This might have been just another computer-virus attack, a common and malicious scheme that sometimes is done for little more than bragging rights. But federal officials say it was something far more insidious.

It turns out the Seattle hospital's computers — along with up to 50,000 others across the country — had been turned into an army of robots controlled by 20-year-old Christopher Maxwell of Vacaville, Calif., according to a federal indictment issued Thursday. And Maxwell, along with two juveniles, earned about $100,000 in the process, court documents state.

The trio had created a "botnet," a phenomenon that is on the cutting edge of computer crime, federal officials say.

"Their goal was as old as fraud itself," Assistant U.S. Attorney Kathryn Warma said Friday during a news conference. "To line their own pockets."

Protecting your computer

The FBI recommends that computer users take the following steps to thwart hackers:

• Maintain an updated, patched operating system. Enable automatic updates.

• Install and use virus protection, updated as frequently as the vendor allows.

• Install and use a personal firewall, preferably a software firewall, used in conjunction with a hardware device.

• Install and use an anti-spyware tool from a reputable vendor.

Maxwell's lawyer declined to comment on the case. Maxwell is not in custody and will make his first appearance in U.S. District Court in Seattle on Feb. 23. The two juveniles, who don't live in Washington, are being charged in other undisclosed jurisdictions. They were not identified.

How process works

"Botnet" may sound technical, but it describes a process that is relatively simple and is essentially one step beyond a computer virus.

A virus exploits software vulnerabilities to infect one computer, which then can transmit the infection to others. To create a botnet, hackers exploit the same sorts of vulnerabilities, then tell the infected computers to wait for further commands — in essence, creating computer sleeper cells. The so-called "bot-herder" commands thousands of these computers at once by taking control of a server, often secretly.

Like other hackers, Maxwell figured out a way to make money out of the deal, court papers state. He entered into affiliate relationships with several mainstream adware companies, which pay a commission each time their adware is installed.

Maxwell simply created a program instructing his infected computers, or "bots," to download the adware. The bots then "phoned home" to the adware company, which credits the hacker's account, unaware that he hasn't gotten the computer owner's permission.

Since 2004, Maxwell earned more on botnets than he did at his Wal-Mart job, according to court papers.

Difficult to solve

"We're seeing the migration of traditional fraud to the cyber area," said Frank M. Harrill, an FBI expert in computer crime.

It's just as difficult to solve. By the time the computer owner figures out what's going on, the bot-herder has covered his tracks. In fact, some companies are reluctant to even report the attack to authorities because it can prove embarrassing to their business, government officials said.

But the Northwest Hospital case played out differently in January 2005. Hospital officials called the FBI immediately, and an agent went to the scene while the attack was in progress. Meanwhile, the hospital used some old-fashioned backup systems. When electronic file transfers didn't work, nurses ran the files up and down hallways. When key cards wouldn't work, they stood guard and inspected ID badges themselves.

No patients were harmed, but First Assistant U.S. Attorney Mark Bartlett said this kind of attack could easily endanger lives.

In all, about 150 of the hospital's 1,100 computers were infected over the course of three days.

A "twisted and difficult" trail eventually led the FBI to Maxwell, Warma said. Investigators found he had hacked into servers at the University of Michigan, California State University, Northridge, and the University of California, Los Angeles, to carry out his plan, court papers state. Northwest Hospital was not specifically targeted in the attack, federal officials said.

"They're robots; they don't target an individual," Harrill said.

"Blunt-force tool"

Instead, a botnet will repeatedly send out messages looking for computers it can attack. The FBI compared it to yelling out a friend's name in a crowded room — over and over and over again. The more it happens, the more intrusive it is. The repeated messages tie up computer networks and sometimes shut them down, as they did at Northwest Hospital.

"It's a blunt-force tool," Harrill explained.

Sometimes tying up the network is the sole purpose, as in "denial of service" attacks. Other times, the purpose is extortion.

"No longer does someone need to threaten someone physically," Harrill said. "They can threaten to take down their Web site."

Maxwell has been charged with one count of conspiracy to intentionally damage a protected computer and with one count of intentional computer damage that interferes with medical treatment. The crimes carry a sentence of up to 10 years in prison, a $250,000 fine and restitution.

Maureen O'Hagan: 206-464-2562 or mohagan@seattletimes.com

E-mail article Print view

More local news headlines...