The Spokesman-Review Newspaper
The Spokesman-Review Newspaper The Spokesman-Review
Spokane, Washington  Est. May 19, 1883
Current Temperature
31°F
Current Conditions
Light snow
View complete weather report

Color Scheme

Subscribe now

Man gets term for creating robot network

Associated Press The Spokesman-Review

SEATTLE – A California man was sentenced Friday to three years in federal prison and three years of supervised release for creating a network of robot computers that compromised systems at U.S. military installations around the world and at a Seattle hospital and a California school district.

Christopher Maxwell, 21, of Vacaville, Calif., was sentenced by U.S. District Judge Marsha J. Pechman. He pleaded guilty in May to federal charges of conspiracy to intentionally cause damage to a protected computer and conspiracy to commit computer fraud.

Pechman said the crime showed “incredible self-centeredness” with little regard for the impact on others. She said the prison time was needed as “deterrence for all those youth out there who are squirreled away in their basements hacking.”

Defense attorney Steve Bauer urged probation and community service, noting the lack of a prior criminal record and saying Maxwell did not intend his robot virus program, or “botnet,” to spread as far as it did.

Three victims testified at sentencing: a representative of Seattle’s Northwest Hospital, damaged in February 2005; a representative of the U.S. Defense Department, which reported damage to hundreds of computers worldwide in 2004 and 2005; and a former system administrator for the Colton Unified School District in California, where more than a thousand computers were damaged over several months in 2005.

Botnets represent the state of the art in criminal computer hacking, according to a news release on Friday’s proceeding from federal prosecutors. A botnet is a collection of compromised computers, centrally controlled by a hacker. Hackers create botnets by scanning the Internet for vulnerable computers, which are then infected and instructed to join the botnet.

Because the hacker has complete control of each “bot” computer, the botnet can be used to launch denial-of-service attacks, send SPAM e-mail, steal account login information or run any program.

Maxwell used his botnet to install adware software onto the bot computers, generating installation commissions from unsuspecting adware companies, the U.S. attorney’s office said.

He and two unidentified co-conspirators operated multiple botnets. Using multiple accounts with multiple adware companies, they installed numerous adware programs, generating more than $100,000 in illicit installation commissions. Maxwell alone profited, taking in more than $30,000.

To maximize the commissions, he configured his botnet to constantly scan for and infect new computers. In just two weeks in February 2005, his bots reported more than 2 million infections of more than 629,000 unique Internet addresses, some infected repeatedly, prosecutors said.

The FBI began investigating when Northwest Hospital reported its difficulties while an attack was under way, enabling agents to secure evidence and conduct on-scene analysis. The results of that analysis also helped the hospital respond. Because of its effective manual alternatives to computerized processes, Northwest Hospital was able to work through the computer-system outage without compromising patient care.

In her sentencing memo, Assistant U.S. Attorney Kathryn Warma praised the hospital’s “ongoing dedication to disaster preparedness, its long-term investment in technological resources and its dedicated efforts to marshal all human resources necessary …”

In 2004, the U.S. attorney’s office said, the Defense Department began investigating computer intrusions at installations including the Headquarters of the 5th Signal Command in Manheim, Germany; the Directorate of Information in Fort Carson, Colo.; the Navy Network Information Center in Pensacola, Fla.; the Navy Computer and Telecommunications Area Master Station, Central Europe, in Naples, Italy; the department’s Bureau of Medicine and Surgery in South Carolina; the headquarters of the commander in chief, U.S. Pacific Command, in Hawaii; the Defense Investigative Service in Maryland; the U.S. Central Command at MacDill Air Force Base in Florida; and the Health Care Systems Support Activity in San Antonio, Texas.

“It was determined that Maxwell’s botnet was responsible for these intrusions, which cost the military at least $172,000 to repair,” the U.S. attorney’s statement said.

The Colton school district in southern California estimated that it cost between $50,000 and $75,000 to repair its computers after the botnet attack. The district noted that instructional time was lost for hundreds of students as the district scrambled to respond.

The case was investigated by the FBI’s Seattle field office, as part of the Northwest Cyber Crime Task Force, with assistance and support from more than 20 other field offices around the country.