FBI's 'Bot Roast II' Leads To Alleged New Zealand Mastermind

The teen's botnet group is responsible for taking control of more than 1 million computers through the use of malware, the FBI alleges.
Police in New Zealand this week searched the residence of an 18-year-old New Zealander believed to be the leader of an international group of botnet programmers known as the "A-Team."

The teen, not named because of his age, goes by the name "AKill" online, according to the FBI.

New Zealand police on Friday issued a statement saying that they're continuing to interview "AKill" and that the investigation is the first of its kind in the country.

The investigation is one of several arising from the FBI's Bot Roast II, the second stage of what began earlier this summer as national effort by the FBI and other law enforcement organizations to combat botnet cyber crime.

Botnets are groups of computers that have been hijacked by cyber criminals, usually through malware distributed via e-mail or malicious Web sites. They can be used to conduct denial of service attacks, to send spam, or to distribute malware or illegal content. According to the FBI, the majority of owners of compromised computers remain unaware that their PCs have been subverted to conduct cyber crime.

The FBI alleges that the teen's botnet group is responsible for taking control of more than 1 million computers through the use of malware. The agency said that it had uncovered over $20 million in economic harm since it launched its anti-bot initiative in June.

New Zealand police said the "A-Team" was believed to be responsible for installing malware on 1.3 million computers via the Netherlands. (The Netherlands, the third largest distributor of malware, was chosen due to its "superior data transmission infrastructure," according to New Zealand police.)

The "AKill" investigation arose out of an investigation conducted by the FBI's Philadelphia Office which recently resulted in the November 1 indictment of University of Pennsylvania student Ryan Goldstein, 21, of Ambler, Penn., for allegedly attempting to launch a denial of service attack through a botnet with "AKill."

Goldstein has pleaded not guilty and is free on bail pending his trial. University of Pennsylvania spokesperson Ron Ozio confirmed that Goldstein remains enrolled at the school and said that the damage arising from Goldstein's alleged actions was inconvenient but not irreparable.

"This case illustrates how law enforcement agencies around the world are rising to the challenge of fighting crime in cyberspace," said United States Attorney Patrick L. Meehan in a statement on Thursday. "As the Internet breaks down the barriers of national borders, collaborative efforts to find and prosecute the criminals become more crucial. This investigation and this indictment is proof of the commitment to meet that challenge."

The indictment against Goldstein contains one passage that suggests fears about the inadequacy of the signature-based model for antivirus protection are not misplaced. It quotes an excerpt of an IRC chat in which Goldstein allegedly offered access to an unreleased Trojan with "100% AV (antivirus) and FW (firewall) bypass."