Hacker indicted for infecting DISA, Navy computers
- By Bob Brewin
- Nov 07, 2005
The U.S. attorney’s office in Los Angeles indicted a man last week whom it says created the Trojan horse program that infected computers at the Defense Information Systems Agency and the Naval Air Warfare Center, based in China Lake, Calif.
The 17-count indictment charged James Ancheta, 20, of Downey Calif., with modifying and disseminating the Trojan horse rxbot, which allowed him to create botnets, each with thousands of Internet-connected computers reporting to an Internet Relay Chat (IRC) channel that Ancheta controlled.
The indictment said Ancheta then used a separate IRC channel to advertise the sale of his botnets to those interested in launching distributed denial-of-service attacks or distributing spam without detection.
Referring to Ancheta as a "well- known member of the botmaster underground,” the indictment states that he would give customers control of enough botnets to accomplish their specified task. Ancheta would also provide an instructional manual that included the commands to instruct the botnets to launch distributed denial-of-service attacks or send spam. As part of his service, the indictment states, Ancheta set up and tested the purchased botnet to ensure that the distributed denial-of-service attacks or spamming could be successful.
The indictment also states that Ancheta caused adware to be downloaded onto the infected computers that were part of his botnet armies. To do this, Ancheta allegedly directed the compromised computers to other computer servers he controlled, on which adware he had modified would surreptitiously install onto the infected computers.
The indictment states that Ancheta was an affiliate of several advertising service companies that paid him a commission based upon the number of adware installations.
To avoid detection by network administrators, security analysts and law enforcement, Ancheta would vary the download times and rates of the adware installations, the U.S. attorney’s office in Los Angeles said.
The indictment also states that Ancheta caused the surreptitious installation of adware on approximately 400,000 compromised computers. Ancheta used the fees paid by his customers to purchase, among other things, the multiple servers used to conduct his schemes.
The indictment said the DISA and China Lake computers infected by Ancheta are networks exclusively used by the federal government for national defense. Neither DISA nor the Naval Air Warfare Center responded to calls for comment by deadline.
Ancheta was investigated by the FBI in Los Angeles with the assistance of the Southwest Field Office of the Naval Criminal Investigative Service and the Western Field Office of the Defense Criminal Investigative Service.