A computer security consultant accused of installing malicious software to create an army of up to 250 000 ”zombie” computers so he could steal identities and access bank accounts will plead guilty to four federal charges.
John Schiefer (26) of Los Angeles agreed on Friday to plead guilty to accessing protected computers to conduct fraud; disclosing illegally intercepted electronic communications; wire fraud; and bank fraud, the United States Attorney’s Office said.
Schiefer, who is expected to enter the plea next month, could face up to 60 years in federal prison and a $1,75-million fine.
Schiefer, who used the internet name ”acidstorm”, is the first person charged under federal wiretapping law with operating a ”botnet”, or network of compromised computers, Assistant US Attorney Mark Krause said.
”People hired him to fix their computers, to make sure they’re safe,” Krause said.
Instead, prosecutors contend that Schiefer and his associates installed malicious computer code, called malware, that gave them remote access to the computers without the owners’ knowledge. The ”zombie” computers then eavesdropped on the users’ electronic communications.
Schiefer culled user names, passwords for the PayPal online payment service and other account information that he used to make unauthorised purchases and passed on to others, prosecutors said.
Authorities are working to identify the fraud victims and estimate their losses, Krause said.
Prosecutors contend that Schiefer also defrauded a Dutch internet advertising company that hired him to install its programs on people’s computers with their permission. In his role as a consultant for the Dutch company, Schiefer is accused of installing the programs on more than 150 000 personal computers without the owners’ consent. — Sapa-AP