Jailed Botnet Creator Sold Access to Infected PCs

The man convicted of infecting 72,000 computers has been sentenced to two and a half years behind bars. Joshua Schichtel created a network of hijacked machines and then -- for a fee -- allowed others to control them.

Schichtel first came to the attention of authorities in 2004. At the time, he was part of a group charged with using infected computers to carry out distributed denial of service (DDoS) attacks.

Earlier DDoS Attack Goes Unpunished

Under a DDosS attack, a hacker uses many computers to send service requests to legitimate website servers. Because servers are set up to respond to all service requests, the heavy load of requests quickly overwhelms the servers.

Eventually, the site crashes or becomes unavailable to any computer user, including legitimate ones.

Back in 2004, authorities failed to accumulate enough evidence to obtain an indictment against Schichtel and take the case to trial. In effect, he went unpunished for his crimes. (Source: arstechnica.com)

This time, however, Schichtel stood accused of creating a malicious botnet, which is the common term for a network of computers infected by a virus and brought under the coordinated control of a remote hacker.

Botnets Used For Spam, Disruption

Usually, a botnet controller is not seeking to access data on the infected computers, or to damage them.

Instead, the controller wants to harness the combined computing power of all the infected computers and use them for some other purpose, such as distributed denial of service attacks, or for sending out spam messages on a massive scale.

In most cases, the owners of the infected computers are unaware of the botnet's activity, though they may notice their computer running more slowly than it should for the work they are asking of it.

Third Parties Granted Access to Infected PCs

The U.S. Department of Justice says Schichtel repeatedly sold access to his botnets to third-parties. However, it's unclear at this time how often he did this, or how many machines he controlled.

Schichtel was charged with setting up a botnet, but not with selling access to it. Prosecutors note that he set up this particular network on behalf of a client who paid him just $1,500 for access to the 72,000 computers.

That works out to just over two cents for every machine Schichtel infected. (Source: justice.gov)

Schichtel will now serve 30 months in prison, followed by three years probation.