AKILL, Owen Thor Walker, AKA "Snow Whyte" (Whyte was his mother's maiden name), AKA "Snow Walker" (note to hackers, don't use your own name as your alias), is a troubled young man living in New Zealand. Up until his conviction he was a quiet, gifted programmer, who worked for Trio Software Development. The media is painting him to be the ring leader of a worldwide criminal enterprise which controls 1.3 Million computers and has caused $20 Million USD in damages.
There is no question Walker was brilliant. He is diagnosed with Asperger's Syndrome, a disorder in the same family as autism, characterized by very poor social interaction, and a fixation on a narrow range of intellectually challenging pursuits that often involve a high degree of repetition. His mother says he left school at age 14, largely because of problems with bullies, and completed his education via correspondence courses.
But what were the actual charges? ComputerWorld New Zealand is reporting this morning that the only damages they have charged him with are $13,000 in costs which the University of Pennsylvania incurred in recovering from a Botnet attack he launched against the TAUNET service housed at UPenn. (See ComputerWorld.nz
The Sydney Morning Herald, which ran a picture of Walker and his mother in this article of Feb 29, 2008, said:
Walker was arrested in November last year in the northern city of Hamilton as part of an international investigation into a cyber crime network accused of infiltrating 1.3 million computers and skimming millions of dollars from victims' bank accounts.
But the original story which brought AKILL into the International eye was the charges brought by the FBI under Operation Bot Roast II, which Forbes magazine mentioned like this as recently as yesterday:
The FBI's deputy assistant director of its Cyber Division, Shawn Henry, points to the November arrest of the hacker known as AKILL, an 18-year-old in New Zealand running a botnet of 50,000 computers.
The other charge that we know about AKILL is that he has been accused "by Dutch authorities" of being part of a scheme where hackers installed advertising software on computers they compromised. One of the other targets of Operation Bot Roast II was Robert Matthew Bentley, of Panama City, Florida. Bentley was convicted of his charges on March 6, 2008, according to this FBI Jacksonville Press Release.
I am saying that it is very likely that this is actually the same scheme that AKILL was tied up in, (but haven't found the proof of that yet). Bentley was accused of installing software for a scheme called "Dollar Revenue". Dollar Revenue was fined $1.54 Million USD by Dutch authorities in a scheme where hackers were paid 15/100 of a Euro for installing the adware on European computers, or 25 cents for installing the adware on American computers. (See this PC World article)
These types of revenues fall more in line with what was said during AKILL's trial, where the judge was considering whether to force Walker to pay restitution of "$8,000". New Zealand media are reporting that Walker plead guilty to infecting "at least 20,000" computers, and his bank accounts show that he had received payments of "$40,000 NZD". (See for example this New Zealand TV station's report.
What actually was the "criminal mastermind" activity that AKILL performed? He took source code for a previous botnet program and made some slight modifications to it. Detective Inspector Peter Devoy of the New Zealand police confirmed in interviews that AKILL is responsible for the "AkBot" malware. (See Security IT World's story for more.) (Devoy was also the one quoted in the original New Zealand Police press release: Waikato Police investigate cyber-crime
How was Walker caught? It looks like a good job of International Cooperation, but one lynchpin in the investigation goes back to making poor choices in friends online. Ryan Goldstein, AKA Digerati, has been a troublemaker for years. Ryan, a 21-year old student at UPenn, was a member of a hacking group called "TeamLoosh", and couldn't decide what color his hat should be.
TeamLoosh leader, rofles, basically went on a character-assassination rampage against Ryan, posting defaming photographs and emails intended to show that Ryan was a pedophile anywhere that he saw Ryan making posts. Some of these appeared in places like "governmentsecurity.org", posting links to a file named: http://www.teamloosh.com/txt/Digerati-Exposed.zip (now offline).
Ryan was angry, but having been banned from several places because of these accusations, he behaved in his typical fashion. He promised AKILL access to several "elite" hacker websites where he still had influence, if he would help him get revenge. The DDOS, intended to punish the TAUNET Internet Relay Chat servers which had banned "Digerati", was said to include 50,000 attacking computers, which were launched against TAUNET by AKILL.
The Digerati Indictment is available from the Pennsylvania US Attorney's Office. It reveals the exact nature of the payment offered to AKILL. (Quoting from page 5 of the indictment:
"I can get you some good private stuff, i can also pay you, to take taunet down...i have access to a lot of stuff you might want...www.findnot.com/servers.html - i have a legit login/pass for that, guaranteed to work through 2007 at least...undetected, unreleased bifrost (trojan) beta with 100% av (antivirus) and fw (firewall) bypass."
I'm very pleased that Ryan/Digerati and Owen/AKILL/Snow Whyte have been apprehended, but the point of what I tried to say on BBC World Service this morning was let's not make this a fishing story. We haven't landed Moby Dick here. We haven't stopped a "Criminal Mastermind". We caught a few juveniles with anger management and social problems, who made $40,000 selling hacked computers to a Dutch advertising company and attacked a University chat room because the boys there told another boy he was not their friend any more.
Its a message that International Law Enforcement Cooperation is working, at least between the Dutch, the FBI, and the New Zealanders, but we still have a long way to go before the Internet is going to be a safe place to play.
-----
Corrections Made:
Ryan Lee, ryan1918, has pointed out an error in the original version of this posting. Ryan Lee (ryan1918) is *NOT* Digerati, and should not be confused with Ryan Goldstein.
To Priest, stm, rofles, Gammarays, Zerofool2005 - thanks for the comments - send me an email. Happy to learn more and have a more accurate article.
No comments:
Post a Comment