Man who developed a botnet of over 77,000 infected computers to pay for college avoids jail time
His lawyers argued that the "easily removable" malware used to infect thousands of computers merely turned devices into proxies.
A California man, who developed a botnet that ensnared over 77,000 computers infected with malware and rented it out to others to send spam, will not get prison time for his nefarious activities. A Pittsburgh judge on Monday (30 October) sentenced 29-year-old Sean Tiernan of Santa Clara, California, to two years probation. He received no jail time for accessing a computer with authorization and initiating spam messages.
Tierman created the botnet by covertly infecting users' computers with malware via social media without their knowledge. Since at least August 2011, he sold access to his botnet to those looking to send spam messages to unsuspecting victims. When he was arrested in October 2012 as a student at California Polytechnic State University, more than 77,000 infected computers were active in Tiernan's botnet.
"Each of these computers, along with the hacked servers used to control them, necessarily were 'protected' computers because they were accessed over the Internet in order to be compromised without the owners' consent," the Justice Department said in a release. "Several of these infected computers in Tiernan's botnet were located in the Western District of Pennsylvania."
He was charged with a CAN-spam violation, confessed immediately and pleaded guilty in 2013. His lawyers requested a probation period rather than jail time due to the "non-intrusive nature" of his crime, Bleeping Computer reported.
He reportedly argued that the malware used to infect thousands of users' computers through social media merely turned devices into proxies. The "easily removable" malware reportedly collected victims' IP addresses but did not steal their personal and financial data or extort from them.
Despite the size of the botnet, Tiernan insisted that the profits made from the scheme were "comparatively small". His lawyers said the "most of the money" made from the scheme was used to "pay for college and associated educational and living expenses."
"In short, the harm caused by the scheme – while real – was comparatively minor," his lawyers said in a sentencing memorandum, Bleeping Computer reported.
As the son of a computer consultant, Tiernan "followed in his father's footsteps and learned how to code and navigate the internet at a very young age," his lawyers said. He reportedly became involved in the development of the botnet in the 2000s and operated it with other adults.
"At the time that he joined the scheme, Sean did not appreciate the seriousness of what he and his co-schemers were involved in or that he could potentially land in jail," Tiernan's lawyers said. "He thought (wrongly) that as long as they were not accessing private information such as banking or financial records on these computers, they were not doing anything particularly wrong."
He is currently enrolled in the Stanford CyberSecurity Graduate Program and is working towards becoming a Certified Information Systems Security Professional (CISSP).