NZ Teen Arrested as 'Spybot Mastermind'

Josh Fink writes "The Guardian has an interesting piece on 'Akill', a teenager from New Zealand who was the ringleader of a hacking ring. The economic impact of the ring may have totaled £9.7m. 'The teenager was the "head of an international spybot ring that has infiltrated computers around the world with their malicious software', Martin Kleintjes told New Zealand national radio ... The FBI estimates that more than 1m computers have been infected, and puts the combined economic losses at more than $20m (£9.7m).' Eight people have been charged, pleaded guilty or have been convicted since June. The FBI really has been putting a crackdown on botnets / spyware recently."

Important to point out...

[kaos07 (1113443)]

I think it's important to point out that the kid 'Akill' was released without charge and that he didn't make any money out of the operation. Some sources are reporting that the group "raked in" $20 million, whereas that figure comes from estimates of "economic losses" so are probably inflated or meaningless depending on where the sources come from.

I could be worse....

[iknownuttin (1099999)]

if it were the RI/MPAA, it would have said 20 billion.

Re:

[billcopc (196330)]

*sprays water on mods* Bad mod, no donut!

This should be rated "+1 Sad but True"

I actually find the 20 mil number quite conservative. 20$ per zombie is low, a bot using up 100% CPU eats up a lot of electricity, causes extra thermal stress on the components (thus more failures), and a heck of a lot of wasted money on cleaning the thing out, especially when the Geek Squad is involved.

Re:Important to point out...

[fireboy1919 (257783)]

that figure comes from estimates of "economic losses" so are probably inflated or meaningless depending on where the sources come from.

What would be realistic? Lets say that he stole the use of 100,000 computers in his botnet. At 2Mil, each computer would have $20 in economic losses.

That doesn't seem at all unrealistic. If it costs $20 of your time (i.e., if it takes an hour to clean and you make $20 an hour, or something to that effect), then it's $20 in economic loss. If the resulting slowdown costs $20 of your productive time, same thing.

Sure, some people don't lose that much by not being productive, but some lose a lot more. $20 average sounds entirely reasonable - probably a little low, actually. They probably didn't infect that many machines.

Keep in mind that I'm not even bringing up what is done with those computers - I'm just talking about losses caused by putting the spyware on machines, and haven't begun to talk about what is done with it.
If bad things were done with things, it would certainly drive the average cost per infection up a lot, which would make it easy to cause that much damage while infecting far fewer machines.

Point is that this isn't like assuming that every download=a sale lost. It isn't outside the realm of possibility at all.

Re:

[ajs (35943)]

that figure comes from estimates of "economic losses" so are probably inflated or meaningless depending on where the sources come from.

What would be realistic? Lets say that he stole the use of 100,000 computers in his botnet. At 2Mil, each computer would have $20 in economic losses.

And you've proven the point more eloquently than any of us could.

You're simply making up what you imagine to be his activities, and then making up figures to assign to that.

In reality, the number given is usually the combined salaries of everyone that the government and private organizations decided to put on the case. Thus, if a company has an IT security dept. of 3 and there are 3 government officials dealing with the case, then the "impact" is typically the salaries of all 6 times the amount of time tha

Re:

[Firethorn (177587)]

This is, of course, just as arbitrary as any other metric and most notably does not measure anything which can be reasonably termed "loss".

I get mad at you and hit you a few times with a baseball bat, rendering you unable to work for two weeks. Are you trying to say that when you haul me into court you wouldn't be suing for lost wages?

Those agents could have been going after somebody else, the IT guys could have been catching up on their research, pushing patches, not worked as much overtime, or gotten by

Re:

[cheater512 (783349)]

Sure those agents could have been working on something else.
And when they closed that case they would also be getting damages covering their wages.

Effectively the FBI doesnt need to pay their agents. :)

Re:

[Firethorn (177587)]

Hmmm... Talk about your performance bonuses. ;)

Agent hauls in and gets successful convictions for all sorts of high impact criminals - gets $$$$$ as a result. Meanwhile Officer Joe Minor Stuff keeps arresting jaywalkers and such and makes less than minimum. I wonder how much victimless crimes would rate?

Still, the parent was talking about economic impact - that's where this would come in. Theoretically if we had no crime we wouldn't need to hire those agents, and they could go get work as a bookie or co

Re:

[ajs (35943)]

Now, if your point is that the men in nice dark suits can't accurately put a dollar figure on an ephemeral crime like hijacking CPU time and turning computers into spambots, I agree with you.

