October 21, 2005 12:42 PM PDT

'Bot herders' may have controlled 1.5 million PCs

Three suspected Dutch cybercriminals could face a stiffer penalty with new evidence that they hacked about 1.5 million PCs worldwide, more than 15 times the original estimate.

The three individuals, whose names have not been disclosed, were arrested two weeks ago on suspicion of commandeering more than 100,000 PCs. They allegedly gained control over the systems with a Trojan horse called Toxbot and used the network of zombie PCs to steal credit card numbers and other personal data, and to blackmail online businesses.

But the number of PCs hijacked is much larger than initially thought, Dutch prosecutors said Thursday. Additional data gathered by the Dutch Computer Emergency Response Team and Internet service providers indicates that more than 1.5 million PCs were involved, 30,000 of which were in the Netherlands.

"This will certainly play a role when determining the penalty," Wim de Bruin, a spokesman for the Dutch National Prosecutor's Office, said Friday. "It does make a difference if you break a window in a single house or the entire street." Under various computer crime laws, the three could face up to six years in prison, de Bruin said.

A court in Breda, Netherlands, on Thursday extended custody of the 19-year-old main suspect and a 27-year-old accomplice by a month. The third suspect, a 22-year-old, was released because of confidential "personal reasons," de Bruin said. Under Dutch law, suspects can be held for up to three months before a first public court appearance.

Networks of hijacked computers, known as botnets, are considered one of the most serious security threats on the Internet. While the dismantled botnet is one of the largest ever seen, the takedown is merely a drop in the bucket, experts have said.

Botnets are often rented out by their owners, called bot herders, to relay spam and launch phishing scams to steal sensitive personal data for fraud. Botnets have also been used in blackmail schemes, where the criminals threaten online businesses with a denial-of-service attack to extort money. A denial-of-service attack would disable a targeted Web site.

In the Dutch case, investigators suspect the individuals of hacking into computers, destroying computer networks and installing adware and spyware. The suspects are also thought to have sold their services to others, including writing viruses that were designed to steal login data for online banking, prosecutors said.

The investigation also suggests that the suspects hacked into accounts at payment service PayPal and online auction giant eBay and extorted unidentified U.S. businesses.

The Dutch investigation is ongoing and more arrests are expected in the Netherlands, de Bruin said. A court date has yet to be set for the current suspects.

4 comments

Join the conversation!
Add your comment
Oh well, look future anti terroist employees
Once the media loses it's short term attention span on this case, you will find,in view of the alledged war on terror, some super secret government sub department,corrupt with it's own self importance and recently created anti terroist organization capable of bypassing all laws with impunity and manipulate pollies in the illicit/implicit blackmail style of the old master J Edgar H. , will now be employing these miscreants, for other nefarious reasons. Oh well, such is life!
Posted by heystoopid (691 comments )
Reply Link Flag
Oh well, look future anti terroist employees
Once the media loses it's short term attention span on this case, you will find,in view of the alledged war on terror, some super secret government sub department,corrupt with it's own self importance and recently created anti terroist organization capable of bypassing all laws with impunity and manipulate pollies in the illicit/implicit blackmail style of the old master J Edgar H. , will now be employing these miscreants, for other nefarious reasons. Oh well, such is life!
Posted by heystoopid (691 comments )
Reply Link Flag
they must have been bored... with their jobs...
geeze, they could have been selling shopping carts for Amazon... maybe some
Posted by (187 comments )
Reply Link Flag
they must have been bored... with their jobs...
geeze, they could have been selling shopping carts for Amazon... maybe some
Posted by (187 comments )
Reply Link Flag
 

Join the conversation

Add your comment

The posting of advertisements, profanity, or personal attacks is prohibited. Click here to review our Terms of Use.

What's Hot

Discussions

Shared

RSS Feeds

Add headlines from CNET News to your homepage or feedreader.