I'd like to congratulate the United States Attorney's Office, Central District of California for indicting a bot net controller. According to the press release and the indictment (.pdf), up to 400,000 victims were compromised. You can track the progress of this case through the Post Indictment Arraignment Calendar.
This is exactly the sort of work that needs to be done. Security professionals cannot win against intruders if only the "vulnerability" variable of the risk equation is addressed. We need law enforcement to reduce the "threat" variable as well. The suspect in this case is a 20-year-old living in California. This is the sort of perpetrator who can be deterred, unlike a foreign intelligence agent or member of organized crime. The more bot net operators who are put in jail, the fewer lower-end threats we will need to stop.