US hacker gets five years in the slammer

A US man has been sentenced to nearly five years in prison after he was found guilty of illegally controlling around 400,000 third party PCs for the purposes of launching malware attacks.

Jeanson James Ancheta, 21, from California, rented out space on this zombie network of compromised machines for the sending of spam and malware, and also for launching denial of service attacks.

Among the machines infected by Ancheta were computers at the US military test base at China Lake in the Mojave Desert. Ancheta was ordered to pay the US Navy $15,000 in damages as well as surrendering $60,000 in proceeds from his crimes.

Ancheta advertised his zombie network - or botnet - on his own website called botz4sale.

Currently botnets pose the greatest threat to internet security, according to many experts. An army of compromised machines sitting in suburbia, whose owners are oblivious to the risk, can be hijacked to distribute malware, spam or launch crippling attacks via their broadband connections.

Graham Cluley, senior technology consultant for Sophos, warned that Ancheta represents only the tip of the iceberg.

Cluley said: "Ancheta was based in California, making him within easy reach of investigators. Others running bot networks may be based anywhere in the world, meaning that to truly crack this problem more international co-operation is required."

However, the antivirus community remains sceptical about the likelihood of significant co-operation between international law enforcement. Last month John Thompson, CEO of Symantec, told silicon.com "international co-operation is miniscule, it's almost non-existent".

In a separate case, a 20-year-old California man last week pleaded guilty to setting up a zombie network of around 50,000 compromised machines, affecting a hospital as well as other US military systems.