Bot Herder Busted
Greg King, a 21-year-old hacker, was busted by the cops for launching DDOS attacks against CastleCops, a cybersecurity site, and KillaNet, an online forum.
From The Reg here:
US police have arrested a man suspected of launching a distributed denial of service attack against volunteer security community CastleCops earlier this year.
Greg King, 21, of Fairfield, California, stands charged with four counts of hacking over attacks against CastleCops and KillaNet, a Canadian graphics and web design forum.
King used a network of more than 7,000 zombie compromised PCs to conduct multiple distributed denial of service attacks against the websites of both CastleCops and KillaNet.
King taunted KillaNet in a series of emails during the attacks. During his arrest King (AKA Silenz) allegedly fled out his backdoor and dumped a laptop in the bushes.
A DoJ statement on the case can be found here.
A Google search for Greg King’s online aliases show that he seeded dozens of torrents on Pirate Bay and other sites with trojans to spread his botnet. So this hacker made quite a few mistakes. First, he taunted his victim, which was undoubtedly the way that he was identified as the attacker. Next, he failed to encrypt his laptop, giving the Feds everything they needed to put him away.ย Finally, he left a trail of his misdeeds all over the internet because he repeatedly used his alias when seeding his malware.
What kind of punishment does this type of crime bring?
Historically, it varies. It depends on what the botnet did, whether or not the guy has a good lawyer and what kind of plea deal the guy can get.
Most botnets have been used to do click fraud. Click fraud seems to be a lighter sentence than DDoS attacks. One dude I wrote about was selling botnets to hackers and was given 5 years in jail.
http://www.belch.com/blog/2006/05/09/stiff-fines-for-cyber-crimes/
But this guy seemed like a prick, so the judge might not go very easy on him.
Among the evidence that was found was a mIRC-like script that was being distributed through xDCC (and likely through torrents as well) that would give the downloader the impression that they were getting a keygen or a crack, when in reality it (the script) was simply renaming his infected bot installer to match the requested filename, then sending it on to the user.
There’s no telling how many thousands of computers he infected this way, only that we estimate that he was in control of 7000 or more.
We actually had our Google Adsense account closed by Google because of clicks generated by one of his attacks (fraudulent clicking), and Google simply didn’t want to hear any excuses.
In conversations with Greg that I personally have had in the past, he always claimed to be untouchable… higher than thou sort of mentality. I hope he gets the full sentance handed down on him as an example to others. That would be just the sort of thing to show him that it’s not nice to mess with Killanet. ๐
NightStorm,
Thanks a lot for the feedback, especially from Killanet’s perspective. Lots of hackers have a superiority complex, and if they are really on their game, its likely to be a deserved attitude.
But when they step over the line and then openly boast about their exploits, well, its just not smart at all is it?
We will be following this case closely. Again, thanks for joining the discussion.
We (Killanet staff) have been watching this one VERY closely. It’s amazing how quickly it actually exploded onto the Internet. I’m guessing a large part of that was due to the popularity of the other site he attacked, but still… wow.
He’s since had his Mommy post his bail, and is back at home. His Yahoo profile was updated on the 3rd, showing that he has been back online as well, although according to the terms of his bail, he is allowed to be online while at work.
Not exactly sure what sort of job he could have, what with being released for Armed Robbery just a few short weeks ago, then having the FBI bust him again (he’s been in jail for a number of months now), but that part of the investigation isn’t mine… I only go through our logs… over… and over… and over. Gah.
This kiddie repeatedly would come into our IRC and taunt the younger staff though. Not just “I’m going to get you”, but actual sexual and racial expletives, in order to cause a retaliation, which I guess he felt was justification enough to attack. If anything, the staff have learned “Save Now, Save Often” when coding.
I wonder how much this case is going to become a template of sorts for future botnet owners and virus spreaders.
He entered a plea of “Not Guilty” and a trial date is to be set on the 16th in the A.M.
I dunno how you feel about me posting links, but if you (or anyone else) want to follow everything, we’re going to be keeping an updated thread at http://www.killanet.net/forum/Indictment-And-Arrest-For-Computer-Hacking-t9579.html as things progress (it’s getting harder to find the updated topics through Google), and Tami/Adaera is very good at keeping everything updated. You just have to learn to scroll past our standard chatter. ๐
Nightstorm,
No problem with the link. But you have been gracious to provide insight here on my blog that I have not seen in your forums.
I will check in often to see how things progress.
BTW, I have written about incredibly stupid hackers before. Justin Perras stole credentials into Lexis Nexis, and while on bail, he was busted breaking into cars.
http://www.belch.com/blog/2006/08/30/lexis-nexis-hacker-on-bond-robs-cars/