A hacker faces 60 years in prison and a $1.75m fine after pleading guilty to infecting hundreds of thousands of computers with malware in order to steal money from PayPal accounts.
John Schiefer, 26, admitted that he and some associates developed malware that allowed them to create botnet armies of as many as 250,000 computers. Schiefer was able to collect information sent from the infected computers, including usernames and passwords for PayPal accounts. He and his associates were then able to make purchases using the PayPal accounts. They also shared the password information with others.
This is the first prosecution of a hacker for this type of activity, according to the US Attorney's Office for the Central District of California. The Federal Bureau of Investigation pursued the case.
Schiefer says he also found PayPal usernames and passwords using malware that could access usernames filed in a secure storage area on the computers. The malware would send that information to Schiefer, who used it to access the accounts.
Schiefer also acknowledged fraudulently earning more than $19,000 from a Dutch internet advertising agency that hired him as a consultant. He was supposed to install the company's programs on computers after receiving consent from computer owners. Instead, he and his associates installed it on 150,000 computers that were infected with his malware.
Schiefer is scheduled to appear in the US District Court in Los Angeles on November 28 and be arrainged on December 3.