Here’s a story that should convince everyone that the internet isn’t a secure place to do your banking or release any sort of personal information:
John Schiefer, a Los Angeles “computer security expert” at 3G Communications, pled guilty today of “accessing protected computers to conduct fraud, disclosing illegally intercepted electronic communications, wire fraud and bank fraud.” The 26 year old man used spyware to collect hundreds of thousands of internet user’s login and passwords for assorted sites, including Paypal, and would make unauthorized purchases. Schiefer also distributed the personal information to other hackers.
Schiefer was also signed a contract with a Dutch internet advertising company for the express purpose of infecting the company’s client’s computers with “bots” that were used to copy and send personal data back to Schiefer and his associates. [via]
A MySpace page found doing a search of his name found a user named “Acid” aged 27 living in Los Angeles. The profile includes “the hacker’s creed,” along with this notation: “And remember. I did it for the luls.”
Sentencing is scheduled for August 20th, and could be up to 60 years in prison and a $1.75 million fine. As a victim of identity theft, and knowing full well the amount of time it takes to clear this sort of thing up, I wouldn’t be surprised if the cumulative damages and time spent by all of Schiefer’s victims hasn’t been much more.
[additional source: KNBC]