A Los Angeles man on Friday admitted helping to install a Trojan horse program on 250,000 computers world-wide that eavesdropped on Internet communications and stole bank account information. He could face up to 60 years in prison.
The U.S. Attorney's Office in Los Angeles said John Schiefer, 26 years old, pleaded guilty to four counts of fraud and illegal interception of electronic communications. He could be fined as much as $1.75 million and sentenced to 60 years in prison, prosecutors said. Mr. Schiefer and accomplices installed the Trojan horse program on 250,000 computers world-wide and intercepted communications destined for online banking and payment sites such as PayPal Inc., thus obtaining bank account numbers and passwords.
Mr. Schiefer used the stolen account numbers and passwords to transfer funds out of customer accounts, according to prosecutors, who said they are still investigating the total amount of money stolen.
By day, investigators said, Mr. Schiefer was an expert in computer security; by night, he was the commander of a "botnet" -- an army of infected computers known as "zombies." Along with his accomplices, he installed malicious software, or malware, on other people's machines that not only stole data but also attacked other Web sites.
During the investigation, authorities found that Mr. Schiefer also implanted malicious code on some computers running Microsoft Corp.'s Windows operating system to steal users' account names and passwords.
In addition, Mr. Schiefer admitted defrauding his own employer, Dutch online-advertising company Sparrow Networks. Mr. Schiefer, who worked as a consultant for the company and earned nearly $20,000 a month, installed surveillance software on 150,000 computers at Sparrow Networks.
Mr. Schiefer is set to be formally charged by prosecutors on March 3.