California man pleads guilty to bot attack

Attack designed to install adware on compromised computers disrupted critical communications at Seattle hospital.

Dawn Kawamoto Former Staff writer, CNET News

Dawn Kawamoto covered enterprise security and financial news relating to technology for CNET News.

Dawn Kawamoto

May 5, 2006 2:03 p.m. PT

A 20-year-old California man has pleaded guilty to launching a bot network attack that compromised computers at a Seattle hospital and several universities.

Christopher Maxwell, a Vacaville, Calif., resident, was accused of intentionally damaging a computer he was not authorized to access and using it to commit fraud. He made the guilty plea on Thursday in federal district court in Seattle.

Back in mid-2004, Maxwell and a group of co-conspirators created a network of bots, or automated programs, using more than 13,000 commandeered computers, or zombies. Maxwell used the bot network to install adware on compromised computers, reaping commissions of approximately $100,000 for himself and his co-conspirators, according to the initial complaint.

In order to run the bot network, Maxwell used high-powered computers from California State University at Northridge, the University of Michigan and the University of California at Los Angeles, the complaint said.

Some of the computers affected by Maxwell's efforts included those at Northwest Hospital in Seattle. As the bot network scanned the hospital computers to load adware, network traffic increased to such an extent that it interrupted communications of the hospital's surgical team, diagnostic imaging services and laboratory services, according to the complaint.

The cost to the hospital to address the botnet problem was initially pegged at almost $150,000.

Maxwell is scheduled to be sentenced on Aug. 4 in the Seattle court.