An Arizona man has been sentenced to 30 months in prison for selling command-and-control access to botnets.
Joshua Schichtel pleaded guilty in August 2011 to one count of attempting to cause damage to multiple computers without authorisation by the transmission of programs, codes or commands, which is a violation of the Computer Fraud and Abuse Act, and on top of his sentence he is also ordered to serve three years of supervised release.
Schichtel specifically pleaded guilty to causing software to be installed on approximately 72,000 computers on behalf of a customer who paid him $1,500 for use of the botnet.
In April, then White House cyber security co-ordinator Howard Schmidt announced that action on botnets would be a priority and that there had been 'a lot of discussion about botnets' in trying to identify how many are out there, what they are doing, what they could do and what the impact could be.
“We're teaming [with] US internet service providers, search engines, internet vendors, privacy rights advocates and groups and trade associations to tackle this on all fronts. We're working on developing best practices and an industry code of conduct within the next 90 days,” he said.
A working group was established in March and was led by Schmidt that will try to: develop principles for addressing the botnets; establish high-level strategies to increase public awareness about the botnets; leverage available consumer-focused information tools and resources to prevent the botnets from the beginning; and identify ways of measuring progress.
Schmidt however announced in May that he was retiring from his position, he later joined the board of directors at Qualys.