That is exactly my point. More generally, you should always be highly skeptical when you see a dollar value assigned to any crime that isn't the physical theft of physical currency or items with direct, well-known, and stable cash value.

Dollar values are introduced in stories about crimes to make their impact more digestible for the masses. The problem is that, most crimes don't have a simple relationship to money. Bot net hijacking for example is a crime which, for the most part, involves the invasion of

Re:Important to point out...

[BiggerIsBetter (682164)]

I think it's important to point out that the kid 'Akill' was released without charge and that he didn't make any money out of the operation. Some sources are reporting that the group "raked in" $20 million, whereas that figure comes from estimates of "economic losses" so are probably inflated or meaningless depending on where the sources come from.

Linkage [nzherald.co.nz]

Yoohoo!!!

[courteaudotbiz (1191083)]

We finally won't have to deal with malware anymore! The guy has been arrested!

Re:Yoohoo!!!

[flyingsquid (813711)]

We finally won't have to deal with malware anymore! The guy has been arrested!

When a farmer wants to get rid of the coyotes, he doesn't shoot them all. He shoots one. Just one. And then leaves it there to rot in his field. Coyotes are pretty smart- they see the dead coyote, realize going on his farm isn't a safe thing to do, and he's often good for the rest of the year.

Re:Yoohoo!!!

[m4ximusprim3 (619388)]

so you're saying we should kill him and shove his body into the tubes?

Doesn't sound right to me

[Silver Sloth (770927)]

The teenager cannot be named for legal reasons, but uses the online identity "Akill". He was later released without charge, but police said they expected to interview him again.

and then

The teenager was the "head of an international spybot ring that has infiltrated computers around the world with their malicious software", Kleintjes told New Zealand national radio.

and then

Kleintjes said the teenager had written software that evaded normal computer spyware systems, then sold his skills to hackers. "He is very bright and very skilled in what he's doing," Kleintjes said. "He hires his services out to others."

It looks to me like some script kiddie is being puffed up as 'Head of an internationa spybot ring'. I'm not saying he's innocent but there's a lot of spin in this.

and then

[darthflo (1095225)]

and then

The teenager is said to have infiltrated top secret government networks throughout the universe. "He created both Linux and Windows in the lunch breaks of his freshman year in college and plans to take over control of the world after finishing his PhD next year", Kleintjes said.

I, for one, ph34r our new NZ script kiddie overlords.

Re:

[Billosaur (927319)]

Of course there's a lot of spin: law enforcement is having a terrible time shutting these things down. More to the point, did this "arrest" actually cause the botnet to go down? Doubt it. Even if this kid wrote something that aided the botnet ring to operate, I suspect that he can't simply turn off what he did and render the botnet dead. Not to mention they did not actually charge him with anything -- which shows me that the authorities aren't actually sure what he did.

Re:

[Kristoph (242780)]

The real mastermind, whomever he or she is, is no doubt laughing his ass off as the policy point the finger at this guy. The sad reality is that law enforcement will never catch the truly talented cyber criminals because they just don't have the in house skills to combat them.

]{

Cut the head off?

[Caption Wierd (1164059)]

When the "mastermind" is arrested, does a botnet die or continue some sort of pointless frankenstenian existence?

Re:

[BadAnalogyGuy (945258)]

When the "mastermind" is arrested, does a botnet die or continue some sort of pointless frankenstenian existence?

It can't be bargained with. It can't be reasoned with. It doesn't feel pity, or remorse, or fear. And it absolutely will not stop, ever, until you are dead.

Re:

[ByOhTek (1181381)]

$ ps -A | grep botnet | wc -l; sudo killall -9 botnet; sleep 30; ps -A | grep botnet | wc -l
1036214

Yep. It's an evil zombie.

Re:

[KlaymenDK (713149)]

If a botnet controller were to wander off, the zombies would still carry the software, and would still be able to be controlled. (It is/was a common tactic to build up a botnet that did nothing until a certain point in time.)

I believe that what botnets do when not tended to varies a great deal. Some surely do some form of monitoring/spamming, while others may lie dormant, doing nothing.

This kid is a scapegoat...

[8127972 (73495)]

... as he likely did this using stuff found on the Internet for giggles. Perhaps the authorities should focus on the real spybot ringleaders out there. You know the ones that work for organized crime and cause untold amounts of damage? Those are the ones we should worry about.

Re:

[Billosaur (927319)]

No, the kid is eye candy for law enforcement... he does the perp walk so that they can be seen to be doing something about the problem.

