Forgot your password?
typodupeerror
Security Government The Courts IT News

NZ Teen Arrested as 'Spybot Mastermind' 113

Posted by Zonk
from the i-was-nowhere-near-this-hard-working-as-a-teen dept.
Josh Fink writes "The Guardian has an interesting piece on 'Akill', a teenager from New Zealand who was the ringleader of a hacking ring. The economic impact of the ring may have totaled £9.7m. 'The teenager was the "head of an international spybot ring that has infiltrated computers around the world with their malicious software', Martin Kleintjes told New Zealand national radio ... The FBI estimates that more than 1m computers have been infected, and puts the combined economic losses at more than $20m (£9.7m).' Eight people have been charged, pleaded guilty or have been convicted since June. The FBI really has been putting a crackdown on botnets / spyware recently."
This discussion has been archived. No new comments can be posted.

NZ Teen Arrested as 'Spybot Mastermind'

Comments Filter:
  • Teenagers haven't got a whit of sense in the first place. They wouldn't know how to gracefully take criticism if it were slathered in Vaseline and shoved up their urethra and lodged in their bladder.

    Just look how fast this well-meaning post gets modded down by those imbecile teenage moderators.
  • by kaos07 (1113443) on Friday November 30, 2007 @10:25AM (#21532023)
    I think it's important to point out that the kid 'Akill' was released without charge and that he didn't make any money out of the operation. Some sources are reporting that the group "raked in" $20 million, whereas that figure comes from estimates of "economic losses" so are probably inflated or meaningless depending on where the sources come from.
    • if it were the RI/MPAA, it would have said 20 billion.
      • Re: (Score:2, Interesting)

        by billcopc (196330)
        *sprays water on mods* Bad mod, no donut!

        This should be rated "+1 Sad but True"

        I actually find the 20 mil number quite conservative. 20$ per zombie is low, a bot using up 100% CPU eats up a lot of electricity, causes extra thermal stress on the components (thus more failures), and a heck of a lot of wasted money on cleaning the thing out, especially when the Geek Squad is involved.
        • You are talking about the badly written ones.

          An intelligently botted computer will shut down when it's told to, go to sleep when it's told to, disconnect from the network when it's told to, and might even make QOS guarantees for other applications on the computer, when they start using lots of network bandwidth.

          The last thing a correctly written bot wants to do is show that it's there by doing anything that will draw undue attention to itself.

          It may even rate limit its sending of SPAM (if it's a SPAM bot se
    • by fireboy1919 (257783) <rustyp&freeshell,org> on Friday November 30, 2007 @10:44AM (#21532265) Homepage Journal
      that figure comes from estimates of "economic losses" so are probably inflated or meaningless depending on where the sources come from.

      What would be realistic? Lets say that he stole the use of 100,000 computers in his botnet. At 2Mil, each computer would have $20 in economic losses.

      That doesn't seem at all unrealistic. If it costs $20 of your time (i.e., if it takes an hour to clean and you make $20 an hour, or something to that effect), then it's $20 in economic loss. If the resulting slowdown costs $20 of your productive time, same thing.

      Sure, some people don't lose that much by not being productive, but some lose a lot more. $20 average sounds entirely reasonable - probably a little low, actually. They probably didn't infect that many machines.

      Keep in mind that I'm not even bringing up what is done with those computers - I'm just talking about losses caused by putting the spyware on machines, and haven't begun to talk about what is done with it.
      If bad things were done with things, it would certainly drive the average cost per infection up a lot, which would make it easy to cause that much damage while infecting far fewer machines.

      Point is that this isn't like assuming that every download=a sale lost. It isn't outside the realm of possibility at all.
      • by ajs (35943)

        that figure comes from estimates of "economic losses" so are probably inflated or meaningless depending on where the sources come from.

        What would be realistic? Lets say that he stole the use of 100,000 computers in his botnet. At 2Mil, each computer would have $20 in economic losses.

        And you've proven the point more eloquently than any of us could.

        You're simply making up what you imagine to be his activities, and then making up figures to assign to that.

        In reality, the number given is usually the combined salaries of everyone that the government and private organizations decided to put on the case. Thus, if a company has an IT security dept. of 3 and there are 3 government officials dealing with the case, then the "impact" is typically the salaries of all 6 times the amount of time tha

        • I'm a bit confused. If the only economic impact of a spybot net is the salaries of the people who need to investigate the network and arrest the wankers who are hacking your mom's computer, is the real answer to just stick our heads in the sand and not investigate?

