INTERNET - Security consultant admits to hijacking PCs to use in crimes

Federal prosecutors Friday said that John Kenneth Schiefer, a 26-year-old computer security consultant, used an army of hijacked computers, known as a "botnet," to carry out a variety of schemes to rip off unsuspecting consumers and corporations.

Schiefer agreed to plead guilty to four felony charges in connection with the case and faces up to 60 years in prison and a $1.75-million fine, according to court documents filed Friday in federal court in Los Angeles.

His lawyer, Arthur Barens, could not be reached for comment.

The vast number of computers that Schiefer compromised -- as many as 250,000 -- highlights a stealthy online crime spree on the rise. These botnets, short for "robot networks," remotely harvest personal information, including user names and passwords, to give their operators access to credit card information and online bank accounts.

Federal law enforcement agencies have stepped up their pursuit of botnet operators in recent years as they have drained bank accounts, stolen identities and overwhelmed federal authorities, security experts say.

"We have seen a dramatic uptick in the last few years in the number of botnets being used to give their masters direct financial gain," said Jose Nazario, a senior researcher at online security firm Arbor Networks Inc.

Schiefer, who on the Internet went by the handles "acidstorm," "acid" and "storm," is the first person to be accused under federal wiretapping law of operating a botnet, said Assistant U.S. Atty. Mark Krause in Los Angeles.

By intercepting electronic communications, Schiefer stole user names and passwords for EBay Inc.'s PayPal online payment service to make unauthorized purchases. He also passed the stolen account information on to others.

EBay spokesman Hani Durzy could not be reached for comment.

At one point, according to the plea agreement, a conspirator named "Adam" expressed concern about stealing money. Schiefer responded by reminding Adam that he was not yet 18 and should "quit being a bitch and claim it."

Schiefer's indictment caps a federal investigation that began in 2005 and uncovered a variety of schemes. Prosecutors said Schiefer and his cohorts, who were not named, used illicit software they planted on people's PCs to spirit account information from a storage area in Windows-based computers.