A Los Angeles computer security consultant was sentenced Wednesday to four years in federal prison for using spyware that turned thousands of computers into "zombies" so he could steal their owners' identities.
John Schiefer, 27, admitted using "botnets" -- armies of infected computers -- to steal the identities of victims nationwide by extracting information from their personal computers and wiretapping their communications.
"This kind of conduct is actually far more devastating than assaulting a prison officer," said U.S. District Judge A. Howard Matz, referring to the case heard just prior to Schiefer's.
Matz said Schiefer had been employed "to protect people from this kind of conduct, yet he engaged in this kind of conduct."
Schiefer and several unindicted associates developed and distributed a malicious computer code to vulnerable computers, then used to code to assemble armies of up to 250,000 infected computers, which they used to engage in a variety of identity theft schemes, prosecutors said.
In pleading guilty last April to computer fraud, Schiefer acknowledged installing malicious computer code, or "malware," that acted as a wiretap on compromised computers.
The victims -- unaware their computers had been turned into "zombies" -- continued to use them to engage in commercial activities.
Schiefer used the malware, which he called a "spybot," to intercept electronic communications being sent online from the zombie computers to PayPal and other Web sites, according to the U.S. Attorney's Office.
"There's a pathology that society has to deal with," Matz said. "There are people who want to display their prowess in Internet technology -- but they screw up big time."
Schiefer also admitted signing up as a consultant with a Dutch Internet advertising company in order to defraud it with his botnets.
He promised to install the company's programs on computers only when the owners gave consent. Instead, Schiefer and two co-schemers installed that program on about 150,000 computers that were infected with their malware, prosecutors said.
Schiefer advised his associates to moderate the number of installations so it appeared they were legitimate and not the result of a malicious computer program that was propagating itself. The company eventually paid Schiefer more than $19,000.
Schiefer was a member of the "botnet underground" and the case was the first prosecution of its kind in the United States, according to the U.S. Attorney's Office.
Along with the prison sentence, Matz ordered Schiefer to pay restitution of $19,000 to PayPal and other companies.