Arizona man imprisoned for renting out botnet

A hacker was given 30 months in prison yesterday for selling command-and-control access to thousands of malware-infected computers.

Joshua Schichtel, 30, of Phoenix, Arizona, pled guilty last month to causing damage to multiple computers without authorization by the transmission of programs, codes or commands, under the Computer Fraud and Abuse Act.

Rather than using the botnet he’d created for his own purposes, Schichtel decided to work as an outsourcer, selling access to it instead. He had a number of happy customers, says the DoJ.

“Individuals who wanted to infect computers with various different types of malicious software (malware) would contact Schichtel and pay him to install, or have installed, malware on the computers that comprised those botnets,” says the Department of Justice.

“Specifically, Schichtel pleaded guilty to causing software to be installed on approximately 72,000 computers on behalf of a customer who paid him $1,500 for use of the botnet.”

It’s not Schichtel’s first brush with the law. Back in 2004, he was accused of involvement in a series of DDoS attacks on Californian businesses – again at the behest of someone else – but because an indictment wasn’t filed in time, the case was dropped.

As well as the 30-month sentence, Schichtel’s been ordered to serve three years of supervised release.