Early hackers were fuelled by curiosity and defiance of authority. However, there was a turning point when those motives shifted towards personal profit. Jeanson James Ancheta’s story is one of the first major U.S. criminal cases involving botnets. He was the one who turned hacking into a big money business.
Who is Jeanson James Ancheta?
Jeanson James Ancheta was born in 1985 in Downey, California. As many others in that period, in his late teens, he became deeply involved in online hacking communities. He soon developed an interest in botnets, specializing in this niche.
The term “botnet” is a portmanteau of “robot” and “network,” reflecting that each infected device, known as a “bot” or “zombie,” operates under the control of the attacker without the user’s knowledge.
Taking Mafiaboy's work a step further
In the 2000’s, Michael Calce, a 15-year-old from Montreal known online as Mafiaboy, made the headlines for using botnets to take down major Canadian corporations.
Calce launched massive DDoS attacks against Yahoo!, eBay, CNN, and Dell, using compromised university and corporate machines to execute his attacks. However, he never profited from his hacks.
His case was one of the first big wake-up calls about how teenagers with modest skills could take down global corporations.
The botnet operations
Ancheta used malware called rxbot (a variant of the popular “rxbot worm”) to infect thousands of computers. These machines were turned into “zombies” that he could control.
However, unlike Mafiaboy, Ancheta didn’t just spread the botnet; he monetized it in multiple ways:
- Renting out access to spammers and hackers for denial-of-service (DoS) attacks.
- Installing adware on infected machines for pay-per-install programs.
- Selling botnet services outright.
By 2005, in only one year of activity, Ancheta had infected over 400,000 computers, including systems at the U.S. military.
The arrest
The FBI eventually infiltrated the hacker forums and tracked Ancheta’s activities. They set up a sting operation in which agents posed as clients renting botnet services. In November 2005, Ancheta was arrested in Los Angeles after a two-year investigation.
Ancheta faced 17 counts, including conspiracy, computer fraud, transmission of malicious code, and wire fraud. He became the first person in the U.S. charged with controlling large-scale botnets for profit.
The conviction
Ancheta served 57 months in federal prison (nearly 5 years). He was ordered to pay $15,000 in restitution to the U.S. military and forfeited his BMW and computer equipment, which were bought with hacking profits. During his probation, he was prohibited from using the internet without permission.
At the time, it was the harshest sentence ever for a hacker in the U.S.
The importance of his case
Ancheta’s case was the first major “botnet-for-profit” conviction in U.S. history. It also marked a shift in hacker prosecutions: from teenage curiosity cases (like Mitnick or Lamo) to organized cybercrime with real financial motives.
His case also exposed vulnerabilities in government and military networks, raising alarm at the national level. His conviction signalled to the underground that botnet rentals were on law enforcement’s radar.
The start of hacking for money
Today, Ancheta’s case is often cited in cybersecurity training as the start of botnet-era cybercrime enforcement. It also foreshadowed today’s RaaS (Ransomware-as-a-Service) model, where criminals sell access to infected machines or malware as a business.
His story represents a pivot point: hacking stopped being about notoriety or “lulz” and became big money crime.
Ancheta opened the door to the era of professional botnets such as Storm Botnet, Zeus, and organized crime syndicates with ties to Russia and Eastern Europe.