A security consultant based in L.A. has pleaded guilty to leading a double life as a bot herder, infecting 250,000 computers and stealing thousands of identities in the process.
John Schiefer pleaded guilty to four counts of fraud and wiretap charges that could saddle him with a $1.75 million fine and 60 years in prison, according to the Los Angeles U.S. Attorney’s office.
Prosecutors accused Schiefer and some unidentified co-conspirators of installing malware that acted as a wiretap on hijacked machines, intercepting messages to Paypal and other Web sites.
According to Reuters, he collected user names and passwords and used them to break into bank accounts.
What’s chilling about all this is that Schiefer worked by day as an information security consultant people trusted to help them secure their systems. The lesson here is that sometimes you can’t even trust the good guys.