Re:

[Mister Whirly (964219)]

Doing something about the problem? I think outside of this site and other tech sites like it, the general population has no clue what a "botnet" is or how they could be a problem. No cop wants to try and take credit for helping fix a problem nobody understands or cares about...

Link to article about US student arrested

[DarthTeufel (751532)]

http://www.philly.com/inquirer/home_top_stories/11910042.html [philly.com] A Penn student who was arrested in connection with AKILL

infected computers ..

[rs232 (849320)]

"The FBI estimates that more than 1m computers have been infected"

What Operating System did these computers run on and is it possible to make a 'computer' that don't get infected by clicking on a URL or opening an attachment.

Finally a realistic damage cost estimate

[flyingfsck (986395)]

An estimate of losses at $20 per machine sounds about right to me.

Fuzzy math

[Chris_Stankowitz (612232)]

The article says that this ring infected more than 1.3 million machines...and then goes on to say that the FBI claims more than 1m machines have been infected. So is this ring controlling all of the worlds bot-nets?

I guess technically that is a correct statement, but for that the FBI could have just said that more than 5 machines have been infected and still be accurate. ::shakes head::

Is everyone missing the real point?

[Brickwall (985910)]

This kid created malware. He is obviously (at 10??) bright enough to understand what malware can do. He didn't choose to notify banks, credit card firms, etc., that they were subject to his attacks; instead, if I RTFA correctly, he chose to sell this method to criminals.

I have two daughters, 10 and 13, who seem to have no compunctions about releasing all their personal data on Facebook and Myspace. I keep telling them security is important, and they shouldn't be releasing their full names, school, pets, etc., as those are usually part of passwords. I'm not sure they listen. I'm also sure that's because they have no idea of the stakes involved. We keep the value of their trust funds secret, but the two are worth over $300k today, and we are budgeting $500k for their education in the future. If this NZ kid's exploits prevented either one of my daughters from attending the school of their choose, I'd want to make him pretty pay dearly.

My suggestion: put him in jail for a few months (not years); then he might realize his freedom is worth more to him than other people's money.

Re:

[jcgf (688310)]

We keep the value of their trust funds secret, but the two are worth over $300k today, and we are budgeting $500k for their education in the future.

I wish I were one of your children.

Re:

[Mister Whirly (964219)]

"We keep the value of their trust funds secret, but the two are worth over $300k today"

At their ages I am going to assume they are single. Can I send you my pic and resume? Oh wait, I guess I can just find them on MySpace...

Teen?

[sckeener (137243)]

Is anyone else NOT surprised that they caught a kid?

There are stupid adult...but kids are supposed to be doing risky things...testing their limits....

I'm not surprised they caught him....

Re:

[Nextraztus (1084719)]

And hence, this perpetrator will get the good cop/bad cop/job recruitment officer.

Re:

[Rob the Bold (788862)]

"FBI" is singular, not plural.

The Queen's English seems to mandate the use of the plural when referring to ourganizatiouns. Kind ouf like the extra 'U's in wourds like "Coummounwealth".

Re:

[Rob the Bold (788862)]

t it Monday? Every funny post I've seen this morning has been modded "troll"

I noticed that in several discussions -- a lot of missed jokes. If anything, my crime above was plagiarizing Dave Barry.

Re:

[thePowerOfGrayskull (905905)]

All your bases...

Re:They hate competition

[Heian-794 (834234)]

You people annoy me sometimes; "The FBI are purging all tha data that is...." AARGH!!!!! I need more coffee...

Hopefully you import your coffee from Colombia or somewhere other than the UK where plural verbs are used routinely for organizations in this sense. 'Manchester United are wankers' and the like. The closest thing I can think of in the US is sports teams with those silly-sounding singular mass-noun nicknames like the Tampa Bay Lightning. "The Utah Jazz haven't been the same without Karl Malone"; "The Minnesota Wild are winning again", etc.

[/multinational inclusivist grammar nazi]

Re:

[sm62704 (957197)]

Yes, I know. From a blagh post [mcgrew.info] from a couple of years ago:

Legend has it that one night this ape-decended life form was stoned out of his mind from smoking the dried buds of a strange type of plant and drinking Irish Car Bombs and noticed a book in his rucksack called The Hitchhiker's Guide to Europe. In his discombobulated state of mind he thought it was hilarious, and wrote a radio play parodying this book and indeed, science fiction in general.

