A 21-year-old could face up to 10 years in prison in the United States after pleading guilty to installing advertising software on PCs located around Europe without permission.
Robert Matthew Bentley, of Panama City, Fla., is scheduled for sentencing May 28 in U.S. District Court for the Northern District of Florida. He could also face a fine of up to $250,000.
[ See related story on the botnet barons who used networks of computers infected with Trojan horse applications to engage in criminal activity. ]
Bentley's plea culminates a wide-ranging international investigation that started with London's Metropolitan Police Computer Crime Unit in December 2006, according to an FBI news release.
Around that time, U.S.-based Newell Rubbermaid, whose products include Sharpie markers and plastic food-storage containers, reported their European computer network had been hacked. One other European-based company also complained.
That launched a law enforcement effort called "Bot Roast II" that included the U.S. Secret Service, the Federal Bureau of Investigation, the Finland National Bureau of Investigation, and other local U.S. agencies.
Bentley was indicted by a federal grand jury in November last year for computer fraud and conspiracy to commit computer fraud. He and others infected hundreds of computers in Europe with advertising software, or adware, using botnets, which are networks of hacked computers. His botnet was located within Newell Rubbermaid's network.
Once a computer is hacked, it can be used to accomplish other malicious actions, such as sending spam or attacking other computers via software vulnerabilities. Because of the global nature of the Internet, the attacks can be very difficult for law enforcement to trace, as the investigations are time-consuming and technical.
Many countries have computer crime or fraud laws that forbid installing software through deceptive means. Advertising software companies pay Web site publishers if their software is downloaded. But hackers, in order to make money, have also used tricky means to put adware on computers without the user knowing it. In many cases, the adware is difficult or nearly impossible to completely remove from a PC.
Bentley installed adware called DollarRevenue, which causes unwanted pop-up advertisements to appear on a machine, the FBI said.
Last December, Dutch authorities fined two companies behind DollarRevenue €1 million ($1.54 million), one of the largest fines ever levied in Europe for adware operations. Hackers were paid €0.15 each for installation of DollarRevenue on European computers and $0.25 for PCs in the United States.