          Now, if your point is that the men in nice dark suits can't accurately put a dollar figure on an ephemeral crime like hijacking CPU time and turning computers into spambots, I agree with you. That doesn't mean that there is no impact, though. May
          • by ajs (35943)

            Now, if your point is that the men in nice dark suits can't accurately put a dollar figure on an ephemeral crime like hijacking CPU time and turning computers into spambots, I agree with you.

            That is exactly my point. More generally, you should always be highly skeptical when you see a dollar value assigned to any crime that isn't the physical theft of physical currency or items with direct, well-known, and stable cash value.

            Dollar values are introduced in stories about crimes to make their impact more digestible for the masses. The problem is that, most crimes don't have a simple relationship to money. Bot net hijacking for example is a crime which, for the most part, involves the invasion of

        • Re: (Score:3, Interesting)

          by Firethorn (177587)
          This is, of course, just as arbitrary as any other metric and most notably does not measure anything which can be reasonably termed "loss".

          I get mad at you and hit you a few times with a baseball bat, rendering you unable to work for two weeks. Are you trying to say that when you haul me into court you wouldn't be suing for lost wages?

          Those agents could have been going after somebody else, the IT guys could have been catching up on their research, pushing patches, not worked as much overtime, or gotten by
          • Sure those agents could have been working on something else.
            And when they closed that case they would also be getting damages covering their wages.

            Effectively the FBI doesnt need to pay their agents. :)
            • by Firethorn (177587)
              Hmmm... Talk about your performance bonuses. ;)

              Agent hauls in and gets successful convictions for all sorts of high impact criminals - gets $$$$$ as a result. Meanwhile Officer Joe Minor Stuff keeps arresting jaywalkers and such and makes less than minimum. I wonder how much victimless crimes would rate?

              Still, the parent was talking about economic impact - that's where this would come in. Theoretically if we had no crime we wouldn't need to hire those agents, and they could go get work as a bookie or co
    • by BiggerIsBetter (682164) on Friday November 30, 2007 @10:45AM (#21532273)

      I think it's important to point out that the kid 'Akill' was released without charge and that he didn't make any money out of the operation. Some sources are reporting that the group "raked in" $20 million, whereas that figure comes from estimates of "economic losses" so are probably inflated or meaningless depending on where the sources come from.
      Linkage [nzherald.co.nz]
  • Yoohoo!!! (Score:3, Funny)

    by courteaudotbiz (1191083) on Friday November 30, 2007 @10:27AM (#21532057) Homepage
    We finally won't have to deal with malware anymore! The guy has been arrested!
    • Re:Yoohoo!!! (Score:4, Insightful)

      by flyingsquid (813711) on Friday November 30, 2007 @12:05PM (#21533317)
      We finally won't have to deal with malware anymore! The guy has been arrested!

      When a farmer wants to get rid of the coyotes, he doesn't shoot them all. He shoots one. Just one. And then leaves it there to rot in his field. Coyotes are pretty smart- they see the dead coyote, realize going on his farm isn't a safe thing to do, and he's often good for the rest of the year.

      • by m4ximusprim3 (619388) on Friday November 30, 2007 @12:48PM (#21533895)
        so you're saying we should kill him and shove his body into the tubes?
      • Re: (Score:1, Funny)

        by Anonymous Coward
        Yet when somebody does the same thing and leaves a dead farmer lying around to warn the others against killing innocent creatures, they all get upset... bunch of pussies.
      • So you really think the highly-paying malware/spyware/spam community will stop its activities just because one of them has been hunted down?

        I'd see them more like zombies in "The night of the living dead"; You may destroy one's head, cut the leg of the other, completely crush another one, and the herd will still come after you, trying to get its piece of you...
      • That coyotes are smarter than humans? This might appear valid in the wild but the fact is that many humans seem to behave more like lemmings that coyotes. The cautionary aspect is overruled by a "it would never happen to me" or "I'll never get caught" mentality in many cases.
      • by gosand (234100)
        When a farmer wants to get rid of the coyotes, he doesn't shoot them all. He shoots one. Just one. And then leaves it there to rot in his field. Coyotes are pretty smart- they see the dead coyote, realize going on his farm isn't a safe thing to do, and he's often good for the rest of the year.

        So what do the coyotes do? They go to another farm. What happens to all the other coyotes in the countryside who don't see this dead coyote? Nothing, they just go about their business. There are plenty of farms ou

      • real rednecks call 'em 'yotes
      • by tmasman (604942)
        He shoots one. Just one. And then leaves it there to rot in his field.

        So the moral of that story is...
        We should shoot the kid & post the pics all over the Internet...
        that should make us safe for the rest of the year... right?

        Something about that doesn't seem quite right... Eh, if it worked for the farmer!

