov 12, 2007, 13:50 GMT
A seemingly reputable security professional is perhaps the last person you’d expect to target when searching for nefarious individuals guilty of spreading malicious software across thousands of unsuspecting computer systems, but that’s exactly how one has been uncovered this week.
More specifically, L.A. security specialist John Kenneth Schiefer (26) has pled guilty to four felony charges of fraud and wiretapping, which could subsequently see him slapped with a staggering $1.75 million USD in fines along with an accompanying 60 years behind bars.
According to the Washington Post, investigators have revealed that Schiefer and two unnamed minors (identified only via their screen names of "prlme" and "dynamic") infected around 250,000 unwitting PC systems with malware and spyware, with approximately 137,000 of those affected systems hit with programs allowing the attackers to control the host PCs remotely.
Assistant U.S. attorney Mark Krause has offered that, by constructing a remotely controlled network of malicious bot programs (which also allowed attackers to commit identity theft), it is believed that Schiefer has become the first man in the United States to be charged with violating federal wiretapping laws.
In an interview with Security Fix, Schiefer revealed that he and his unnamed cohorts spread most of their bot programs via AOL Instant Messenger (AIM) by using "spreader" programs including Niteaim and AIM Exploiter. Spammed users were hit by apparently innocuous messages inviting them to click on a link, with anyone opting to do so promptly hit with a downloaded Trojan that then opened a path for the malicious bot program.
Schiefer reportedly had connections to infamous hacker group Defonic, along with longstanding administrator experience with active hacker IRC chat rooms such as "#bottalk" and "#rizon". Prior to authorities raiding his home, and the subsequent arrest of Schiefer, he had been hired by LA-based 3G Communications to (ironically) help businesses secure their communications networks. He was let go by the telephony provider in March of 2006 following a number of disability claims.
According to Schiefer, his association with malicious computer activity was brief and came to an end in January of 2006. Since then, he claims to have seen the error of his ways and has been "trying to prevent crap like this happening." While he doesn’t want anyone to feel sorry for him, seeing as what he was doing was both "wrong [and] stupid," Schiefer does at least hope that his cooperation with law enforcement will lead to a reduction in the final weight of sentencing.
Your Talkback on this Story