Court Sentences Two Dutch Hackers for Identity Fraud

Two hackers belonging to the Netherlands injected malware to infect millions of computers in order to steal personal information consisting of credit card data and use them to buy electronic goods. They have been sentenced to prison, the leader for two years and his accomplice for 18 months. However, since the sentence included probation, the court calculated that the pair had already spent time in prison, so it released them free. The court has also ordered them to pay 9,000 euros ($11,700) and 4,000 euros ($5,200) in fines, respectively.

The court accused the leader for creating the Toxbot Trojan and the Wayphisher Trojan, which he used to infect 2.5 million computers. And it blamed his associate for spreading the malware and building a botnet of compromised PCs. The Toxbot Trojan helped the hacker to run the botnet and also log keystrokes. The Wayphisher Trojan enabled them to direct users to phishing sites away from the real online banking sites.

According to FBI, the men dropped a denial-of-service attack against Zango, a company developing adware, because the company refused to pay them affiliate fees. Although Zango filed a lawsuit but later it withdrew the charges.

The pair committed identity fraud of eBay and PayPal account data as well to purchase iPods, a graphics card, audio speakers, a camera and PlayStation game consoles, indicated the prosecution. The two men were arrested in October 2006 because one of them was held for developing the Trojan horse while the other nurtured malware and maintained a botnet network. There are many other suspects in the case, awaiting judgment.

Talking about botnets, Graham Cluley, senior technology consultant for Sophos said they were a global problem and becoming increasingly common. Hackers used them to exploit numerous PCs at once to send undesirable spam, launch denial-of-service attacks and steal data from innocent users. The Government Technology published Cluley's statement on January 1, 2007.

Cluley advises that all types of computer users - organizations as well as individuals must place adequate defenses on their PCs. They should equip them with firewalls, up-to-date anti-virus programs, and the latest security patches to prevent attacks.

Related article: Court Acquits Student From Generating Fake Boarding Passes

» SPAMfighter News - 2/7/2007