Monday, June 30, 2008

Malware Creator Cheyenne teen charged

CHARGED : Malware Creator Cheyenne teen charged

27 Jun 2008



CHEYENNE, Wyo. (AP) Federal prosecutors in Los Angeles have charged a Cheyenne teenager with creating a malicious computer code they say allowed him to take over thousands of computers nationwide to steal credit card information and defraud people.

Jason Michael Milmont, 19, of Cheyenne, has entered a plea agreement with federal prosecutors that calls for him to plead guilty to a single felony charge of accessing protected computers to conduct fraud. He faces up to five years in prison and a fine of up to $250,000 when he's sentenced later by a federal judge in Cheyenne. Milmont also has agreed to pay restitution of more than $73,000.

Milmont's lawyer, Robert Rose, of Cheyenne, did not immediately return calls seeking comment Friday.

According to the plea agreement, Milmont modified ''peer-to-peer'' software the same sort of computer programs that allow people to find and download music and videos on the internet. Prosecutors say he developed a piece of malicious computer code called the Nugache Worm that allowed him to infect other people's computers secretly when they retrieved a peer-to-peer software-sharing program called Limewire on the Internet.

Milmont secretly took over as many as 15,000 computers nationwide, prosecutors said. They said his case is the first in the nation in which a person has been charged with using such ''peer-to-peer'' software to infect other computers.

Wesley L. Hsu, chief of the cyber and intellectual property crimes section in the U.S. Attorney's Office in Los Angeles, said Friday that Milmont is ''certainly a sophisticated defendant, there's no doubt about that.''

Hsu said Milmont isn't necessarily the sole author of the Nugache Worm. He said such computer viruses are commonly developed over time by several programers.

Yet, Hsu said, ''I think that it's fairly clear that the crime was fairly significant.''

Hsu said investigators increasingly are seeing computer criminals taking over the machines of many victims without their knowledge. He said that results in the criminals controlling a ''botnet,'' shorthand for a ''robot network'' of victim computers.

''We try to make our best efforts to contact the victims of these cases,'' Hsu said. ''But when you're talking about thousands of computers at a time, the population of the botnet is constantly changing. So it's very difficult to contact all the victims.''

The FBI investigated the case against Milmont, but Hsu said he couldn't comment on how agents tracked him down. Hsu said he also couldn't comment on what Milmont purchased once he intercepted the credit card numbers of his victims. He said all the restitution Milmont must pay will reimburse fraud victims he reached through the ''botnet'' he created.

Minneapolis-based security analyst Bruce Schneier, chief technologist for BT Counterpane, wrote an analysis of the Nugache Worm last December. He called it and another similar ''botnet'' computer code the ''next step in the evolution of malware,'' or malicious computer software.

In a telephone interview Friday, Schneier said such computer crimes involving secretly commandeering the machines of thousands of unsuspecting victims are becoming more commonplace.

''This is the way hacking is being done today,'' Schneier said. ''This is it more likely it's organized crime than some kid in some town in the United States. This is what we're seeing. The stuff is nasty, it's more than just putting a funny message on your screen, or erasing your hard drive.''

Flint Waters, leader of the Internet Crimes against Children Task Force for the Wyoming Division of Criminal Investigation, has written software that helps law enforcement agencies track down people using ''peer-to-peer'' computer technology to traffic in illegal child pornography.

Waters said people should take precautions with their personal computers to avoid being victimized.

''You never want to open attachments or executables that come from an untrusted host,'' Waters said. ''You just want to make sure that you don't activate these things. There are a lot of those mechanisms. They all basically operate on the assumption that you launch something on your system. You in some way make them welcome.''

No comments:

This Day in History

Thanks for your Visit