Hacker Pleads Guilty to Spreading Botnets & Infecting PayPal Accts. & 250,000 computers!

Hacker Pleads Guilty to Spreading Botnets

http://www.pcworld.com/article/id,139507-c,cybercrime/article.html

A hacker in California admits distributing malware that let him steal usernames and passwords for Paypal accounts.

Nancy Gohring, IDG News Service
Saturday, November 10, 2007 5:00 AM PST

A hacker has pleaded guilty to infecting hundreds of thousands of computers with malware in order to steal money from Paypal accounts. He could spend 60 years in prison and face a US$1.75 million fine.

John Schiefer, 26, admitted that he and some associates developed malware that allowed them to create botnet armies of as many as 250,000 computers. Schiefer was able to collect information sent from the infected computers, including usernames and passwords for Paypal accounts. He and his associates were then able to make purchases using the Paypal accounts. They also shared the password information with others.

This is the first prosecution of a hacker for this type of activity, according to the United States Attorney's Office for the Central District of California. The Federal Bureau of Investigation pursued the case.

Schiefer says he also found Paypal usernames and passwords using malware that could access usernames filed in a secure storage area on the computers. The malware would send that information to Schiefer, who used it to access the accounts.

Schiefer also acknowledged fraudulently earning more than $19,000 from a Dutch Internet advertising agency that hired him as a consultant. He was supposed to install the company's programs on computers after receiving consent from computer owners. Instead, he and his associates installed it on 150,000 computers that were infected with his malware.

Schiefer is scheduled to appear in the U.S. District Court in Los Angeles on Nov. 28 and be arraigned on Dec. 3.

Microsoft Stands By Its Invite to Arrested Hacker

http://www.pcworld.com/article/id,139483-page,1/article.html

Microsoft's security team invited Roberto Preatoni to give a talk
at its Redmond campus and the hacker has since been arrested on charges
related to a national spying case in Italy.

Robert McMillan, IDG News Service
Friday, November 09, 2007 8:00 AM PST

Microsoft's security team took a bit of a chance a few weeks ago, when it invited Roberto Preatoni to give a talk at its Redmond campus.

Preatoni is the founder of Wabisabilabi, a Switzerland-based company that bills itself as an auction site for the software bugs that companies like Microsoft never want anybody to see. He spoke at Microsoft in late September as an invited guest at Microsoft's semi-annual Blue Hat security conference.

But what had been an edgy invite by Microsoft's Blue Hat planners took on a new dimension this week, when Preatoni was arrested in Milan on charges relating to a national spying scandal at Telecom Italia, Italy's largest telephone carrier.

Preatoni's company confirmed his arrest in a statement Thursday, saying that his work for Telecom Italia was unrelated to Wabisabilabi (the incidents at Telecom Italia took place before Wabisabilabi was founded) and that the company was "confident that his innocence will be established if a case ever comes to court."

The charismatic Preatoni was a popular speaker at security conferences but his company's controversial business model raised some eyebrows.

So was it a miscalculation to invite him to Blue Hat? Not at all, said George Stathakopoulos, general manager of Microsoft's Response and Product Centers "Look, if you think of Blue Hat as being someone who comes to work with us, that's a mistake," he said. "We brought HD Moore in."

Moore, no fan of Microsoft, is the is the author of the open-source Metasploit hacking tool and he has written code that exploits dozens, if not hundreds, of critical vulnerabilities in Microsoft's products.

more.....