Botmaster gets five years in prison

Jeanson James Ancheta, who used a network of zombie computers to rake in tens of thousands of dollars and buy himself a BMW, was sentenced to almost five years in federal prison on Monday.

Ancheta, of Downey, Calif., will serve 57 months in federal prison, followed by three years of supervised release for violating provisions of the U.S. Computer Fraud Abuse Act and the CAN-SPAM Act, according to the sentence handed down in Los Angeles by U.S. District Judge R. Gary Klausner. The sentence is one of the longest ever given for spreading computer viruses, according to a statement by the U.S. Attorney's office in Los Angeles.

At one time, Ancheta, who is 20, controlled a network of more than 400,000 zombie computers or "bots." He built and controlled the network using a unique variant of the Trojan horse program called "rxbot."

Ancheta used commands sent over Internet Relay Chat (IRC) to instruct the bot machines to scan for and infect other vulnerable computers, launch coordinated distributed denial of service (DDoS) attacks on behalf of customers who rented access to the botnet, or distribute spam and adware.

Ancheta pled guilty to the charges in January and promised to pay damages to the U.S. military for compromising systems belonging to the Computers Weapons Division of the United States Naval Air Warfare Center in China Lake and the Defense Information Systems Agency (DISA).

The government also confiscated $60,000 in cash and Ancheta's BMW.

The FBI and federal prosecutors built a case against Ancheta that included reams of IRC and instant message exchanges between him and customers interested in renting access to his botnet to send spam, launch DDoS attacks, or distribute "pay per click" adware and spyware, as well as records of Ancheta's efforts to keep his botnet operating by moving his IRC servers between various Internet hosting companies to avoid being shut down.

Speaking on Monday, Judge Klausner said his crimes were "extensive, serious, and sophisticated," and accused Ancheta of "intellectual arrogance."

"Your worst enemy is your own intellectual arrogance that somehow the world cannot touch you on this,” he said, according to a statement released by the U.S. Attorney's Office.

Ancheta's sentence follows news of another successful prosecution of a botnet operator. On May 4, Chris Maxwell, 20, of Vacaville, Calif., pleaded guilty in U.S. District Court in Seattle to computer fraud charges for operating a botnet that caused disruption on critical care systems used by Seattle's Northwest Hospital in January 2005.