    • by eclectro (227083)

      We finally won't have to deal with malware anymore! The guy has been arrested!
      What?? They arrested Bill Gates?? Do you have a link to that??
  • by Silver Sloth (770927) on Friday November 30, 2007 @10:29AM (#21532075)

    The teenager cannot be named for legal reasons, but uses the online identity "Akill". He was later released without charge, but police said they expected to interview him again.
    and then

    The teenager was the "head of an international spybot ring that has infiltrated computers around the world with their malicious software", Kleintjes told New Zealand national radio.
    and then

    Kleintjes said the teenager had written software that evaded normal computer spyware systems, then sold his skills to hackers. "He is very bright and very skilled in what he's doing," Kleintjes said. "He hires his services out to others."
    It looks to me like some script kiddie is being puffed up as 'Head of an internationa spybot ring'. I'm not saying he's innocent but there's a lot of spin in this.
    • and then (Score:5, Funny)

      by darthflo (1095225) on Friday November 30, 2007 @11:06AM (#21532557)
      and then

      The teenager is said to have infiltrated top secret government networks throughout the universe. "He created both Linux and Windows in the lunch breaks of his freshman year in college and plans to take over control of the world after finishing his PhD next year", Kleintjes said.
      I, for one, ph34r our new NZ script kiddie overlords.
      • I can't mod 'cause I've posted but this is the funniest post I've seen in quite a while! Thanks for the laugh.
    • by Billosaur (927319) *

      Of course there's a lot of spin: law enforcement is having a terrible time shutting these things down. More to the point, did this "arrest" actually cause the botnet to go down? Doubt it. Even if this kid wrote something that aided the botnet ring to operate, I suspect that he can't simply turn off what he did and render the botnet dead. Not to mention they did not actually charge him with anything -- which shows me that the authorities aren't actually sure what he did.

      • by rtb61 (674572)
        The difference might simply be that NZ like Australia, is not into conspiracy laws. You either committed or actually attempted to commit a crime. Whilst there are accessory before or after the fact, if there was not crime or no attempt to actually commit a crime, then no charge will be laid.

        Conspiracy to commit a crime is a fairly bad law, especially when it can be so readily subject to abuse by over enthusiastic law enforcement officers and criminals seeking lighter sentences. So while the teenager migh

    • by Kristoph (242780)
      The real mastermind, whomever he or she is, is no doubt laughing his ass off as the policy point the finger at this guy. The sad reality is that law enforcement will never catch the truly talented cyber criminals because they just don't have the in house skills to combat them.

      ]{
  • by Caption Wierd (1164059) on Friday November 30, 2007 @10:30AM (#21532091)
    When the "mastermind" is arrested, does a botnet die or continue some sort of pointless frankenstenian existence?
    • Re: (Score:2, Funny)

      by BadAnalogyGuy (945258)
      When the "mastermind" is arrested, does a botnet die or continue some sort of pointless frankenstenian existence?

      It can't be bargained with. It can't be reasoned with. It doesn't feel pity, or remorse, or fear. And it absolutely will not stop, ever, until you are dead.
      • When the "mastermind" is arrested, does a botnet die or continue some sort of pointless frankenstenian existence?

        It can't be bargained with. It can't be reasoned with. It doesn't feel pity, or remorse, or fear. And it absolutely will not stop, ever, until you are dead.
        Okay, yours was better....
    • When the "mastermind" is arrested, does a botnet die or continue some sort of pointless frankenstenian existence?
      Well, If he was an {evil mad} or {misguided naive} scientist, we'd know how the story ended..... Torches, Windmills, misunderstood botnets that just wanted to be loved....

      But, it's the real world, so the story ends with as much hyperbole as the "journalist" can dish out.

    • by ByOhTek (1181381)
      $ ps -A | grep botnet | wc -l; sudo killall -9 botnet; sleep 30; ps -A | grep botnet | wc -l
      1036214

      Yep. It's an evil zombie.
    • by Max_W (812974)
      What happens next? Why a botnet dies?

      Law enforcement guys and hackers may join forces in fleecing the public.

      Imagine what can be done if the law is combined with the information from PCs?

      It is scary even to think of it. Perhaps I should switch to Linux after all.

    • by KlaymenDK (713149)
      If a botnet controller were to wander off, the zombies would still carry the software, and would still be able to be controlled. (It is/was a common tactic to build up a botnet that did nothing until a certain point in time.)

      I believe that what botnets do when not tended to varies a great deal. Some surely do some form of monitoring/spamming, while others may lie dormant, doing nothing.
  • by 8127972 (73495) on Friday November 30, 2007 @10:38AM (#21532189)
    ... as he likely did this using stuff found on the Internet for giggles. Perhaps the authorities should focus on the real spybot ringleaders out there. You know the ones that work for organized crime and cause untold amounts of damage? Those are the ones we should worry about.

