Saturday, November 10, 2007
The U.S. Attorney's Office for the Central District of California reports on a plea agreement reached in an identity theft case that has some unusual twists. The press release describes:
"In the first prosecution of its kind in the nation, a well-known member of the 'botnet underground' was charged today with using 'botnets' – armies of compromised computers – to steal the identities of victims across the country by extracting information from their personal computers and wiretapping their communications."
According to the release, the accused has agreed to enter a plea to "four felony counts: accessing protected computers to conduct fraud, disclosing illegally intercepted electronic communications, wire fraud and bank fraud." The alleged conduct is described in part as follows:
"installing malicious computer code, or 'malware,' that acted as a wiretap on compromised computers. Because the users of those compromised computers were unaware that their computers had been turned into 'zombies,' they continued to use their computers to engage in commercial activities. [the accused] used the malware, which he called a 'spybot,' to intercept electronic communications being sent over the Internet from those zombie computers to www.paypal.com and other websites. Once in possession of those intercepted communications, [he] and the others sifted through the data to mine usernames and passwords. With Paypal usernames and passwords, [he] and the others accessed bank accounts to make purchases without the consent of the true owners. [He] also acknowledged in the plea agreement that he transferred both the wiretapped communications and the stolen Paypal information to others."
The press release states that this "is the first time in the nation that someone has been charged under the federal wiretap statute for conduct related to botnets."