'Satori' IoT DDoS Botnet Operator Sentenced to 13 Months in Prison

The United States Department of Justice yesterday sentenced a 22-year-old Washington-based hacker to 13 months in federal prison for his role in creating botnet malware, infecting a large number of systems with it, and then abusing those systems to carry out large scale distributed denial-of-service (DDoS) attacks against various online service and targets.

According to court documents, Kenneth Currin Schuchman, a resident of Vancouver, and his criminal associates–Aaron Sterritt and Logan Shwydiuk–created multiple DDoS botnet malware since at least August 2017 and used them to enslave hundreds of thousands of home routers and other Internet-connected devices worldwide.

Dubbed Satori, Okiru, Masuta, and Tsunami or Fbot, all these botnets were the successors of the infamous IoT malware Mirai, as they were created mainly using the source code of Mirai, with some additional features added to make them more sophisticated and effective against evolving targets.

Even after the original creators of the Mirai botnet were arrested and sentenced in 2018, many variants emerged on the Internet following the leak of its source code online in 2016.

According to a press release published by the Department of Justice, thought the primary aim was to earn money by renting other cybercriminals access to their botnet networks, Schuchman and his hacking team themselves used the botnet to conduct DDoS attacks.

In late 2017, CheckPoint researchers spotted Mirai variant Satori exploiting a zero-day RCE vulnerability (CVE-2017-17215) in Huawei HG532 devices that infected more than 200,000 IP addresses in just 12 hours.

The report linked the malware to a hacker using the online alias ‘Nexus Zeta,’ who turned out Kenneth Currin Schuchman after the FBI’s investigation.

“Cybercriminals depend on anonymity, but remain visible in the eyes of justice,” said U.S. Attorney Schroder. “Today’s sentencing should serve as a reminder that together with our law enforcement and private sector partners, we have the ability and resolve to find and bring to justice those that prey on Alaskans and victims across the United States.”

“Cyber-attacks pose serious harm to Alaskans, especially those in our more remote communities. The increasing number of Internet-connected devices presents challenges to our network security and our daily lives,” said Special Agent in Charge Robert W. Britt of the FBI’s Anchorage Field Office.

“The FBI Anchorage Field Office will continue to work tirelessly alongside our partners to combat those criminals who use these devices to cause damage globally, as well as right here in our own neighborhoods.”

Schuchman and his associates Sterritt, a 20-year-old U.K national, also known as “Vamp,” or “Viktor” and Shwydiuk, a 31-year-old Canadian national, also known as “Drake,” have also been charged for their roles in developing and operating these botnets to conduct DDoS attacks.

Schuchman has been sentenced by Chief U.S. District Judge Timothy M. Burgess after he pleaded guilty to one count of fraud and related activity in connection with computers, in violation of the Computer Fraud & Abuse Act.

Schuchman has also been ordered to serve a term of 18 months of community confinement and drug treatment, following his release from prison and a three-year term of supervised release.