The hacker who was responsible for creating the Satori botnet malware that had infected numerous systems was sentenced to 13 months of imprisonment by the United States Department of Justice.
According to court documents, the 22-year-old Washington-based hacker Kenneth Currin Schuchman and his criminal associates–Aaron Sterritt and Logan Shwydiuk–created multiple DDoS botnet malware since August 2017 and used them to target thousands of home routers and other Internet-connected devices worldwide.
The botnets dubbed Satori, Okiru, Masuta, and Tsunami or Fbot were the successors of the IoT malware Mirai which used mainly the source code of Mirai with some additional features.
Many variants of the Mirai botnet emerged when its source code was leaked online in 2016.
Even though the main aim of the hackers were to make profits, they used the botnet to conduct large scale distributed denial-of-service (DDoS) attacks against various online service and targets.
The Mirai variant Satori was found by the CheckPoint researchers in 2017, which was exploiting a zero-day RCE vulnerability (CVE-2017-17215) in Huawei HG532 devices that infected more than 200,000 IP addresses within 12 hours.
The report linked the malware to a hacker using the online alias ‘Nexus Zeta,’ who appear to be Kenneth Currin Schuchman after the FBI’s investigation.
U.S. Attorney Schroder stated that cybercriminals depend on anonymity, but they would be visible in the eyes of justice. The sentencing must be considered as a reminder that the law enforcement and private sector partners together have the ability to find and bring justice to those that prey on Alaskans and victims across the United States.
Special Agent in Charge Robert W. Britt of the FBI’s Anchorage Field Office stated that cyber-attacks are a serious harm to Alaskans, especially those in remote communities. The Internet-connected devices are a challenge to the network security as well as daily lives.
He added that the FBI Anchorage Field Office will continue to work tirelessly to fight those criminals who use these devices to cause damage.
Schuchman and his associates Sterritt, a 20-year-old U.K national, also known as “Vamp,” or “Viktor” and Shwydiuk, a 31-year-old Canadian national, also known as “Drake,” have also been charged for their roles in developing and operating these botnets to conduct DDoS attacks.
Schuchman was sentenced after he pleaded guilty to one count of fraud and related activity in connection with computers, in violation of the Computer Fraud & Abuse Act. Besides, he has also been ordered to serve a term of 18 months of community confinement and drug treatment after being released from prison and also a three-year term of supervised release.