20-year-old hacker rented out attack network

updated 4:56 p.m. ET Jan. 23, 2006

SAN FRANCISCO - A 20-year-old hacker admitted Monday to surreptitiously seizing control of hundreds of thousands of Internet-connected computers, using the zombie network to serve pop-up ads and renting it to people who mounted attacks on Web sites and sent out spam.

Jeanson James Ancheta, of Downey, Calif., pleaded guilty in Los Angeles federal court to four felony charges for crimes, including infecting machines at two U.S. military sites, that earned him more than $61,000, said federal prosecutor James Aquilina.

Under a plea agreement, which still must be approved by a judge, Ancheta faces up to 6 years in prison and must pay the federal government restitution. He also will forfeit his profits and a 1993 BMW. Sentencing is schedule for May 1.

Prosecutors called the case the first to target profits derived from use of “botnets,” large numbers of computers that hackers commandeer and marshal for various nefarious deeds. The “zombie” machines’ owners are unaware that parasitic programs have been installed on them and are being controlled remotely.

Botnets are being used increasingly to overwhelm Web sites with streams of data, often by extortionists. They feed off of vulnerabilities in computers that run Microsoft Corp.’s Windows operating system, typically machines whose owners haven’t bothered to install security patches.

A November indictment charged Ancheta with 17 counts of conspiracy, fraud and other crimes connected to a 14-month hacking spree that started in June 2004 and that authorities say continued even after FBI agents raided his house six months later.

“Part of what’s most troubling about those who commit these kinds of offenses is they think they’ll never be caught,” said Aquilina, who spent more than a year investigating Ancheta and several of Ancheta’s online associates who remain uncharged co-conspirators.

Ancheta’s attorney, federal public defender Greg Wesley, did not immediately return phone calls seeking comment.

Ancheta has been in federal custody since his November indictment. He previously worked at an Internet cafe owned by a relative and had hoped to join the military reserves, according to his aunt, Sharon Gregorio. Court documents suggested he had a taste for expensive goods, spending $600 a week on new clothes and car parts.

The guilty plea comes less than a week after the FBI released a report that estimates viruses, worms and Trojan horse programs like the ones Ancheta employed cost U.S. organizations $11.9 billion each year.

November’s 52-page indictment, along with papers filed last week, offer an unusually detailed glimpse into a shadowy world where hackers, often not old enough to vote, brag in online chat groups about their prowess in taking over vast numbers of computers and herding them into large armies of junk mail robots and arsenals that flood Web sites with data until they crash.

Ancheta one-upped his hacking peers by advertising his network of “bots,” short for robots, on Internet chat channels.

A Web site Ancheta maintained included a schedule of prices he charged people who wanted to rent out the machines, along with guidelines on how many bots were required to bring down a particular type of Web site.

MORE FROM SECURITY

Security Section Front

Facebook forms board on online safety Man in stolen cell phone pic turns himself in Teen Internet addicts more likely to self harm Beware of online ‘Breaking Dawn’ casting scam Web ad group launches privacy education effort Facebook to overhaul privacy structure Avoid flirty patients on Facebook, doctors told ‘Black screen of death’ for some Windows users Red Tape: Will piracy crackdown bring iPod border checks? Internet activists push for greater democracy Security Section Front   Add Security headlines to your news reader: