A Mesquite, Texas, man is set to plead guilty to training his 22,000-PC botnet on a local ISP -- just to show off its firepower to a potential customer.
David Anthony Edwards will plead guilty to charges that he and another man, Thomas James Frederick Smith, built a custom botnet, called Nettick, which they then tried to sell to cybercriminals at the rate of US$0.15 per infected computer, according to court documents.
On August 14, 2006, Smith and Edwards allegedly used part of Nettick to attack a computer hosted by The Planet. Apparently, that was just a test, to show that the botnet was for real. "After the test, the bot purchaser agreed to buy the source code and the entire botnet for approximately $3,000," prosecutors say in the indictment against the two men.
Edwards will plead guilty Thursday in federal court in Dallas, according to his attorney, Mick Mickelsen. Smith has pleaded innocent in the case and is set to go to trial on May 17. Both men face a maximum of five years in prison and a $250,000 fine on one count of conspiring to cause damage to a protected computer and to commit fraud.
Edwards, who used the hacker pseudonym Davus, controlled the botnet from an IRC (Internet Relay Chat) channel hosted on his kidindustries.net Web site, according to a statement of facts filed in conjunction with his plea agreement.
Six weeks after ThePlanet.com attack, Edwards and Smith broke into Texas Web hosting provider T35 Hosting, downloaded the company's password database, and then defaced the T35.net Web site, posting usernames and passwords to the public, prosecutors state.
Smith, who used the hacker name Zook, allegedly pretended to be an innocent bystander to the hack, posting to the HelpingWebmasters.com discussion site that he'd discovered the defacement on Oct. 4.
"I found out today at around 11:40 PM that the t35 Website was Completly [sic] defaced," Zook wrote in the post. "I posted it to a few news sites and noticed after posting them that the Mysql dumps were actually up for grabs... How are all the users going to be compensated? Im sure EVERYONES password was in that file..."
A few hours later, T35 President Alex Melen responded to Zook's post, blaming the compromise on a Linux kernel vulnerability, and noting that "a lot of companies are dealing with these hacking attacks right now and not a lot can be done."
Neither T35 nor ThePlanet.com responded to messages seeking comment for this story.