Texas Man Pleads Guilty To Building Botnet-For-Hire

Julie188 writes "A Mesquite, Texas, man is set to plead guilty to training his 22,000-PC botnet on a local ISP — just to show off its firepower to a potential customer. David Anthony Edwards will plead guilty to charges that he and another man, Thomas James Frederick Smith, built a custom botnet, called Nettick, which they then tried to sell to cybercriminals at the rate of US$0.15 per infected computer, according to court documents."

$0.15 Per?

[grcumb]

Thomas James Frederick Smith, built a custom botnet, called Nettick, which they then tried to sell to cybercriminals at the rate of US$0.15 per infected computer....

That's, like, US $3300 for the lot. He's not going to get much hookers and blow outta that.

If he did any programming at all to develop the exploit, then his wages are in the basement. (Probably right next to his 'office'.) Once you factor in the time it would have taken to propagate, test and market the botnet, this guy stood to earning the merest pittance.

Then again, he was stupid enough to turn the thing on his own ISP, so we shouldn't marvel too much over his lack of business acumen.

Ah they broke rule #1 of cybercrime

[CrazyJim1]

Don't perform cybercrime in the borders of the USA.

Re:Counts

[LordLucless]

So the one count they're charged with is for invading a corporate computer. And the thousands of individual citizens' PCs they compromised are ignored. Somehow, I'm not surprised.

Re:$3300.00

[vidnet]

A $3000 transaction; for that he ran the risk of a $250,000 fine

He could probably have sold it a hundred times to a hundred different buyers.

Re:$3300.00

[jibjibjib]

If you're good you can make it a P2P network, like the Skype network or the BitTorrent DHT. Have all the commands cryptographically signed; it doesn't matter where a message is coming from as long as it has the right signature. Then it will be extremely difficult for attackers to find where the controlling server is. The commands to their computer will probably be forwarded to them from some other bot near them in the network, not directly from your control server, and they can't find out where the other bot gets its commands from. Once the botnet gets big enough and has a few semi-reliable hosts in it, you can dispense with DNS and centralised control altogether. Just like with Skype or BitTorrent, if you keep a list of addresses of semi-reliable hosts you can connect to one of them and discover its peers and connect to them and get onto the network without using DNS or a hardcoded central server. And then you can control your botnet from anywhere as long as you have the appropriate client program and private key, and it'll be hard to track you and impossible to shut you down.

Re:Counts

[jimicus]

So the one count they're charged with is for invading a corporate computer. And the thousands of individual citizens' PCs they compromised are ignored. Somehow, I'm not surprised.

I don't think it's as clear cut as that. It's much easier to get evidence of 5,000 infections from a handful of sysadmins saying "We spent X hours cleaning up Y PCs as a result of this particular piece of malware" than it is to get 5,000 individuals to.

Re:$3300.00

[Opportunist]

I don't really recommend using those kits. Few of them allow you to keep your precious bots all for yourself. ;)

Seriously, what do you expect? You're buying (closed source) software to install backdoors in someone else's computer from a ... well, let's say not too reputable company. Do you really expect them to let you keep the bots? Be honest!

Re:Counts

[couchslug]

"screw concurrent sentencing."

Concurrent sentencing is actually "sentence nullification" and should be banned.