|
Paul Davis
On Crime & Security
Prevent Cyber Crooks from Turning your Computer
into a Zombie
by Paul Davis
You’ve installed good deadbolt locks, a burglar and fire alarm system,
cameras and exterior lights. You’ve done everything right to physically protect
yourself and your business, and yet your business has been breached by criminals
– via your computer.
Cyber crime is a growing threat that can destroy your business as well as your
personal life. Cyber criminals are smart, technologically proficient and bold.
Fortunately law enforcement is getting better at catching these crooks and
one cyber criminal, who signed his instant messages “crime pays,” was sentenced
on March 4th to four years in federal prison and given a $2,500 fine. The
sentencing ended the first prosecution of its kind in the country.
John Schiefer, 27, of Los Angeles, who used the online handle “acidstorm,”
pleaded guilty last year to accessing protected computers to conduct fraud,
disclosing illegally intercepted electronic communications, wire fraud and bank
fraud.
According to the U.S. Attorney for the Central District of California,
Schiefer was associated with the “botnet underground” and used his “botnets,”
which are armies of compromised computers, to commit identity theft throughout
the country by extracting information from their personal computers and
wiretapping their communications.
When he pleaded guilty, Schiefer admitted that he illegally accessed hundreds
of thousands of computers in the United States and that he remotely controlled
these compromised computers, called “zombie computers,” through computer
servers. Once in control of the “zombie” computers, Schiefer used his botnets to
search for vulnerabilities in other computers, intercept electronic
communications and engage in identity theft.
Schiefer admitted that he and his criminal cohorts installed malicious
computer code, known as “malware,” on zombie computers that captured electronic
communications as they were sent from users’ computers.
Because the victims with zombie computers didn’t even know that their
computers were infected and were “bots,” they continued to use their computers
to engage in commercial activities, such as making online purchases and
conducting business.
Schiefer’s “spybot” malware allowed him to intercept communications sent
between the victims’ zombie computers and financial institutions, such as PayPal.
Schiefer sifted through those intercepted communications and stole usernames and
passwords to accounts. Using the stolen usernames and passwords, Schiefer made
purchases and transferred funds without the consent of the victims. Schiefer
also gave the stolen usernames and passwords, as well as the wiretapped
communications, to other cyber criminals. Schiefer is the first person in the
country to plead guilty to wiretapping charges in connection with the use of
botnets
Schiefer also admitted stealing information from computers by accessing the
PStore, which is intended to be a secure storage area of computers running
Microsoft operating systems. Schiefer installed malware on computers that caused
them to send account access information, including usernames and passwords for
PayPal and other financial websites, to computers controlled by Schiefer and
others. Schiefer used that information to make unauthorized purchases using
funds transferred directly from victims’ bank accounts.
Schiefer also defrauded a Dutch Internet advertising company. He became a
consultant and promised to install the company’s programs on computers with the
owners’ consent. Instead, Schiefer and two cohorts installed the programs on
approximately 150,000 zombie computers whose owners certainly did not give
consent. Schiefer was paid more than $19,000 by the advertising company.
“While computer criminals have many technological resources at their
disposal, we have our own technology experts, as well as a host of legal
remedies to punish those who exploit the Internet for nefarious purposes,” said
United States Attorney Thomas P. O’Brien. “As Internet-based criminals develop
new techniques, we quickly respond to their threats and prosecute those who
compromise our ability to safely use the Internet.”
To protect yourself from cyber crooks you should follow the basic guide
listed below:
- Consult with a computer security expert.
- Install and update anti-virus and anti-spyware programs.
- Install firewall to protect your computer from unauthorized intrusions.
- Change your passwords often.
- Disconnect your computer when not in use.
“Los Angeles has been on the front lines in the war against botnet herders
and those who utilize their product," said Salvador Hernandez, the assistant
director in charge of the FBI in Los Angeles. "As demonstrated by the Schiefer
investigation, criminals increasingly use computers to facilitate a variety of
illegal activities. As technology advances, so do the techniques engineers of
cyber crime use to exploit the vulnerabilities of computer systems and users.
Through the use of cutting edge techniques, the FBI is meeting the evolving
threats in cyberspace by identifying and building cases on the worst offenders."
Schiefer, the cyber crook who signed his instant messages “crime pays,” will no
doubt have a different view of crime as he spends the next four years in prison.
“This case should send a message to would-be cyber culprits that the FBI may be
only a few mouse clicks away from finding you,” Hernandez said.
Paul Davis is a writer who covers crime & security for newspapers, magazines and the Internet. He can be reached at
pauldavisoncrime@aol.com
|