Zombie hacker pleads guilty to hospital infection

Twenty-year-old Christopher Maxwell pleaded guilty to charges that he launched an attack in January 2005 which struck hard at Northwest Hospital and Medical Center in Seattle. The attack is said to have shut down computers in the facility's intensive care unit and prevented doctors' pagers from working properly.

Maxwell caused approximately $140,000 worth of damage by infecting military computers, as well as those belonging to the hospital, when he and two juveniles unleashed malware designed to install adware on infected PCs. The three are said to have been paid more than $100,000 through the resulting advertising commission revenue.

Investigators discovered that Maxwell's botnet also damaged U.S. military computer systems at the Fifth Signal Command in Manheim, Germany, and at the Directorate of Information Management in Fort Carson, Col.

Maxwell, who pleaded guilty to committing computer fraud and intentionally damaging a protected computer, could face a significant jail sentence and a fine of more than $250,000, according to the office of the U.S. attorney.

"Creating a zombie network, or botnet, isn't a harmless game. In this case a hospital network was affected, and patients' welfare could have been put at risk through the stupidity of these hackers. The American authorities should be congratulated for bringing another offender to justice," said Graham Cluley, senior technology consultant for Sophos.

"All organisations need to put in place proper protection to ensure their computers are not part of a botnet. Every PC should be properly defended by up-to-date anti-virus software, firewalls, and the latest security patches."