True crime: The botnet barons

When federal agents announced on November 29 that they'd indicted or convicted eight individuals accused of using botnets (networks of computers infected with Trojan horse applications) to engage in criminal activity, the press release barely explained the nature and extent of the men's crimes -- or the investigations that led to arrests in an operation the FBI and other law enforcement agencies have termed Bot Roast II.

When InfoWorld decided to dig a little deeper, we found that the motivations of each perpetrator were far richer, and the nature of the crimes more complex, than a simple rundown of their rap sheets could express.

In fact, the eight Bot Roast II criminals committed a broad range of online crimes, which together make up a representative sample of motives and patterns common to these kinds of crimes. The following story is our attempt to profile the people behind the crimes.

The Perp: Adam Sweaney

Pleaded guilty to: felony fraud and computer crimes

Plea date: Sept. 24, 2007

Sweaney, a 27-year-old computer technician from Tacoma, Wash., seems to have started out on the side of the good guys. In Internet postings to the Yahoo Answers message board, a man who signed his messages "Adam Sweaney, Tacoma PC Repair" appeared to help computer users with their problems relating to worms and malware. But at some point, Sweaney switched allegiances to the Dark Side. From as early as May 2006 and for nearly a year, Sweaney was infecting PCs with Trojan horses that built a botnet he later used to transmit spam messages on behalf of others.

Court papers filed by the U.S. Attorney prosecuting the case say that Sweaney's goal was to earn money by leasing out access to the botnet (which he called "proxies"), a common business practice for bot-herders. He advertised his proxies on message boards where spammers and bot-herders made business deals, boasting of his spamming prowess with posts such as "last month sents 50 million gi domains, delivery 87% price $500.00 Also still have full FTP server setup with lots of data ... plus updated last weekend with some fresh files/shyt." For just $500, you could hire Sweaney to send 50 million spams, 87 percent of which were guaranteed to make it to live e-mail accounts.

In July, 2006, an FBI undercover agent contacted Sweaney posing as a spammer interested in his offerings. Sweaney gave the agent free access to the botnet for 20 minutes, then engaged the agent in a discussion of what services were available, including a list of 18 million Hotmail e-mail addresses he was selling for $10 for each million addresses. The agent bought those addresses, as well as 14 million Yahoo addresses, and access to the botnet for a period of two weeks. In the course of the investigation, the FBI discovered that one of the bot-infected computers belonged to the Justice Department's Antitrust Division in Washington, DC.

The Perp: Gregory King
Indicted for: four counts of "transmission of code to cause damage to a protected computer"
Indictment date: Sept. 27, 2007

Among the people happy to hear about Greg King's indictment were the operators of two Web sites, Killanet and Castlecops, which King repeatedly attacked using his botnet. The latter site, a clearinghouse for information about malware, botnets, and spammers, was subjected to a massive distributed denial-of-service attack in February 2007. But let's not get ahead of ourselves.