Privacy & Information Security Law Blog

A former computer security consultant was sentenced Wednesday to four years in federal prison for fraud stemming from his involvement with a cyber-crime ring that used botnets to infect an estimated 250,000 computers.  He has also been ordered to pay $20,000 in restitution to companies defrauded by the scheme.  The 27 year-old California man made history last year when he became the first "bot herder" in the United States to plead guilty to wiretapping charges in connection with the use of botnets.  His guilty plea included admissions of accessing protected computers to conduct fraud and disclosing illegally intercepted electronic communications, as well as wire and bank fraud.  He faced up to 60 years in prison and $1.75 million in fines.

Botnets are networks of "zombie" computers that, unbeknownst to their owners, are remotely controlled by hackers with unfettered access to personal information stored on, or transmitted by, the machines.  The use of botnets, and attendant malware, permits criminals to gain access to individuals' private communications with financial institutions as well as other sensitive data.  The criminal operation that resulted in Wednesday's sentencing was uncovered by the Federal Bureau of Investigation two years ago as part of its Operation Bot Roast investigative initiative.  According to the FBI, botnets pose a growing threat to national security, the national information infrastructure and the economy.  In June 2007, federal law enforcement agents announced they had logged the millionth IP address belonging to a botnet.