Self-taught Whitianga computer whiz Owen Walker has admitted being involved in international botnet conspiracies.
Eighteen-year-old Walker, known in cyberspace as Akill, cut a slight, pale figure as he stood in the Thames District Court yesterday and listened to his lawyer enter guilty pleas to six charges including dishonest use of a computer, damaging a computer system and possessing software for committing crime.
The crimes carry sentences of up to seven years but there are indications he may serve a community-based sentence.
Walker's appearance before Judge Arthur Tompkins was over in minutes but a police summary of facts handed to the judge details his superhacking.
Home-schooled in his high-school years and with no formal training in computers, Walker taught himself computer programming and encryption.
He met like-minded people through chat rooms and started experimenting with malware, which allowed him to infect and remotely control computers, using them as robots, or bots.
A collection of bots is called a botnet and the person who controls them is a botherder.
Walker created his own bot code, which police say is "considered by international cyber crime investigators to be among the most advanced bot programming encountered".
Walker's code was protected from discovery, spread automatically and could identify and destroy rival bot codes.
It automatically disabled any anti-virus software on an infected computer, and prevented the software being updated.
The computer owner could not tell the anti-virus software was not working.
The code could also scan for information that could be used to conduct fraudulent financial transactions, but there is no evidence this was ever done.
Police say it may never be known how many computers Walker controlled but it ran to tens of thousands.
He controlled them through servers outside New Zealand either by leasing space or by accessing them illegally.
In February 2006, Walker worked with University of Pennsylvania student Ryan Goldstein and attacked a university computer server.
The university spent $13,000 dealing with the resulting crash and ongoing problems.
Police say Walker was trying to update his botnet and crashing the computer server appears to have been unintentional.
An FBI investigation tracked down Goldstein who led them to Akill. Goldstein pleaded guilty to aiding and abetting Walker and is awaiting sentence.
The FBI joined forces with the New Zealand police and identified Akill as Walker, but he was not immediately apprehended.
While waiting for the FBI to finish its investigation, New Zealand police checked out Walker and found several substantial deposits into his bank account.
Police linked the payments to a Netherlands company, ECS International, which had been prosecuted for engaging people like Walker to use their botnets to covertly install adware on computers.
Walker earned an estimated $36,174.65 for this work, and has also admitted receiving other small payments.
He says he spent the money on computer equipment and investment in his parents' taxi business.
He told Shell Moxham-Whyte and Billy Whyte he was making money from computer programming.
Reports on sentencing and reparation will be prepared for Walker's next court appearance on May 28. Judge Tompkins indicated community or home detention may be considered.
Police say it is difficult to quantify the financial implications of Walker's offending.
Although only one complaint from the University of Pennsylvania was made, he has admitted several other server attacks and police say the cost to individual owners of infected computers could run to several million dollars.