14 DAY TRIAL // John Kenneth Schiefer, a 26-year-old American security expert from Los Angeles, faces a sentence of 60 years in prison and a fine of $1.75 million after pleading guilty to charges of wire fraud, bank fraud and others, The Register reported today. The hacker, who used nicknames such as "Acid" and "Acidstorm", managed to break into approximately 250,000 computers and install software to get financial information. It appears that he used both his personal computer and his work system to access the victims` computers which were equipped with the Windows operating system.
Mr. Schiefer worked for 3G Communications, a security firm from Los Angeles and it seems like he collaborated with some other persons formerly known as "pr1me", "dynamic" or "revolt", the same source added. The hacker's attacks were pretty smart because once he installed the malware on victims' computers, the software started looking for PayPal credentials, usually encrypted by Microsoft's Windows. However, the application was able to decrypt them and made them available for the attacker.
"Once in possession of those intercepted communications, defendant and co-schemers known and unknown would sift through the data to obtain PayPal information, namely usernames and passwords, as well as usernames and passwords for other online accounts," the prosecutors and the defense lawyers said according to The Register.
Besides transferring money from victims' accounts, Schiefer often tried to sell the stolen information to other attackers who could use it for new malicious activities.
"In agreeing to plead guilty, Schiefer pledged to pay restitution of $19,128.35, the full amount he made in affiliate fees," The Register continued. Although I really don't think he is going to get a 60-year prison sentence because this would mean that he will get out at about 86, John Kenneth Schiefer is another proof that the authorities struggle to improve security on the Internet.