Update: Akill walks free

Owen Walker discharged without conviction

Owen Walker, the 18-year-old Whitianga resident also known as Akill, was discharged without conviction in the High Court in Hamilton earlier today.

Walker was ordered to pay $9,526 in reparations for damage caused to the University of Pennsylvania and $5,000 in costs.

Walker pleaded guilty, in the Thames District Court in April, to all charges he was facing under the Crimes Act for his part in attacking the University of Pennsylvania’s computer system and in a global adware scheme. He pleaded guilty to accessing a computer system with the intention of dishonestly obtaining payment for the installation of adware, accessing a computer system without authorisation, and several other charges related to his role in the attacks. The only victim loss that the police can quantify is the cost incurred by the University of Pennsylvania. The denial of service attack cost the university around US$13,000 to mitigate, according to the police summary of facts. Walker was due to appear for sentencing in Thames District Court in May, but the matter was referred to the High Court, due to procedural issues. The sentence given today was a balanced decision, says Waikato crime services manager, detective inspector Peter Devoy.

"I have no comment to make other than that when you have heard the facts, [the sentence] was quite appropriate," he says.

The fact that Walker was 16 years old when he commenced his offending was taken into account. Also taken into consideration was that Walker was very cooperative during the interview process and that he assisted the police in shutting down the malware he had propagated and worked with the police to mitigate the damage he had caused, says Devoy. A number of features were recognised during the sentencing, but that wasn't to take away from the fact that Walker's offending was serious, says Devoy.

The police may use Walker's assistance if required in the future, he adds.

Walker was the ring-leader of a small but elite botnet coding group known as the "A-Team", according to the Waikato Police. His malware activity included colluding in DDoS (distribution denial of service) attacks and the installation of adware across 1.3 million computers, says a Waikato Police media release.

"Malware can take the form of viruses, adware or spyware. Sitting in New Zealand Walker designed a unique virus that utilised encryption and was undetectable by anti-virus software," says Devoy.

This programme was viewed by FBI experts as being very sophisticated malware. However, local and overseas security experts were not impressed.

University of Auckland cyber security guru Peter Gutmann told Computerworld in April that some of the technologies used by Akill was state-of-the-art about five years ago. His botnet was controlled via IRC (internet relay chat) systems, which was also common a few years back, said Gutmann. Other, well-hidden botnets instead have peer-to-peer-like structures in which the bots use encryption and trusted relationships to communicate, said Christian Seifert, a computer security PhD student at Wellington’s Victoria University.

Also in April, US computer forensics researcher and blogger Gary Warner wrote:

“We haven’t landed Moby Dick here. We haven’t stopped a ‘Criminal Mastermind’. We caught a few juveniles with anger management and social problems..."

Walker allegedly launched the DoS attack against the University of Pennsylvania in collaboration with a second offender, Ryan Goldstein, a student at the university. Walker has admitted his association with Goldstein and to gaining access to the university's servers through him. Walker told police that he used the university's server to update his botnet, and that the DoS attack was unintended.

Goldstein pleaded guilty to the charges in May in a US court and is now facing criminal prosecution in the US.

Walker received almost $40,000 in total from adware companies for installing adware using his botnet, according to the police documents. He used the money to buy computer equipment and he also made investments in a business run by his parents. His mother and stepfather knew he was making money out of doing online work but they did not realise he was engaged in illegal activity, says the summary. The investigation was a joint effort by the New Zealand police and the FBI, says Devoy. At the same time, Dutch authorities carried out an investigation on their own, he says.

"At termination in November 2007, an FBI cyber-crime investigator who had been working the case in the USA, joined us as a liaison officer," says Devoy.

"This sentencing brings to a successful conclusion months of intensive work by a multi-national, inter-agency investigation team. The operation would not have been a success without the close cooperation and our relationship with the FBI has been enhanced by this case," he says.

Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

Tags botnetSecurity IDakill

Show Comments