Joshua Schichtel of Phoenix, Arizona has been jailed for 30 months for selling access to thousands of hijacked home computers.
Schichtel pleaded guilty to attempting to cause damage to multiple computers without authorisation, through the use of botnets. Millions of computers unwittingly become part of a botnet, which are networks of machines that have been infected with a malicious computer programme. This programme allows unauthorised users to then control the infected computers remotely.
Individuals who wanted to infect computers with malware (malicious software) would contact Schichtel and pay him to install malware that comprised those botnets. By doing so Schichtel violated the US Computer Fraud and Abuse Act. There is similar legislation in the UK, under the Computer Misuse Act 1990. Interestingly in 2004 Schichtel was one of four men accused of using botnets to carry out attacks on online retail websites. In that case, the charges against them were dropped due to an administrative error, resulting from the failure of the US Government failed to meet an essential court deadline.
Social networking sites such as Twitter and Facebook are often a conduit to malware that could generate a botnets. A common Facebook scam involved sending victims links to the malware by disguising them as apparent messages from friends. The reality now is that every device that connects to the internet is at risk. In particular, there has been an increase of attacks on mobile telephones with the open source Android software, however software based on proprietary coding, such as Apple devices are not safe either. We have previously seen botnets in infected mobile phones sending out thousands of spam messages. In turn, this can generate a high volume of mobile data traffic for that particular user, which can prove costly, and the immediate consequence for victims may be a higher phone bill. With infection rates continuing to rise, consumers are encouraged to only purchase apps from trusted sources. In addition to this, checking your mobile phone bill, updating your handset regularly and keeping an eye on the websites that you browse is essential.
Although the conviction of Joshua Schichtel may be seen by some as a step in the right direction, it is important to remember that the battle against botnets continues. Being aware of the potential threats from botnets in essential; where possible, prevention is better than cure. There is no “magic bullet” for this problem and it really has to come down to users themselves ensuring that they don’t fall foul to an infection.