Botnet Herder Pleads Guilty to Massive PayPal Scam

By Lisa Vaas  |  Posted 2007-11-12 Print this article Print

A security consultant assembled armies of infected computers to harvest user names, passwords and financial information.

A 26-year-old security consultant named John Schiefer has admitted to illicitly installing code to assemble botnet armies of up to 250,000 infected computers that harvested user PayPal names, passwords and other personal and financial information. In this, the first prosecution of its kind in the nation, the Los Angeles man will plead guilty to four felony counts: accessing protected computers to conduct fraud, disclosing illegally intercepted electronic communications, wire fraud and bank fraud. Schiefer filed his plea agreement on Nov. 9, according to a statement from the U.S. Attorneys office for the Central District of California.
The charges detail a series of schemes in which Schiefer and several others developed and distributed malware to vulnerable computers. The code rendered the victimized systems into zombie computers that were then marshaled in armies of up to a quarter million strong and used to carry out a variety of identity theft scams. Schiefer is also charged with using the zombie PCs to defraud a Dutch advertising firm.
Schiefer and his associates listened in on the compromised systems to intercept communications from their unwitting users to PayPal and other Web sites. With the PayPal user names and passwords in hand, Schiefer and his gang waltzed into victims bank accounts to make purchases, unbeknownst to the true owners of the accounts. For more on how botnets lobotomize your PC, listen to your podcast. Schiefer also admitted to transferring the intercepted information and stolen PayPal accounts to others. Schiefer and his gang also admitted to installing malware on Windows systems, causing them to cough up user names and passwords from a supposedly secure storage area known as PStore (Protected Storage), an area used to store user data to keep it secure or free from modification—an obvious sweet spot for identity thieves. PStore is known to be a less-secure method of storage than Microsofts DPAPI (Data Protection API) and has been deprecated and made read-only in Windows Vista. Schiefer is also admitting to defrauding an Internet advertising company with his botnets. He was serving as a consultant with a Dutch Internet advertising company and promised to install the companys programs on computers only when the owners gave consent. Instead, Schiefer and two co-schemers installed that program on approximately 150,000 computers that they had previously infected with their malware. To avoid detection by the advertising company, Schiefer instructed his associates to moderate the number of installations so it appeared that the installations were legitimate and not the result of a malicious computer program. Schiefer was ultimately paid more than $19,000 by the advertising company. Schiefer is facing a statutory maximum sentence of 60 years in federal prison and a fine of $1.75 million. Check out eWEEK.coms Security Center for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEKs Security Watch blog. This is the first time that someone has been charged under the U.S. federal wiretap statute for conduct relating to botnets.
Lisa Vaas is News Editor/Operations for and also serves as editor of the Database topic center. Since 1995, she has also been a Webcast news show anchorperson and a reporter covering the IT industry. She has focused on customer relationship management technology, IT salaries and careers, effects of the H1-B visa on the technology workforce, wireless technology, security, and, most recently, databases and the technologies that touch upon them. Her articles have appeared in eWEEK's print edition, on, and in the startup IT magazine PC Connection. Prior to becoming a journalist, Vaas experienced an array of eye-opening careers, including driving a cab in Boston, photographing cranky babies in shopping malls, selling cameras, typography and computer training. She stopped a hair short of finishing an M.A. in English at the University of Massachusetts in Boston. She earned a B.S. in Communications from Emerson College. She runs two open-mic reading series in Boston and currently keeps bees in her home in Mashpee, Mass.

Submit a Comment

Loading Comments...
Manage your Newsletters: Login   Register My Newsletters

Rocket Fuel