LOS ANGELES (CN) – An information security consultant pleaded guilty Wednesday to stealing identities of people across the country by using botnets – armies of hijacked computers – taking personal information and wiretapping their communications.
John Schiefer, 26, of Los Angeles, pleaded guilty to federal charges of computer fraud, wire fraud, bank fraud and disclosing illegal wiretaps. Schiefer is known as a member of the “botnet underground” in that peculiar community, prosecutors said.
Schiefer admitted in court Wednesday that he gained access illegally to “hundreds of thousands” of computers, which he remotely controlled through servers, then used the “zombie” computers and his botnets to search for other vulnerable computers, intercept communications and steal identities, the U.S. Attorney’s office said.
Schiefer installed surreptitious, malicious programs – malware – on the zombie computers, which captured online purchases, then used the captured information to find user names and passwords, and to transfer money from his victims. He also gave the stolen names and passwords to others, prosecutors said.
Schiefer is the first person in the country to plead guilty to wiretapping charges for using botnets, the U.S. Attorney’s office said.
Schiefer also pleaded guilty to defrauding a Dutch advertising company that hired him to install its programs on computers if the owners consented. But Schiefer admitted that he and two others installed programs on 150,000 computers without their owners’ consent. He must repay the $19,000 the Dutch company paid him.
Schiefer, whose name in the botnet world was acidstorm, will be sentenced on Aug. 20. He faces up to 60 years in prison and a fine of $1.75 million.