ITEC 6323 | ITEC 6324 Security entry for the week of November 7, 2005

Compuer Forensics

"Computer Virus Broker arrested for selling armies of infected computers to hackers and spammers"

Jeanson James Ancheta, twenty, of Downey, California, was arrested November 3rd on two separate conspiracies and a seventeen count indictment relating to his operation of a criminal botnet. The first conspiracy alleged him using the trojan program "rxbot" for the creation of the criminal botnet. The second conspiracy alleged him downloading adware to the computers that were part of his criminal botnet. He was indicted under federal law 18 U.S.C. 1030 Fraud and Related Activity in Connection with Computers.

The best part of the story has to do with his customer service. After receiving payment from customers, Mr. Ancheta would give customers control of enough botnets to accomplish their specified task. He would also provide an instructional manual that included the commands needed to instruct the botnets to launch DDOS attacks or send spam. The manual would also include the malicious code that would allow the botnets to spread or propagate. As part of his fee, Mr. Ancheta allegedly set up and tested the purchased botnet to ensure that the DDOS attacks or spamming could be successfully carried out. This man operated a very customer-centric business.

Where he appeared to go awry was when he infected systems at the Weapons Division of the US Naval Air Warfare Center in China Lake (CA) as well as computers at the Defense Information Systems Agency. From what I read in the indictment, federal authorities traced his activities back to servers that he controlled (he used money earned from selling access to his criminal botnet to purchase servers).

Because he was caught, he forfeited $60,000 in cash, his BMW, and most importantly, his computer equipment - now that hurts!


Rob Hiltbrand