White Collar Crime News

Hackers indicted in bot-for-sale scheme and DDOS attacks September 15, 2009

Distributed Denial of Service attacks (or DDOS attacks) are nothing new.  But this case is interesting because it is alleged that these hackers allegedly tried to sell their software.  That aspect of it is rare as far as I know and it’ll be interesting to see how that plays out.  As a defense attorney, you can argue that your client is just being a stupid young person by engaging in this behavior (assuming you are focused more on mitigation then winning the case).  However, when profit is the motive, the mitigation arguments kinda go out the window.

DALLAS—Two men, Thomas James Frederick Smith and David Anthony Edwards have been charged in a federal indictment with conspiring to intentionally cause damage to a protected computer and commit computer fraud. Edwards, of Mesquite, Texas, and Smith, most recently of Parris Island, South Carolina, have both entered not guilty pleas and are on pre-trial release.  Trial has been set for November 16, 2009, before U.S. District Judge Jane J. Boyle.

The indictment alleges that from summer 2004 through October 2006, Smith, a/k/a “Zoot,” “TJ,” and “kingsmith007,” and Edwards, a/k/a “Davus,” conspired together to cause the transmission of a program, information, code, or command, by using an Internet Relay Chat (IRC) network, to cause damage to a protected computer.  An “bot,” is a program running on an IRC client that responds automatically to commands that are sent to it through the IRC server.  An IRC “botnet” is a large number of computers infected with bots.      

Basically, Smith and Edwards allegedly searched the Internet for vulnerable computers, and once a vulnerable computer was hacked into, they planted a malicious program on it.  That malicious program code caused all the compromised computers to login to an IRC chat room.  Once the compromised computers were logged into the IRC chat room, Smith and Edwards remotely controlled the behavior of the compromised computers, such as causing all of the compromised computers to simultaneously participate in a Distributed Denial of Service (DDOS) attack.  Smith and Edwards also accessed, without authorization, websites and either defaced the site, or in the case of one webhost server, “published” its client database.

In trying to sell the bot to a potential botnet purchaser, Smith demonstrated the partial capabilities of the bot to the potential purchaser by causing a portion of the botnet to engage in a DDOS by flooding an IP address at ThePlanet.com, an internet-hosting company in Dallas.

I would like to know more about Edwards’ knowledge of the proposed sale.  If he wasn’t really involved, than he may have a better chance of working out a great plea if he flips on Smith.  Looking at the chat records will be key.