“ Crime pays, and it also has an excellent benefits package. ”
So went the signature of John K Schiefer, the security consultant who has just “admitted to using massive botnets to illegally install software on at least 250,000 machines and steal the online banking identities of Windows users by eavesdropping on them while they made financial transactions. ” (See SecurityFocus at http://www.securityfocus.com/news/11495).
Apparently, most of the bot programs were spread using using AOL Instant Messenger. In order to spread, the victims would have to first click on a link that would have been messaged to them. Anyone who took the bait had a Trojan program downloaded to their machine.
“I don’t think anyone should feel sorry for me,” Schiefer said. “What I was doing was wrong [and] stupid, and I got caught.” (see http://blog.washingtonpost.com/securityfix/2007/11/security_pro_admits_to_hijacki.html?nav=rss_blog)
From the US Department of Justice:
John Schiefer, 26, of Los Angeles (90011), has agreed to plead guilty to four felony counts: accessing protected computers to conduct fraud, disclosing illegally intercepted electronic communications, wire fraud and bank fraud….Once he pleads guilty to the four counts, Schiefer will face a statutory maximum sentence of 60 years in federal prison and a fine of $1.75 million.