Botneter sentenced to 57 months in prison

Jeanson James Ancheta, 20, of Downey, Calif. pleaded guilty to four counts of conspiring to violate the Computer Fraud Abuse Act, conspiring to violate the CAN-SPAM Act, causing damage to federal computers, and accessing protected computers without authorization.

Although he faced as many as 25 years in prison, Ancheta was sentenced to four years, nine months by U.S. District Judge Gary Klausner, who also ordered him to give up $60,000 in cash, as well as a late-model BMW and computer equipment Ancheta bought with proceeds from the botnet. He is also to pay $15,000 in restitution to the government for damage his Trojan horses did to a pair of defense networks.

According to the original indictment, Ancheta had made $3,000 from renting the botnet to others, who used it to launch denial-of-service (DoS) attacks and spew spam. With an unidentified co-conspirator, Ancheta pocketed an additional $107,000 by seeding the botnet's PCs with adware and raking in affiliate fees for displaying pop-up ads on the commandeered computers.

After his jail term, Ancheta will serve three years of supervised release, during which time his access to computers and the Internet will be limited, the judge said.

"Your worst enemy is your own intellectual arrogance that somehow the world cannot touch you on this," Klausner told Ancheta at the end of the sentencing hearing.

Ancheta was the first American botnet controller to be convicted and sentenced. In a statement released Monday, the office of U.S. District Attorney Debra Wong Yang in Los Angeles also touted the sentence as "the longest-known sentence for a defendant who spread computer viruses."