Prevent Cyber Crooks from Turning
your Computer into a Zombie

by Paul Davis

Spybots, botnets and malware - it all sounds like something out of a bad Sci-Fi movie. But those are the tools that cyber criminals use to take over the computers of unsuspecting businesses and individuals. Here's what you need to know to protect yourself.

Paul Davis
On Crime & Security

You’ve installed good deadbolt locks, a burglar and fire alarm system, cameras and exterior lights. You’ve done everything right to physically protect yourself and your business, and yet your business has been breached by criminals – via your computer.

Cyber crime is a growing threat that can destroy your business as well as your personal life. Cyber criminals are smart, technologically proficient and bold.

Fortunately law enforcement is getting better at catching these crooks and one cyber criminal, who signed his instant messages “crime pays,” was sentenced on March 4th to four years in federal prison and given a $2,500 fine. The sentencing ended the first prosecution of its kind in the country.

John Schiefer, 27, of Los Angeles, who used the online handle “acidstorm,” pleaded guilty last year to accessing protected computers to conduct fraud, disclosing illegally intercepted electronic communications, wire fraud and bank fraud.

According to the U.S. Attorney for the Central District of California, Schiefer was associated with the “botnet underground” and used his “botnets,” which are armies of compromised computers, to commit identity theft throughout the country by extracting information from their personal computers and wiretapping their communications.

When he pleaded guilty, Schiefer admitted that he illegally accessed hundreds of thousands of computers in the United States and that he remotely controlled these compromised computers, called “zombie computers,” through computer servers. Once in control of the “zombie” computers, Schiefer used his botnets to search for vulnerabilities in other computers, intercept electronic communications and engage in identity theft.



Schiefer admitted that he and his criminal cohorts installed malicious computer code, known as “malware,” on zombie computers that captured electronic communications as they were sent from users’ computers.

Because the victims with zombie computers didn’t even know that their computers were infected and were “bots,” they continued to use their computers to engage in commercial activities, such as making online purchases and conducting business.

Schiefer’s “spybot” malware allowed him to intercept communications sent between the victims’ zombie computers and financial institutions, such as PayPal. Schiefer sifted through those intercepted communications and stole usernames and passwords to accounts. Using the stolen usernames and passwords, Schiefer made purchases and transferred funds without the consent of the victims. Schiefer also gave the stolen usernames and passwords, as well as the wiretapped communications, to other cyber criminals. Schiefer is the first person in the country to plead guilty to wiretapping charges in connection with the use of botnets

Schiefer also admitted stealing information from computers by accessing the PStore, which is intended to be a secure storage area of computers running Microsoft operating systems. Schiefer installed malware on computers that caused them to send account access information, including usernames and passwords for PayPal and other financial websites, to computers controlled by Schiefer and others. Schiefer used that information to make unauthorized purchases using funds transferred directly from victims’ bank accounts.

Schiefer also defrauded a Dutch Internet advertising company. He became a consultant and promised to install the company’s programs on computers with the owners’ consent. Instead, Schiefer and two cohorts installed the programs on approximately 150,000 zombie computers whose owners certainly did not give consent. Schiefer was paid more than $19,000 by the advertising company.

“While computer criminals have many technological resources at their disposal, we have our own technology experts, as well as a host of legal remedies to punish those who exploit the Internet for nefarious purposes,” said United States Attorney Thomas P. O’Brien. “As Internet-based criminals develop new techniques, we quickly respond to their threats and prosecute those who compromise our ability to safely use the Internet.”

To protect yourself from cyber crooks you should follow the basic guide listed below:

  • Consult with a computer security expert.
  • Install and update anti-virus and anti-spyware programs.
  • Install firewall to protect your computer from unauthorized intrusions.
  • Change your passwords often.
  • Disconnect your computer when not in use.

“Los Angeles has been on the front lines in the war against botnet herders and those who utilize their product," said Salvador Hernandez, the assistant director in charge of the FBI in Los Angeles. "As demonstrated by the Schiefer investigation, criminals increasingly use computers to facilitate a variety of illegal activities. As technology advances, so do the techniques engineers of cyber crime use to exploit the vulnerabilities of computer systems and users. Through the use of cutting edge techniques, the FBI is meeting the evolving threats in cyberspace by identifying and building cases on the worst offenders."

Schiefer, the cyber crook who signed his instant messages “crime pays,” will no doubt have a different view of crime as he spends the next four years in prison.

“This case should send a message to would-be cyber culprits that the FBI may be only a few mouse clicks away from finding you,” Hernandez said.

About the author: 
Paul Davis is a writer who covers crime & security for newspapers, magazines and the Internet. He can be reached at pauldavisoncrime@aol.com

Paul Davis on Crime & Security

 
Free small business newsletter
 
Get great business ideas and advice like this sent to you in email twice a week.
 
Subscribe to the free Business Know-How newsletter. 
 
Enter your primary email address below

 

Follow Us and Share