Hacker Hitmen
Cyber Attacks Used to Be for Thrill Seekers. Now They're About Money.

By Cassell Bryan-Low
Staff Reporter of The Wall Street Journal

On Oct. 6, 2003, an electronic attack overwhelmed the Web site of WeaKnees.com, an online seller of digital video recorders. As the attacks escalated over several weeks, the e-mail system was knocked out, customers couldn't access the Web site, and the Los Angeles retailer says it suffered about $200,000 in lost sales and costs for fixing the system.

U.S. law-enforcement officials who later investigated the electronic assault came to a disturbing conclusion: It wasn't masterminded by a typical hacker, motivated by the thrill of the crime. Instead, the attack on WeaKnees appeared to be the work of a new breed of cyber-mercenaries who are paid to unleash viruses.

The man who allegedly made that payment is Jay R. Echouafni, a 37-year-old entrepreneur from Sudbury, Mass. Rebuffed by WeaKnees over a proposed business deal, Mr. Echouafni attacked the company's Web site, according to law-enforcement authorities.

In August 2004, Mr. Echouafni was indicted by a federal grand jury in Los Angeles on charges of criminal conspiracy and launching destructive computer attacks against WeaKnees and two other firms. Five other defendants are named in a criminal complaint for their alleged role in the attacks, but haven't yet been indicted.

The three target companies, in total, suffered more than $2 million in lost revenue and costs, according to the complaint.

Criminal's Toolbox

Traditionally, computer hackers have invented viruses primarily for the sake of the bragging rights. But now hackers are mixing with fraudsters and organized-crime rings, law-enforcement officials say. Increasingly viruses are being used illegally for financial gain, and they are becoming part of the modern criminal's toolbox. The growth in such attacks is driven by a new family of viruses that lets a person control large numbers of computers in order to attack a corporate Web site.

In a phone call made recently from an unknown location, Mr. Echouafni denied the federal charges. "I had nothing to do with the attacks," he said.

The case against Mr. Echouafni and his co-defendants is in its early stages and not all the facts are known. Some alleged participants couldn't be reached. But the case provides an early glimpse into the burgeoning world of viruses-for-hire.

In early 2003, Mr. Echouafni approached WeaKnees.com with a business proposal: Mr. Echouafni wanted to distribute upgrade kits sold by WeaKnees, which extend the recording time of DVRs, says Michael Adberg, co-owner of WeaKnees. Mr. Adberg says he turned down the proposal in part because he worried it would give Mr. Echouafni significant control over WeaKnees' business.

Apparently annoyed by the rejection, Mr. Echouafni contacted Paul G. Ashley, owner of an Ohio company with whom he did business, according to the indictment. Mr. Ashley's company rented out large computers that run Web sites, the indictment says. Mr. Echouafni said that some competitors were bothering him and asked Mr. Ashley to attack their Web sites, according to the indictment and complaint.

Three companies were targeted, including WeaKnees and Rapid Satellite, a Miami company that directly competed with Mr. Echouafni's business of selling home satellite-TV systems, according to the indictment. Mr. Ashley sent their Web addresses to Lee G. Walker, a business associate who lived in the U.K., according to the complaint. Mr. Walker's weapon of choice for the job was a piece of malicious computer code known as a bot virus, the complaint alleges.

Richard Cline, a lawyer in Columbus, Ohio, for Mr. Ashley, said neither he nor his client had any comment. Mr. Walker couldn't be reached.

With a bot virus, a single person can hijack the power of thousands of far-flung computers. Experts believe that most spam is sent using bots. The approach makes it easy for criminals to cover their tracks since they act through others' computers.

Mr. Walker later confessed to law-enforcement officials that he used computers infected with a bot virus named "Agobot," according to the complaint. Its creator was Axel Gembe, an unemployed computer whiz living in Germany. Mr. Gembe gained notoriety last fall for breaking into the systems of U.S. videogame developer Valve and stealing code for the sequel of the computer game "Half-Life."

German police arrested Mr. Gembe in May for his alleged role in the theft of the videogame code and for his involvement in the attacks that Mr. Echouafni allegedly instigated. Mr. Gembe hasn't been charged with any crime. Police say they are still investigating.

In an e-mail response to questions, Mr. Gembe admits to taking the videogame code but says he didn't leak it to the public. He also acknowledges writing Agobot, but says that he doesn't know how Mr. Walker obtained the virus.

Mr. Walker used 5,000 to 10,000 hijacked computers to attack the WeaKnees and Rapid Satellite sites, according to the U.S. complaint. After initial assaults shut down the Web sites, Mr. Echouafni contacted Mr. Ashley by phone and praised him and others for doing "a good job," according to the indictment and a prosecutor. He also paid Mr. Ashley $1,000, the complaint says. Mr. Echouafni acquired Mr. Ashley's company and retained him as a systems administrator, for an annual salary of $120,000, according to the indictment and criminal complaint. Mr. Ashley transferred $900 to Mr. Walker in England, the prosecutor says.

Trail of Fingerprints

Around the same time, Mr. Ashley allegedly recruited another hacker, Joshua J. Schichtel, and asked him to launch his own attacks against the Web sites, according to the criminal complaint, which also names Mr. Schichtel as a defendant. Mr. Schichtel couldn't be reached to comment.

The attacks against WeaKnees ran from early October until mid-November 2003, the complaint says.

In early October 2003, Rapid Satellite's site also was attacked. While Nick Molina, CEO of Rapid Satellite's parent company was struggling to get his systems running again, he says he received a call from Mr. Echouafni, offering to host Rapid Satellite's site for $5,000 a month. In an interview, Mr. Molina contends that Mr. Echouafni wanted "to see the pain I was going through" and "extort money from me."

The FBI, meanwhile, traced digital fingerprints left by the hackers back to Mr. Walker, according to the complaint. When U.S. and British law-enforcement agents interviewed Mr. Walker on Feb. 11, he admitted launching the attacks, according to the complaint. Three days later, FBI agents searched Mr. Ashley's home in Ohio, and he, too, confessed, according to the complaint.

The FBI eventually gathered enough evidence to go arrest Mr. Echouafni last March. Sometime after that, Mr. Echouafni jumped bail; prosecutors believe he has fled the country.