US Bot Herder Admits Infecting 250K Machines 206
AceCaseOR writes "In Los Angeles criminal court, security consultant John Schiefer, 26, has admitted infecting the systems of his clients with viruses to form a botnet containing a maximum of 250,000 systems. Schiefer used his zombies to steal users' PayPal usernames and passwords to make unauthorized purchases, as well as to install adware on their computers without their consent. Schiefer agreed to plead guilty to four felony charges of accessing protected computers to commit fraud, disclosing illegally intercepted electronic communications, wire fraud, and bank fraud. He will be sentenced Dec. 3 and faces up to 60 years in prison and a fine of $1.75 million."
Whoa! (Score:3, Interesting)
Re:from the article (Score:0, Interesting)
broken justice? (Score:2, Interesting)
Just because you admit to something in a court does not mean it's actually true.
Auditing, Auditing... (Score:5, Interesting)
Should not companies now figure out how to audit their IT deparments regularly?
This is NOT that uncommon, after reading some of the stuff written by the forensic snoops hired by private companies (who mostly do not want anyone to know that anything was compromised...shareholders & investors for instance).
What about Sony (Score:3, Interesting)
"security consultant" John Schiefer (Score:3, Interesting)
Crime and Punishment (Score:3, Interesting)
Anyways, I've been doing a bit of thinking about this issue.
You often hear about 'white collar' criminals being given massive sentences. They could be organisers of international software piracy rings, super electronic fraudsters (like the one mentioned in the original parent article), whatever. The numbers of years they are sentenced to and dollars they are fined just seem to get bigger and bigger each time i hear a new story.
New laws are increasingly being passed to raise the penalties for electronic crimes. These harsher penalties don't seem to be acting as much of a deterrent, however.
The economic damage caused by internet and computer crime is staggering, the number of victims (as seen in the article) in the hundreds of thousands, potentially even millions. Could there come a time where these crimes could incur capital punishment?
disclaimer: i come from a country without the death penalty, and personally don't understand the necessity for it, so don't read this as my supporting the idea. This isn't about my personal philosophy.
Murder is already a capital crime in a number of US states. People are already being executed in many countries for crimes other than murder. Drug trafficking, serious sexual offences, could it be a relatively a small step for internet crimes to escalate into capital territory?
The internet being international as it is and the victims of these crimes often being selected so indiscriminately, could it be a matter of time before an american committing e-fraud is indicted in a country where his crimes are of a capital nature?
Extrapolating ludicrously, could a european citizen not subject to capital punishment be indicted by an america where their internet-based crime warrants the death penalty?
It's controversial enough when a citizen of a country that doesn't have the death penalty is sentenced to death in one that does. Imagine if the crime they committed was something we might look at as being comparatively trivial in nature.
Re:He did the crime....he should do the time (Score:3, Interesting)
Fact is, admitting to a crime is not the same as being guilty. I'm not saying he's not guilty, but knowing how the system works casts serious doubts in my mind about his guilt.
3G Communications may go under because of him (Score:5, Interesting)
Would you trust them after this?
Corrupting the mind of youths (Score:3, Interesting)
Re:Auditing, Auditing... (Score:4, Interesting)
Re:He did the crime....he should do the time (Score:1, Interesting)
I don't feel sorry for criminals - at mininum they should get "eye for an eye" punishment. Murderers included.
Hard punishment? Hardly. (Score:5, Interesting)
This isn't just a "simple" criminal using malware to steal IDs. He was the guy who was supposed to disallow exactly that. He was the one people trusted to keep them clean from malware. Now, he didn't just fail in his job and allow it despite his attempts, he deliberately and intentionally infected his clients' computers.
That's why I don't think this punishment is overdone. We're talking about the maybe most insidious way of breaking a law: Getting people's trust, getting them to believe you you're going to keep them save from just what you want to do to them. It's like a cop breaking into your home or your babysitter
This is NOT the punishment I'd see as adequate for a "normal" malware attacker (even though I would love to see them dangling from their dangling bits, but that's my personal opinion).
As for those that expect him to get out after 5 years and have a great job then, I can tell you this: I can't say anything about his time, but his job opportunities are going to be slim. The security industry isn't big. People know each other. People like this are going to be not known, they are infamous. And nobody will willingly touch him with a 10 foot pole.