Jeanson James Ancheta

Jeanson James Ancheta
Jeanson James Ancheta
Born	April 26, 1985 (age 38)
Conviction(s)	Pleaded guilty to four felony charges
Criminal penalty	5 years in prison

Last updated December 08, 2023

On May 9, 2006, Jeanson James Ancheta (born April 26, 1985) became the first person to be charged for controlling large numbers of hijacked computers or botnets.^[2]^[3]

Biography

Ancheta was going to Downey High School in Downey, California until 2001 when he dropped out of school.^[4] He later entered an alternative program for students with academic or behavioral problems.^[4] He worked at an Internet cafe and according to his family wanted to join the military reserves. Around June 2004 he started to work with botnets after discovering rxbot, a common computer worm that could spread his net of infected computers.

Botnets

Botnet is a jargon term for a collection of software robots, or "bots", that run autonomously and automatically.

He hijacked somewhere in the area of half a million computer systems. This not only affected computers like the one in your home, but it allowed him and others to orchestrate large-scale attacks.
— US attorney's office in Los Angeles, Thom Mrozek^[2]

Arrest and sentence

In November 2005 he was captured in an elaborate sting operation when FBI agents lured him to their local office on the pretext of collecting computer equipment.^[5] The arrest was part of the Operation: Bot Roast.^[6]

On May 9, 2006 Ancheta pleaded guilty to four felony charges of violating United States Code Section 1030, Fraud and Related Activity in Connection with Computers, specifically subsections (a)(5)(A)(i), 1030 (a)(5)(B)(i), and 1030(b).^[7] Ancheta must serve 57 months in prison, forfeit a 1993 BMW and more than $58,000 in profit. He must also pay restitution of $15,000 US to the U.S. federal government for infecting the military computers.^[8]

Related Research Articles

A botnet is a group of Internet-connected devices, each of which runs one or more bots. Botnets can be used to perform Distributed Denial-of-Service (DDoS) attacks, steal data, send spam, and allow the attacker to access the device and its connection. The owner can control the botnet using command and control (C&C) software. The word "botnet" is a portmanteau of the words "robot" and "network". The term is usually used with a negative or malicious connotation.

Rizon is a large Internet Relay Chat (IRC) network with an average of around 20,000 users. The IRC network itself ranks number 5 among the largest IRC networks. Rizon is popular with many anime fansubbing groups who work online, many of whom provide their content through XDCC via IRC bots in their distribution channels. It is also used by many users of eRepublik as a means of communication. File sharing of other copyrighted material such as Warez is also common in some channels on the network.

Torpig, also known as Anserin or Sinowal is a type of botnet spread through systems compromised by the Mebroot rootkit by a variety of trojan horses for the purpose of collecting sensitive personal and corporate data such as bank account and credit card information. It targets computers that use Microsoft Windows, recruiting a network of zombies for the botnet. Torpig circumvents antivirus software through the use of rootkit technology and scans the infected system for credentials, accounts and passwords as well as potentially allowing attackers full access to the computer. It is also purportedly capable of modifying data on the computer, and can perform man-in-the-browser attacks.

Operation: Bot Roast is an operation by the FBI to track down bot herders, crackers, or virus coders who install malicious software on computers through the Internet without the owners' knowledge, which turns the computer into a zombie computer that then sends out spam to other computers from the compromised computer, making a botnet or network of bot infected computers. The operation was launched because the vast scale of botnet resources poses a threat to national security.

Norton AntiBot, developed by Symantec, monitored applications for damaging behavior. The application was designed to prevent computers from being hijacked and controlled by hackers. According to Symantec, over 6 million computers have been hijacked, and the majority of users are unaware of their computers being hacked.

The Storm botnet or Storm worm botnet was a remotely controlled network of "zombie" computers that had been linked by the Storm Worm, a Trojan horse spread through e-mail spam. At its height in September 2007, the Storm botnet was running on anywhere from 1 million to 50 million computer systems, and accounted for 8% of all malware on Microsoft Windows computers. It was first identified around January 2007, having been distributed by email with subjects such as "230 dead as storm batters Europe," giving it its well-known name. The botnet began to decline in late 2007, and by mid-2008 had been reduced to infecting about 85,000 computers, far less than it had infected a year earlier.

Srizbi BotNet is considered one of the world's largest botnets, and responsible for sending out more than half of all the spam being sent by all the major botnets combined. The botnets consist of computers infected by the Srizbi trojan, which sent spam on command. Srizbi suffered a massive setback in November 2008 when hosting provider Janka Cartel was taken down; global spam volumes reduced up to 93% as a result of this action.

The Mega-D, also known by its alias of Ozdok, is a botnet that at its peak was responsible for sending 32% of spam worldwide.

Zeus is a Trojan horse malware package that runs on versions of Microsoft Windows. it is often used to steal banking information by man-in-the-browser keystroke logging and form grabbing. Zeus is spread mainly through drive-by downloads and phishing schemes. First identified in July 2007 when it was used to steal information from the United States Department of Transportation, it became more widespread in March 2009. In June 2009 security company Prevx discovered that Zeus had compromised over 74,000 FTP accounts on websites of such companies as the Bank of America, NASA, Monster.com, ABC, Oracle, Play.com, Cisco, Amazon, and BusinessWeek. Similarly to Koobface, Zeus has also been used to trick victims of technical support scams into giving the scam artists money through pop-up messages that claim the user has a virus, when in reality they might have no viruses at all. The scammers may use programs such as Command prompt or Event viewer to make the user believe that their computer is infected.

