A 27-year-old Los Angeles man has been hit with a four-year sentence in connection with his role in infecting as many as 250,000 computers with malware in a plot to steal account data.
John Schiefer, who authorities said worked as a security consultant, was sentenced March 4 in Los Angeles federal court after pleading guilty last year to participating in a cyber-crime ring that swiped password and account information from victims.
According to the government, Schiefer used a botnet to infect computers across the United States. After compromising a machine, the malware enabled him and others to intercept Internet communications to PayPal and other sites. The information was used to make purchases and transfer funds without the account owner’s consent. Some of the data was also passed on to others for use, authorities said.
In addition to the financial fraud against the owners of the compromised machines, Schiefer also defrauded a Dutch advertising company by installing adware on zombie computers without the victim’s permission – a violation of his agreement with the Dutch company.
Schiefer faced up to 60 years in prison. One of the eight defendants nabbed in the FBI’s “Operation Bot Roast II” investigation in 2007, he must also pay $19,000 in restitution to PayPal and other companies.