Botnet Creator Who Ensnared 72,000 Machines Gets 30 Months

ENISA botnet report, Mirai

Bot herder with an alleged history of dirty dealing gets sent down

A man who created a 72,000-machine botnet and sold access to its command and control tools has been sentenced to 30 months in prison in the US.

It marks a rare case of law enforcement successfully catching a botnet dealer and prosecuting them. Joshua Schichtel was sentenced to 30 months in jail and ordered to serve three years of supervised release.

He pleaded guilty on 17 August to one charge relating to a breach of the Computer Fraud and Abuse Act.  Schichtel  installed malware on approximately 72,000 computers on behalf of a customer, who paid him $1,500 for use of the botnet, although it is believed he had multiple clients.

History boy

As noted by Ars Technica, Schichtel has history in the cyber crime world. In 2005, a complaint against Schichtel  and three other men for performing distributed denial-of-service (DDoS) attacks was dismissed. Charges were thrown out as law enforcement bodies hadn’t indicted the defendants by a required deadline., according to the O’Reilly news site in the US.

Botnets are key to DDoS attacks, as all the machines in them can be used to overwhelm servers with traffic, so Schichtel could have been in the game for some time.

TechWeekEurope’s report into the underground DDoS market showed how many dealers were selling their services for low prices. For a small site, an hour-long DDoS strike can cost just $4. For bigger sites the cost can go up to $1000 or more.

Are you a security expert? Find out with our quiz!