In the first case of its kind in the U.S., a man pleaded guilty last week to federal charges stemming from his use of "botnets"-armies of compromised computers-to steal people’s identities by extracting information from their personal computers and intercepting their e-mails, the Federal Bureau of Investigation announced last week.
John Schiefer, 26, of Los Angeles, appeared before United States District Judge A. Howard Matz and pleaded guilty to accessing protected computers to conduct fraud, disclosing illegally intercepted electronic communications, wire fraud and bank fraud.
Schiefer admitted he gained access without authorization to hundreds of thousands of computers in the U.S. and that he remotely controlled the machines through computer servers, the FBI said. Once in control of the "zombie" computers, Schiefer used his botnets to search for vulnerabilities in other computers, intercept e-mails and commit identity theft, the FBI said.
Schiefer also admitted that he and others installed malicious computer code, known as "malware," on zombie computers that captured electronic communications as they were sent from users’ computers, the FBI said.
Schiefer’s "spybot" malware allowed him to intercept communications sent between victims’ computers and financial institutions, such as PayPal, the FBI said. Schiefer sifted through the intercepted messages and mined usernames and passwords to accounts, according to the FBI.
Using the stolen usernames and passwords, Schiefer made purchases and transferred funds, the FBI said.
Schiefer also gave the stolen usernames and passwords and intercepted e-mails to others, the FBI said.
Schiefer is the first person in the nation to plead guilty to wiretapping charges in connection with the use of botnets, according to the FBI.
Schiefer also installed malware on computers that caused them to send account access information, including usernames and passwords for PayPal and other financial websites, to computers controlled by Schiefer and others, the FBI said. Schiefer used that information to make unauthorized purchases using funds transferred directly from people’s bank accounts.
Schiefer also admitted defrauding a Dutch Internet advertising company with his armies of zombie computers, the FBI said. Schiefer signed up as a consultant with the advertising company and promised to install the company’s programs on computers only when the owners of those computers gave consent, the FBI said. Instead, Schiefer and two other people installed the program on approximately 150,000 zombie computers whose owners did not give consent, the FBI said. Schiefer was paid more than $19,000 by the advertising company, the FBI said.
Schiefer has agreed to pay approximately $20,000 in restitution to the Dutch advertising company and financial institutions that he defrauded, the FBI said. He is scheduled to be sentenced by Judge Matz on August 20. He faces 60 years in prison and a fine of $1.75 million.