The Mariposa botnet, discovered December 2008, is a botnet mainly involved in cyberscamming and denial-of-service attacks. Before the botnet itself was dismantled on 23 December 2009, it consisted of up to 12 million unique IP addresses or up to 1 million individual zombie computers infected with the "Butterfly Bot", making it one of the largest known botnets.

United States of America v. Ancheta is the name of a lawsuit against Jeanson James Ancheta of Downey, California by the U.S. Government and was handled by the United States District Court for the Central District of California. This is the first botnet related prosecution in U.S history.

The Kelihos botnet, also known as Hlux, is a botnet mainly involved in spamming and the theft of bitcoins.

ZeroAccess is a Trojan horse computer malware that affects Microsoft Windows operating systems. It is used to download other malware on an infected machine from a botnet while remaining hidden using rootkit techniques.

Blackshades is a malicious trojan horse used by hackers to control infected computers remotely. The malware targets computers using operating systems based on Microsoft Windows. According to US officials, over 500,000 computer systems have been infected worldwide with the software.

Dorkbot is a family of malware worms that spreads through instant messaging, USB drives, websites or social media channels like Facebook. It originated in 2015 and infected systems were variously used to send spam, participate in DDoS attacks, or harvest users' credentials.

Dridex, also known as Bugat and Cridex, is a form of malware that specializes in stealing bank credentials via a system that utilizes macros from Microsoft Word.

The Necurs botnet is a distributor of many pieces of malware, most notably Locky.

Mirai is malware that turns networked devices running Linux into remotely controlled bots that can be used as part of a botnet in large-scale network attacks. It primarily targets online consumer devices such as IP cameras and home routers. The Mirai botnet was first found in August 2016 by MalwareMustDie, a white hat malware research group, and has been used in some of the largest and most disruptive distributed denial of service (DDoS) attacks, including an attack on 20 September 2016 on computer security journalist Brian Krebs' website, an attack on French web host OVH, and the October 2016 Dyn cyberattack. According to a chat log between Anna-senpai and Robert Coelho, Mirai was named after the 2011 TV anime series Mirai Nikki.

Marcus Hutchins, also known online as MalwareTech, is a British computer security researcher known for stopping the WannaCry ransomware attack. He is employed by cybersecurity firm Kryptos Logic. Hutchins is from Ilfracombe in Devon.

References

↑ True People Research ^{[ dead link ]}
1 2 "American owns up to hijacking PCs". BBC News. 24 January 2006. Retrieved 2008-09-26.
↑ By Holden Frith and AP (January 24, 2006). "Hacker pleads guilty to building 'botnet' army". London: Times Online . Retrieved 2008-09-26. In the first case of its kind, Jeanson James Ancheta, of Downey, California, pleaded guilty in a Los Angeles court to four charges, including infecting machines at the China Lake Naval Air Facility in California and the Defence Information System Agency, in Falls Church, Virginia.
1 2 Byron Acohido and Jon Swartz (2006-04-23). "Malicious-software spreaders get sneakier, more prevalent". USA Today . Retrieved 2008-09-26.
↑ Iain Thomson (2005-11-04). "FBI sting nets botnet hacker". vnunet.com. Archived from the original on 2007-12-20. Retrieved 2008-09-26.
↑ Dan Goodin (13 June 2007). "FBI logs its millionth zombie address". the register . Retrieved 2008-09-26.
↑ Robert Vamosi (January 27, 2006). "Cybercrime does pay; here's how". CNET Reviews. Retrieved 2008-09-11.
↑ "Zombie master Jeanson Ancheta pleads guilty". spamdailynews. January 23, 2006. Archived from the original on August 20, 2008. Retrieved 2008-09-11.

External links

US Department of Justice bio

This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.

[1] True People Research ^{[ dead link ]}

[bbc_4642566-2] 1 2 "American owns up to hijacking PCs". BBC News. 24 January 2006. Retrieved 2008-09-26.

[Times_Online_article718776-3] By Holden Frith and AP (January 24, 2006). "Hacker pleads guilty to building 'botnet' army". London: Times Online . Retrieved 2008-09-26. In the first case of its kind, Jeanson James Ancheta, of Downey, California, pleaded guilty in a Los Angeles court to four charges, including infecting machines at the China Lake Naval Air Facility in California and the Defence Information System Agency, in Falls Church, Virginia.

[usatoday_bot-herders-4] 1 2 Byron Acohido and Jon Swartz (2006-04-23). "Malicious-software spreaders get sneakier, more prevalent". USA Today . Retrieved 2008-09-26.

[vnunet_2145579-5] Iain Thomson (2005-11-04). "FBI sting nets botnet hacker". vnunet.com. Archived from the original on 2007-12-20. Retrieved 2008-09-26.

[theregister_2007-6] Dan Goodin (13 June 2007). "FBI logs its millionth zombie address". the register . Retrieved 2008-09-26.

[CNET_2006-7] Robert Vamosi (January 27, 2006). "Cybercrime does pay; here's how". CNET Reviews. Retrieved 2008-09-11.

[spamdailynews-8] "Zombie master Jeanson Ancheta pleads guilty". spamdailynews. January 23, 2006. Archived from the original on August 20, 2008. Retrieved 2008-09-11.

[1]

[2]

[3]

[4]

[5]

[6]

[7]

[8]