California Man Pleads Guilty for Hospital Botnet Attack

Christopher Maxwell, 20, of Vacaville, California, has plead guilty to charges to the creation of a "botnet" which led to computer malfunctions at Seattle’s Northwest Hospital in January, 2005.

Under a plea agreement, Maxwell will be held responsible for more than $252,000 in restitution to Northwest Hospital and Medical Center and the Department of Defense. He entered the plea in federal court Thursday.

"Some people consider botnets a mere annoyance or inconvenience for consumers, but they are highly destructive. In this case, the impact of the botnet could have been deadly," said United States Attorney John McKay.

The indictment alleges that Maxwell and two unnamed co-conspirators created the botnet to fraudulently obtain commission income from installing adware on computers without the owners’ permission. The government alleged that Maxwell and his co-conspirators earned $100,000 in fraudulent payments from companies that had their adware installed.

According to the indictment, as the botnet searched for additional computers to compromise, it infected the computer network at Northwest Hospital in north Seattle. The increase in computer traffic as the botnet scanned the system interrupted normal hospital computer communications. These disruptions affected the hospital’s systems in numerous ways: doors to the operating rooms did not open, pagers did not work and computers in the intensive care unit shut down. By going to back up systems the hospital was able to avoid any compromise in the level of patient care.

The botnet had also damaged U.S. Department of Defense computer systems at the Headquarters 5th Signal Command in Manheim, Germany, and at the Directorate of Information Management in Fort Carson, Colo. More than 400 computers were damaged at a cost of $138,000 to repair.