WASHINGTON – More than 1 million computers — possibly yours, too — are used by hackers as remote-controlled robots to crash online systems, send spam e-mails and steal users' personal information, the FBI said Wednesday.
[Professional security experts think many millions of computers, perhaps 10 to 15 percent of the worldwide total, have been infected with botnet software.]
The government has no way to track down all the computers, both in the U.S. and elsewhere, that hackers have massed into centrally controlled collections known as botnets.
FBI Deputy Assistant Director Shawn Henry said in an interview Wednesday, "There will likely be spam sent on the heels of this case [by] people portraying themselves to be from the FBI or saying, 'We're investigating the big botnet case that you heard about and we need to check your computer. Provide us this information.'"
"Bad guys will continue to use whatever tools are available on the vulnerable, on people who are unaware or unsuspecting," Henry said.
Hackers create botnets by scanning the Internet for vulnerable computers, which are then infected and absorbed into the botnet.
Because the hacker has complete control of each "bot" computer, the botnet can be used to launch distributed denial-of-service attacks, send spam e-mail, steal account login information or run any program.
Recent busts of botnet hackers, as part of the FBI's "Operation Bot Roast " sting, include:
— James C. Brewer , of Arlington, Texas. He was indicted Tuesday on charges of infecting more than 10,000 computers globally, including two Chicago-area hospitals operated by the Bureau of Health Services in Cook County, Ill.
The computers at the two hospitals were linked to the health care bureau's mainframe system. They repeatedly froze or rebooted from October to December last year, resulting in delayed medical services, according to the indictment.
Brewer was released on a $4,500 bond, court records show.
— Robert Alan Soloway of Seattle. When he was arrested last month, he was described as one of the world's top spammers for allegedly using botnets to send out millions upon millions of junk e-mails since 2003.
Soloway continued his activities even after Microsoft won a $7 million civil judgment against him in 2005 and after Robert Brauer, the operator of a small Internet service provider in western Oklahoma, won a $10 million judgment.
Soloway has pleaded not guilty to all charges in a 35-count indictment.
— Jason Michael Downey, of Covington, Ky. He was accused in Detroit last month of flooding his botnet-linked computers with spam for an 11-week period in 2004 and causing up to $20,000 in unspecified losses, according to court records.
The FBI's Henry said agents are investigating thousands of cyberfraud and computer intrusion cases, although it is not clear how many might be linked to botnets.
He said people should have their computers checked regularly for evidence of botnet infection, including using antivirus software or security firewalls.
"People have their cars inspected once a year to make sure they're safe," Henry said. "You've got to do the same types of things with your computers."