Arizona man sentenced for selling access to botnets

A man who was reportedly part of one of the first “DDOS-for-hire” electronic attack hit squads will serve two-and-a-half years in prison for selling access to malware-infected computers.

Joshua Schichtel, 30, of Phoenix, AZ, was sentenced on Sept. 6 to 30 months in prison for selling command-and-control access to, and use of, thousands of malware-infected computers, announced Assistant Attorney General Lanny Breuer of the Justice Department’s Criminal Division and U.S. Attorney for the District of Columbia Ronald Machen, Jr.

Schichtel was also ordered to serve three years of supervised release.

Schichtel pleaded ea on August 17, 2011, to one count of attempting to cause damage to multiple computers without authorization by the transmission of programs, codes or commands, a violation of the Computer Fraud and Abuse Act.

Schichtel was allegedly part of one of the first “DDOS-for-hire” rings uncovered in 2004. He was caught up in an investigation into a Massachusetts businessman’s scheme to launch an organized Distributed Denial of Service (DDOS) attack on his competitors by hiring hackers who knew how to perform the electronic assaults.

According to court documents, Schichtel sold access to “botnets,” which are networks of computers that have been infected with a malicious computer program that allows unauthorized users to control infected computers. Individuals who wanted to infect computers with various different types of malicious software (malware) would contact Schichtel and pay him to install, or have installed, malware on the computers that comprised those botnets.

Specifically, said the documents, Schichtel pleaded guilty to causing software to be installed on approximately 72,000 computers on behalf of a customer who paid him $1,500 for use of the botnet.

.