Build a botnet, go to jail- that's the way it should be. If all goes well, two botnet builders fromTexas will spend some real time in prison for building and spreading their botnet over the internet. According to court documents, David Anthony Edwards will plead guilty to charges that he and another
jerk man, Thomas James Frederick Smith, built a custom botnet called "Nettick", which they then tried to sell to cybercriminals at the rate of US$0.15 per infected computer. It's reassuring to see that the American entrepreneurial spirit is alive and well in Texas, and even more reassuring to see that justice is too.
In mid-August of 2006, Smith and Edwards allegedly used their homegrown botnet to attack one or more servers owned by a hosting company named "The Planet". This was done as a test to show a prospective customer that the botnet was for real. "After the test, the bot purchaser agreed to buy the source code and the entire botnet for approximately $3,000," prosecutors say in the indictment against the two men.
A month and a half after the attack on ThePlanet.com, Edwards and Smith compromised Texas Web hosting provider "T35 Hosting". They then stole the company's password database and vandalizedthe T35.net web site, part of which included publicly posting some of the stolen usernames and passwords.
Edwards faces up to 5 years in jail and a $250,000 fine for a single count of "conspiring to cause damage to a protected computer and to commit fraud".
Personally, I don't think 5 years is enough, but that's just me. Maybe I'm just overcome with joy at seeing a couple of botnet owners finally face some real consequences for their actions. Botnet owners (along with spammers and malicious hackers) are the kind of people that ruin the net for everyone. Although I doubt sending these clowns to prison will have much deterrence value for other budding botnet builders, handing out some hard time for them may set a precedent for future cases where judges might be reluctant to incarcerate "white collar" criminals.