SECURITY SPECIALIST CHARGED IN ID THEFTS.

Byline: Troy Anderson

Staff Writer

In the first prosecution of its kind in the nation, a Los Angeles man was charged Friday with using "botnets" -- armies of compromised computers -- to steal the identities of hundreds of thousands of people across the nation and extract banking and other information from their computers to make purchases.

John Schiefer, 26, a member of what is called the "botnet underground," has agreed to plead guilty to felony charges of accessing protected computers to conduct fraud, disclosing illegally intercepted electronic communications, wire fraud and bank fraud, U.S. Attorney's Office spokesman Thom Mrozek said.

"What troubled me about this particular case is that it involved an individual entrusted with making sure that computers are safe -- he was an information security specialist -- but while at work, he was infecting people's computers, putting wiretap programs on them, catching people's user names and passwords, and forcing the infected computers to disgorge the most confidential banking information, and then encouraging juveniles to use this information to steal people's money," said Assistant U.S. Attorney Mark C. Krause.

Schiefer worked for an undisclosed information-security company hired by banks and mortgage companies to make sure their customers' accounts are safe, Krause said.

The case is among a soaring number of electronic fraud schemes authorities have uncovered in recent months. District Attorney Steve Cooley has described computer crime as the "coming tsunami" and officials say they are seeing more cases in which criminals are hacking into people's banking, retirement and other accounts and stealing their money.

In this case, Schiefer and several associates installed malicious computer codes on up to 250,000 computers, which were used for a variety of identity-theft schemes, Mrozek said.

In his plea agreement, Schiefer acknowledged installing malicious computer codes, or "malware," that acted as a wiretap on the computers. Because the computer users were unaware of this, they continued to use them. Schiefer used the code to intercept electronic communications being sent over the Internet from those computers to PayPal and other Web sites, Mrozek said.

Once in possession of that information, Schiefer and the others sifted through the data to mine user names and passwords. With those, Schiefer and the others accessed bank accounts to make purchases. It is the first time in the nation that someone has been charged under the federal wiretap statute for conduct related to botnets, Mrozek said.

Schiefer is scheduled to appear in federal court Dec. 3 for sentencing. He faces up to 60 years in prison and a $1.75 million fine.