Devoted to hardware, software, IT issues, and information technology management

I think about the title of the article, the content on which it is based and wonder if we're in the midst of another "Terminator" movie.  Botnets are nothing new; I posted something about them a few weeks ago in Threat Thursday: Botnet Service Providers?, relating how Botnet Herders will actually hire out the "services" of their zombie flock to other herders and less-desirable folk to cause all sorts of technological mayhem.

Now it sounds as if a little progress is being made on the law enforcement side.  I read a post in The Register that the FBI has gotten involved and they have an ongoing investigation called "Bot Roast" that started last June and announced "Bot Roast II" this month.  They have actually identified, managed to indict some of the guilty parties and they coordinated efforts with other law enforcement agencies:

1. Ryan Brett Goldstein, 21, of Ambler, Pennsylvania, was indicted on 11/01/07 by a federal grand jury in the Eastern District of Pennsylvania for botnet related activity which caused a distributed denial of service (DDoS) attack at a major Philadelphia area university.  In the midst of this investigation the FBI was able to neutralize a vast portion of the criminal botnet by disrupting the botnet's ability to communicate with other botnets.  In doing so, it reduced the risk for infected computers to facilitate further criminal activity. This investigation continues as more individuals are being sought.
2. Adam Sweaney, 27, of Tacoma, Washington, pled guilty on September 24, 2007 in U.S. District Court, District of Columbia, to a one count felony violation for conspiracy fraud and related activity in connection with computers.  He conspired with others to send tens of thousands of email messages during a one-year period.  In addition, Sweaney surreptitiously gained control of hundreds of thousands of bot controlled computers.  Sweaney would then lease the capabilities of the compromised computers to others who launched spam and DDoS attacks.
3. Robert Matthew Bentley of Panama City, Florida, was indicted on 11/27/07 by a federal grand jury in the Northern District of Florida for his involvement in botnet related activity involving coding and adware schemes.  This investigation is being conducted by the U.S. Secret Service.
4. Alexander Dmitriyevich Paskalov, 38, multiple U.S. addresses, was sentenced on 10/12/2007 in U.S. District Court, Northern District of Florida, and received 42 months in prison for his participation in a significant and complex phishing scheme that targeted a major financial institution in the Midwest and resulted in multi-million dollar losses.
5. Azizbek Takhirovich Mamadjanov, 21, residing in Florida, was sentenced in June 2007 in U.S. District Court, Northern District of Florida, to 24 months in prison for his part in the same Midwest bank phishing scheme as Paskalov.  Paskalov established a bogus company and then opened accounts in the names of the bogus company.  The phishing scheme in which Paskolov and Mamadjanov participated targeted other businesses and electronically transferred substantial sums of money into their bogus business accounts.  Immigrations Customs Enforcement, Florida Department of Law Enforcement, and the Panama City Beach Police Department were active partners in this investigation.
6. John Schiefer, 26, of Los Angeles, California, agreed to plead guilty on 11/8/2007 in U.S. District Court in the Central District of California, to a four felony count criminal information.  A well-known member of the botnet underground, Schiefer used malicious software to intercept Internet communications, steal usernames and passwords, and defraud legitimate businesses.  Schiefer transferred compromised communications and usernames and passwords and also used them to fraudulently purchase goods for himself.  This case was the first time in the U.S. that someone has been charged under the federal wiretap statute for conduct related to botnets.
7. Gregory King, 21, of Fairfield, California, was indicted on 9/27/2007 by a federal grand jury in the Central District of California on four counts of transmission of code to cause damage to a protected computer.  King allegedly conducted DDoS attacks against various companies including a web based company designed to combat phishing and malware.
8. Jason Michael Downey, 24, of Dry Ridge, Kentucky, was sentenced on 10/23/2007 in U.S. District Court, Eastern District of Michigan, to 12 months in prison followed by probation, restitution, and community service for operating a large botnet that conducted numerous DDoS attacks that resulted in substantial damages.  Downey operated Internet Relay Chat (IRC) network Rizon.  Downey stated that most of the attacks he committed were on other IRC networks or on the people that operated them.  Downey's targets of DDoS often resided on shared servers which contained other customer's data.  As a result of DDoS to his target, innocent customers residing on the same physical server also fell victim to his attacks.  One victim confirmed financial damages of $19,500 as a result of the DDoS attacks.

I know this is just a drop in the bucket and have read that the majority of botnets are operated by people elsewhere in the world (China and Russia seem to be favorite habitats for herders).  Still, it's nice to know at least something is being done in the U.S. and can only assume that law enforcement will coordinate in other countries as well.