Mariposa botnet 'mastermind' jailed in Slovenia

ButterFly ad A security firm screengrabbed this ad for "command and control" software that featured a contact email address for Iserdo - the alias that Skorjanc is alleged to have used

Related Stories

A hacker accused of masterminding one of the biggest ever botnets has been sentenced to just under 5 years in jail.

Matjaz Skorjanc was arrested in 2010 after a two-year investigation into malware that had hijacked about 12.7 million computers around the world.

The 27-year-old was found guilty of creating the Mariposa botnet software, assisting others in "wrongdoings" and money laundering.

His lawyer said he would appeal.

In addition to the 58-month jail term, Skorjanc was also ordered to pay a 4,000 euro ($4,100; £2,510) fine and give up a flat and car he was alleged to have bought with money he had received from a Spanish criminal syndicate.

The prosecutors in the case have said they also intended to challenge the Slovenian court's ruling because they had wanted a tougher jail sentence of seven-and-a-half-years.

The former medical student's ex-girlfriend Nusa Coh was also sentenced to eight months probation for money laundering.

Identity revealed

Mariposa is the Spanish for butterfly.

The botnet got its name because it was created with software called ButterFly Flooder that was alleged to have been written by Skorjanc and advertised on the net as a way to "stress test" computer networks and remotely control Windows and Linux PCs.

Computers in more than 190 countries were infected by Mariposa, which spread by a variety of methods including via instant messages, peer-to-peer file-sharing systems and removable storage devices.

Computer screens Nearly 13 million computers are thought to have been infected with the botnet

Once installed its operators could command the compromised machines to carry out their instructions including sending back copies of data they stored.

The scale of the problem led the FBI to team up with European law enforcement agencies, the Georgia Tech Information Security Center and other security experts to track down the perpetrators.

This proved difficult to do because the hackers only connected to the net via a virtual private network (VPN), which hid their locations.

On 23 December 2009 the authorities managed to gain control of the botnet; which they believe rattled one of its operators, who went by the nickname Netkairo.

Defence Intelligence Defence Intelligence was attacked for helping the authorities gain control of the botnet

The operator subsequently managed to take back control of the infected computers and then used them to attack Defence Intelligence, a Canadian security firm helping the FBI.

However, in doing so Netkairo appeared to have revealed his identity by accidentally connecting to the botnet directly from his home computer rather than the VPN.

On 3 February 2010 the Spanish Civil Guard arrested Florencio Carro Ruiz, who they identified as Netkairo, and two other Spaniards.

Five months later the Slovenian police arrested Skorjanc, who they said had used the alias Iserdo and had written the code.

Officials said the botnet had been used to send spam emails, stage distributed denial of service (DDoS) attacks to overwhelm targets' servers with traffic, and harvest information including credit card details and log-ins.

"I think the sentence is significant and will be remembered as a milestone in the prosecution of cybercrimes," Keith Murphy, chief executive of Defence Intelligence told the BBC.

"It reflects that authorities have realised the damage that can be wrought by a piece of code, and are now starting to equate it to physical theft. The 'wild west' days of cybercrime are over, even in smaller countries."

More on This Story

Related Stories

The BBC is not responsible for the content of external Internet sites

More Technology stories

RSS

Features

BBC © 2014 The BBC is not responsible for the content of external sites. Read more.

This page is best viewed in an up-to-date web browser with style sheets (CSS) enabled. While you will be able to view the content of this page in your current browser, you will not be able to get the full visual experience. Please consider upgrading your browser software or enabling style sheets (CSS) if you are able to do so.