Owen Walker, the 18-year-old alleged ring-leader of an international botnet coding group, has been charged with attacking the computer system of the University of Pennsylvania.
The charges, laid under section 250 of the Crimes Act, allege he recklessly and without authorization caused the system to deny service to faculty, staff and students. The maximum punishment for that offense is seven years' prison, according to court documents.
Walker did not show up in Thames District Court today as scheduled. He was excused from court due to ongoing discussions with the Police. Computerworld viewed the charges at court today.
Walker has also been charged, under section 249, with two counts of accessing a computer system with the intent to dishonestly obtain payment for the installation of adware. The alleged offenses took place between January and July 2006, and between July 2006 and November 2007, and are punishable with five years' prison on each count.
In addition, he is charged with possession of software intended to be used to commit crime, with a maximum sentence of two years' prison, and two counts of accessing a computer system without authorization, also with a maximum of two years.
Walker, who is alleged to have used the online name "Akill", is due to appear in court again on April 1. He was arrested after an international investigation called Operation Bot Roast.
Among others caught were Ryan Brett Goldstein, a 21 year-old from Ambler, Pennsylvania, who was indicted on November 1, 2007, for using a botnet to cause a distributed denial-of-service attack against the university.
US court documents show that Goldstein, who used the online name of Digerati, was a student at the university and sought the help of an unidentified bot-herder to launch a DOS attack against an IRC group that had banned him from participating in it. In addition, Goldstein also got the bot owner to launch attacks against two other IRC groups and against a website.
Goldstein pleaded guilty earlier this month.
Another charged was Adam Sweaney, 27, of Tacoma, Washington, who pleaded guilty last year to one felony fraud charge for leasing out bot-infected computers to others, who then used them to launch DOS attacks and for forwarding spam. Court documents shows that Sweaney also offered to sell 50 million email addresses for US$500 and promised takers an 87% delivery rate.
Gregory King, 21, from Fairfield, California, was also indicted in September on four counts of transmission of code to cause damage to a protected computer. King, who employed several online aliases including "Silenz", "Silenz420" and "Gregk707", allegedly used botnets to carry out denial-of-service attacks against various companies including an anti-phishing website.
Also caught in the FBI sweep was John Schiefer, a former security researcher who admitted to hijacking a quarter of a million PCs with the intent to steal bank and PayPal account information and to plant adware on the compromised systems. Schiefer who was also known as "Acidstorm" and "Acid", was a former security consultant at 3G Communications in Los Angeles, and was the first to be charged under federal wiretap statutes for using a botnet.
-- Additional reporting by Jaikumar Vijayan