Hacker indicted for infecting DISA, Navy computers

The U.S. attorney’s office in Los Angeles indicted a man last week whom it says created the Trojan horse program that infected computers at the Defense Information Systems Agency and the Naval Air Warfare Center, based in China Lake, Calif.

The 17-count indictment charged James Ancheta, 20, of Downey Calif., with modifying and disseminating the Trojan horse rxbot, which allowed him to create botnets, each with thousands of Internet-connected computers reporting to an Internet Relay Chat (IRC) channel that Ancheta controlled.

The indictment said Ancheta then used a separate IRC channel to advertise the sale of his botnets to those interested in launching distributed denial-of-service attacks or distributing spam without detection.

Referring to Ancheta as a "well- known member of the botmaster underground,” the indictment states that he would give customers control of enough botnets to accomplish their specified task. Ancheta would also provide an instructional manual that included the commands to instruct the botnets to launch distributed denial-of-service attacks or send spam. As part of his service, the indictment states, Ancheta set up and tested the purchased botnet to ensure that the distributed denial-of-service attacks or spamming could be successful.

The indictment also states that Ancheta caused adware to be downloaded onto the infected computers that were part of his botnet armies. To do this, Ancheta allegedly directed the compromised computers to other computer servers he controlled, on which adware he had modified would surreptitiously install onto the infected computers.

The indictment states that Ancheta was an affiliate of several advertising service companies that paid him a commission based upon the number of adware installations.

To avoid detection by network administrators, security analysts and law enforcement, Ancheta would vary the download times and rates of the adware installations, the U.S. attorney’s office in Los Angeles said.

The indictment also states that Ancheta caused the surreptitious installation of adware on approximately 400,000 compromised computers. Ancheta used the fees paid by his customers to purchase, among other things, the multiple servers used to conduct his schemes.

The indictment said the DISA and China Lake computers infected by Ancheta are networks exclusively used by the federal government for national defense. Neither DISA nor the Naval Air Warfare Center responded to calls for comment by deadline.

Ancheta was investigated by the FBI in Los Angeles with the assistance of the Southwest Field Office of the Naval Criminal Investigative Service and the Western Field Office of the Defense Criminal Investigative Service.


  • Telecommunications
    Stock photo ID: 658810513 By asharkyu

    GSA extends EIS deadline to 2023

    Agencies are getting up to three more years on existing telecom contracts before having to shift to the $50 billion Enterprise Infrastructure Solutions vehicle.

  • Workforce
    Shutterstock image ID: 569172169 By Zenzen

    OMB looks to retrain feds to fill cyber needs

    The federal government is taking steps to fill high-demand, skills-gap positions in tech by retraining employees already working within agencies without a cyber or IT background.

  • Acquisition
    GSA Headquarters (Photo by Rena Schild/Shutterstock)

    GSA to consolidate multiple award schedules

    The General Services Administration plans to consolidate dozens of its buying schedules across product areas including IT and services to reduce duplication.

Stay Connected

FCW Update

Sign up for our newsletter.

I agree to this site's Privacy Policy.