Guilty plea after botnet tested with DDoS on ISP

The second man charged in 2006 computer attacks on The Planet and T35 Hosting has agreed to plead guilty.

According to court filings, Thomas James Frederick Smith is set to plead guilty before a federal judge in Dallas on June 10. He and David Anthony Edwards are facing five years in prison and fines of up to US$250,000 on charges that they assembled a 22,000 node botnet and then trained it on two ISPs to show a prospective buyer what it could do.

Edwards pleaded guilty to the charges before U.S. District Judge Jane J. Boyle on April 29. He is set to be sentenced August 19. Before he decided to plead guilty, Smith's case had been set to go to trial next week.

Federal prosecutors say that Smith and Edwards -- known by their hacker handles Zook and Davus -- created a botnet they called Nettick, which they then tried to sell to cybercriminals, asking US$0.15 per infected computer.

To prove that they really controlled Nettick, the two allegedly trained it on a system hosted by The Planet, launching an August 2006 DDoS (distributed denial of service) attack on the ISP.

Six weeks later, the two allegedly broke into Texas Web hosting provider T35 Hosting, stole the company's database of user names and passwords and then defaced T35's Web site, posting this data to the public. T35 is best known as the free ISP that had hosted the Web site of Joe Stack, who crashed his plane into an IRS building in Austin, Texas, earlier this year.

Shortly after the attack, Smith allegedly posted a message to the HelptingWebmasters.com, pretending to be an innocent witness to the incident. "I found out today at around 11:40 PM that the t35 Website was Completly [sic] defaced," Zook wrote in the post. "I posted it to a few news sites and noticed after posting them that the Mysql dumps were actually up for grabs... How are all the users going to be compensated? Im [sic] sure EVERYONES [sic] password was in that file..."