Joshua Schichtel of Phoenix, Arizona has been jailed for 30 months for selling access to thousands of hijacked home computers.
Schichtel pleaded guilty to attempting to cause damage to multiple computers without authorisation, by using botnets. Millions of computers are enrolled in botnets, which are networks of machines that have been infected with a malicious computer programme. This programme allows unauthorised users to then control the infected computers remotely. Individuals who wanted to infect computers with malware (malicious software) would contact Schichtel and pay him to install malware that comprised those botnets. By doing so Schichtel violated the Computer Fraud and Abuse Act. This Act has similar legislation in the UK, known as the Computer Misuse Act. Interestingly in 2004 Schichtel was one of four men accused of using botnets to carry out attacks on online retail websites. The charges against them were dropped due to an administrative error, because the US Government failed to meet an essential court deadline.
Social networking sites such as Twitter and Facebook often fall victim to botnets. A recent Facebook scam involved sending victims links to the malware by disguising them as apparent messages from friends. Every single device that connects to the internet is at risk. There has in particular been an increase of attacks on mobile telephones with Android software, however Apple devices are not safe either. Previous botnets have resulted in infected mobile phones sending out thousands of spam messages. This can in turn generate a high volume of mobile data traffic which can prove costly, and the immediate consequence for victims may be a higher phone bill. With infection rates continuing to rise, consumers are encouraged to purchase apps from trusted sources. In addition to this checking your mobile phone bill, updating your handset regularly and keeping an eye on the websites that you browse is advisable.
Although the conviction of Joshua Schichtel may be seen by some as a step in the right direction, it is important to remember that the battle against botnets continues. Being aware of the potential threats from botnets in essential; where possible, prevention is better than cure.