informa
/
3 min read
article

Botnet Sting Bags Texas Man For Allegedly Infecting Hospital Computers

The government is notifying ISPs of the 1 million botnet victims identified as part of Operation Bot Roast, and it will be up to the ISPs to warn its infected users.
As part of the government's newly focused attack on cybercriminals, a Texas man was indicted this week on charges of breaking into and controlling a network of 10,000 computers, including machines in several Chicago-area hospitals.

James C. Brewer, 23, of Arlington, Texas, was charged with two counts of computer fraud for allegedly operating a botnet in 2006. He faces 20 years and a $250,000 fine for being an alleged bot herder, which is a term for someone who builds and operates botnets.

The indictment was part of the Department of Justice and the FBI's major announcement Wednesday that it is three months into an ongoing cybercrime initiative to disrupt and dismantle botnets and bot herders. While investigating Brewer's case, along with four others, the FBI reported that it identified more than 1 million botnet victims.

Despite the FBI's initial report that it was going to work with the U.S.-CERT Coordination Center at Carnegie Mellon University to notify the owners of the compromised computers, Deputy Assistant Director Shawn Henry, of the FBI's Cyber Division, told InformationWeek on Thursday that it will not be contacting individual victims.

"We would not be able to resolve all the IP addresses and contact all the individual victims," said Henry, adding that they've already begun notifying some ISPs. "What we can do is refer IP addresses to the [corresponding] ISPs and if they choose to, they can contact their customers."

Henry also said that the FBI will be trying to raise public awareness that people and companies need to secure their computers so they don't become part of a botnet. "People can be victimized if they don't take care of their computers and networks," he said. "We have to maintain personal responsibility over our computers."

He did say that if they find that a major company or organization is part of the 1 million victims, the government will notify them of the problem.

Richard Kolko, a special agent with the FBI, said going through the victimized IP addresses and notifying the ISPs will be one of the biggest jobs they've ever done.

Hackers and malware writers conspire to infect computers around the world with viruses and Trojans that allow them to remotely control the victim machines. Then they amass thousands or hundreds of thousands of these zombie computers, creating great armies -- or botnets -- of them. In recent months, botnets have been increasing in number and in size, as they launch massive waves of spam, malware, and even denial-of-service attacks.

Most of the owners of the zombie machines don't even know they have been infected or that their machines are being controlled by someone else.

In the Brewer case, prosecutors charge that he used his 10,000-strong botnet to scan the Internet for other unprotected computers that could be infected and added to his growing zombie army. His botnet included computers in the Cook County Bureau of Health Services, which administered and operated health care centers throughout the city of Chicago and surrounding suburbs. According to the indictment, some of the infected computers were in the nuclear medicine and oncology-radiation therapy departments at John H. Stroger Hospital, as well as in the pharmacy department at Oak Forest Hospital.

Because of the botnet infection, the hospitals' computers would repeatedly freeze or crash, causing "significant delays in the provision of medical services" and access to data needed by health care workers. According to the indictment, the hospitals spent more than 1,000 hours trying to fix the systems.