    • Re: (Score:3, Insightful)

      by Billosaur (927319) *

      No, the kid is eye candy for law enforcement... he does the perp walk so that they can be seen to be doing something about the problem.

      • Doing something about the problem? I think outside of this site and other tech sites like it, the general population has no clue what a "botnet" is or how they could be a problem. No cop wants to try and take credit for helping fix a problem nobody understands or cares about...
    • If he was released partially because he said he made no money from it and then later on says he hired out his services to hackers for money shouldn't he be afraid of additional charges such as filing a false statment? Personally I think he was a front man for a criminal group to sell anti-spyware software to cure the spreaded malware or some other such scam.
  • by DarthTeufel (751532) on Friday November 30, 2007 @10:43AM (#21532253)
    http://www.philly.com/inquirer/home_top_stories/11910042.html [philly.com] A Penn student who was arrested in connection with AKILL
  • by rs232 (849320) on Friday November 30, 2007 @10:54AM (#21532413)
    "The FBI estimates that more than 1m computers have been infected"

    What Operating System did these computers run on and is it possible to make a 'computer' that don't get infected by clicking on a URL or opening an attachment.
  • translation .. (Score:1, Flamebait)

    by rs232 (849320)
    "NZ Teen Arrested as 'Spybot Mastermind'"

    translation: Feds want to justify their huge budget ..

    time for another terr'ist alert .. :)
  • 2007-11-30 07:59:34 Botherder arrested in New Zealand... this guy wrote it up better even if I beat him to it. There's some stuff about this on the BBC http://news.bbc.co.uk/1/hi/technology/7120251.stm/ [bbc.co.uk] which is the stuff I linked to.
  • An estimate of losses at $20 per machine sounds about right to me.
  • The article says that this ring infected more than 1.3 million machines...and then goes on to say that the FBI claims more than 1m machines have been infected. So is this ring controlling all of the worlds bot-nets?

    I guess technically that is a correct statement, but for that the FBI could have just said that more than 5 machines have been infected and still be accurate. ::shakes head::
  • by Brickwall (985910) on Friday November 30, 2007 @11:42AM (#21533019)
    This kid created malware. He is obviously (at 10??) bright enough to understand what malware can do. He didn't choose to notify banks, credit card firms, etc., that they were subject to his attacks; instead, if I RTFA correctly, he chose to sell this method to criminals.

    I have two daughters, 10 and 13, who seem to have no compunctions about releasing all their personal data on Facebook and Myspace. I keep telling them security is important, and they shouldn't be releasing their full names, school, pets, etc., as those are usually part of passwords. I'm not sure they listen. I'm also sure that's because they have no idea of the stakes involved. We keep the value of their trust funds secret, but the two are worth over $300k today, and we are budgeting $500k for their education in the future. If this NZ kid's exploits prevented either one of my daughters from attending the school of their choose, I'd want to make him pretty pay dearly.

    My suggestion: put him in jail for a few months (not years); then he might realize his freedom is worth more to him than other people's money.

    • Re: (Score:2, Offtopic)

      by jcgf (688310)

      We keep the value of their trust funds secret, but the two are worth over $300k today, and we are budgeting $500k for their education in the future.

      I wish I were one of your children.

    • "We keep the value of their trust funds secret, but the two are worth over $300k today"

      At their ages I am going to assume they are single. Can I send you my pic and resume? Oh wait, I guess I can just find them on MySpace...
  • makes me miss my Robotics/Dark Miasma Mastermind
  • Is anyone else NOT surprised that they caught a kid?

    There are stupid adult...but kids are supposed to be doing risky things...testing their limits....

    I'm not surprised they caught him....
  • no

    as Bruce Schneier notes arresting a hacker only results in a business opportunity for the next guy

    Silicone Valley published an excellent 3 part series on this just recently, and in Part 3 there is this:

    Since the outbreak of a cybercrime epidemic that has cost the American economy billions of dollars, the federal government has failed to respond with enough resources, attention and determination to combat the cyberthreat, a Mercury News investigation reveals.

    it isn't going to do any of us any good t

  • as Bruce Schneier notes arresting a hacker only results in a business opportunity for the next guy

    I'd like to note also that waiting on the Feds to track down hackers is TOO SLOW. A virus can do quite a bit of crime before we get to it that way.

    Silicone Valley published an excellent 3 part series on this just recently, and in Part 3 there is this:

    Since the outbreak of a cybercrime epidemic that has cost the American economy billions of dollars, the federal government has failed to respond with enough r

"Life is a garment we continuously alter, but which never seems to fit." -- David McCord

Working...