Bustin' the bot-net brain

By Jane Phare, Carolyne Meng-Yee

When Owen Walker was 16 he began to develop a highly sophisticated system to infiltrate computers and effectively control them without anyone knowing.

For two years, between January 2006 and November 2007, he controlled tens of thousands of computers through servers outside New Zealand either by leasing space or by accessing them illegally using software he had developed himself. The exact number of computers he infected may never be known.

Known by his online ID AKILL (a name taken from the "automatic kill" command used to knock unwanted participants off chat channels), Walker is said to have led a small, elite group of computer programmers who used malware to infect and remotely control computers, using them as robots - or bots.

Walker created his own bot code, considered by investigators to be among the most advanced bot programming encountered.

So skilled was Walker, he developed a bot code that could protect itself from discovery. It spread automatically and could identify and destroy rival bot codes. The code automatically disabled any anti-virus software on an infected computer, but the operator believed its anti-virus software was still working. Another bot code allowed Walker to operate through other computers, making it harder for his activity to be traced.

He used a number of computers in New Zealand to interact with his bot-net.

According to court documents, the owners of those computers had no idea Walker was accessing their computers, although some noticed their internet access was being used up at a faster rate than they could account for.

It was in February 2006, when Walker was 16, that United States authorities first began investigating. Walker had illegally accessed and crashed the University of Pennsylvania's computer, interrupting network access for about 4000 students and staff.

An FBI inquiry revealed the university account had been accessed and used to store several malware files. The university server, which hosted websites, an interactive bulletin board and acted as a server for student homework files, typically handled 500 download requests a day. Investigations showed Walker's bot-net attempted more than 60,000 downloads simultaneously causing the server to crash on February 23. (Walker was later to say that outcome was unintentional.) It was enough to cause the FBI to launch "Operation Bot Roast" and the trail eventually led them to Whitianga, New Zealand, and Walker.

The FBI closed in on a local Pennsylvania student, Ryan Goldstein. He was arrested and is currently facing criminal charges in the US. If convicted, Goldstein, 21, could face up to five years' jail and a fine of $322,000. Goldstein, known by the login name DIGERATI, was working with AKILL (Walker) who had made contact through an IRC chat forum. The relationship developed to a point where Walker referred to Goldstein becoming a member of the "A Team" with he and Richard Bentley, a Florida computer expert.

Goldstein had gained access to an account on the university server and allowed AKILL to place malware files on it that were then used in an attempt to update AKILL's bot-net.

Walker was also linked to a Netherlands investigation into an adware scam in Europe that resulted in the prosecution of a company called ECS International. The company had been paying bot-herders to use their bot-nets to secretly install adware on computers for a number of companies. ECS International paid Walker $19,491 between March and October 2006 and other payments for installing adware from other companies. Inquiries by Netherlands authorities identified Walker as being responsible for 1.3 million illegal installations of adware.

Walker had the potential to earn millions of dollars by scanning information that could have been used for fraudulent financial transactions. But he didn't. Court documents show Walker says he drew the line between the work he was doing and what he considered to be criminal, even though his software was capable of it. Instead, he earned $36,174 from adware companies who paid him to covertly install adware on computers.

He used the money to buy computer games and accessories, an iPod, furniture, a vacuum cleaner, a TV and an XBox 360. He also invested in his parents' business, Whitianga's Paradise Taxi service. When interviewed by police, Walker admitted he knew what he was doing was illegal but did not consider it to be criminal. He said he was fascinated by bot-nets.

A police officer who interviewed Walker formed the view that Walker's interest in computer games spilled over into the real world, but when he was offered money to use his skills Walker could not resist.

- Herald on Sunday

Get the news delivered straight to your inbox

Receive the day’s news, sport and entertainment in our daily email newsletter


© Copyright 2016, NZME. Publishing Limited

Assembled by: (static) on production apcf03 at 25 Jul 2016 02:27:17 Processing Time: 689ms