I never got to hear the play, despite the fact that it was bro

Except you're wrong

[nunyadambinness (1181813)]

http://en.wikipedia.org/wiki/Collective_noun [wikipedia.org]

confusion often stems from the fact that plural verb forms can often be used with the singular forms of these count nouns (for example: "The team have finished the project"); and, conversely, singular verb forms can often be used with nouns ending in "-s" that were once considered plural (for example: "Physics is my favorite academic subject"). This apparent "number mismatch" is actually a quite natural and logical feature of human language, and its mechanism is

Re:

[sm62704 (957197)]

No, you British need more logic. The FBI is one thing. The FBI is, the people of the FBI are. Data are. A datum is.

Which reminds me of an old Cajun joke by the "Cajun Cook", Justin Wilson.

A Cajun sends his son off to college, and when he comes back on spring break, the old man asks "Well, boy, whad'ja larn in college?" His son replies "Pi r squared". The old man says "What kinda damned fools are teachin' you? Pie are ROUND. Cornbread are square!"

Re:

[The Great Pretender (975978)]

I'll bite, although I hate grammer Nazis. In this instance you are right as the FBI is acting as a collective, but if the discussion was referring to the FBI as individual agents, or internal issues, then it would be plural.

Re:

[The Great Pretender (975978)]

Lets ignore Wikipedia for the moment, although I understand it is an exemplary reference for everything and look at an editors text book "Sabin, William A. The Gregg Reference Manual. 8th Edition. Macmilliam/McGraw Hill. NY: 1992.", where you will find that "Rule: Use a singular verb for a collective noun when the group is acting as a unit" (Section 1019).

Saying all this you may want to contact the University of Texas, Austin Department of Chemical Engineering and tell them to modify its comments in

Re:

[BiggerBoat (690886)]

That practice bothers me as well; it just sounds so wrong to my ears. However, I admit that I am inconsistent in how I handle it myself, so I try to ignore it now. Here's what I mean: the following sentences sound completely correct to me:

"The FBI is shutting down botnets. They've been cracking down since the beginning of the year."

Yet I just changed from singular to plural between sentences. Would you say it:

"The FBI is shutting down botnets. It's been cracking down since the beginning of the year

Re:

[ByOhTek (1181381)]

Yeah, now if only someone could invent an operating system that idiot users couldn't make insecure...

Re:

[sm62704 (957197)]

With windows there's no need for the users to be idiots (not that I'm saying they're not). You can infect a Mac or Linux system with a trojan, but do you know anyone who has ever gotten a virus on a Mac or Linux system? I don't.

Trojans don't need insecurity. Here's a trojan in meatspace terms, works just as well on any platform:

"Knock knock"

"Who's there?"

"Burglar."

"Go away, we got burgled last week."

"Erm, um, no I mean I'm here to, um, read your water meter. Yeah, that's it, read your meter."

"OK, come on in

Re:

[ByOhTek (1181381)]

There's a lot more than just trojans that can affect a non-MS system, and the vast majority of windows compromises I've seen have been from Trojans, especially in the last few years.

I know plenty of people (myself included) that have not been infected by a virus or malway on a Windows system running 2K or later, just by following a couple of simple practices. It's not terribly hard - mostly good passwords, be careful about the sites you visit, and don't run random crap. I do that with FreeBSD, Windows, and

Re:

[sm62704 (957197)]

Actually, I was only hit with malware twoce - once at work when a co-worker infected my work PC with the Michaelangelo virus (long time ago) and once with the Sony Rootkit. But you and I are nerds; I've seen too many normal friends' machines trashed with everything and anything.

Take Jeff, for example. He'd never had a computer before; he got so infected his eMachines was worthless, twice, and I ghosted it twice before giving up, installinjg a Linux partition with Mandriva on it, and disabling networking in

Re:

[ByOhTek (1181381)]

Remember when some of the Ubuntu server farm got hacked? It was even nerds who were in charge.

The security of a modern OS is dependant on three factors these days it seems.
(1) The quality of the admins.
(2) The quality of the users.
(3) How much the admins can restrict the users without preventing them from doing what they need to do.

People just happen to write more malware for windows because of (a) popularity, and (b) a juvenile respons due to a dislike of the OS.

Re:

[sm62704 (957197)]

If I break your window it creates business for the glazier. Clearly if the glazier gets paid nobody has lost any money. So should I come to your house and break out all your windows?

-mcgrew

(look out kids, I was drinking last night with the friends I spoke of in my journal and I'm in advanced geezer mode today. Where's that damned coffeepot?)

Bad link

[johndiii (229824)]

You want this: http://news.bbc.co.uk/2/hi/technology/7120251.stm [bbc.co.uk]