Man sentenced, two others charged, in connection with Satori IoT botnet
22-year old man from Vancouver, Washington, has been sentenced to a US federal prison for his role in the development of the Satori botnet, which launched distributed denial-of-service (DDoS) attacks from hijacked IoT devices.
The Satori botnet, based upon similar code to the notorious Mirai botnet which knocked major websites offline in 2016, is thought to have compromised hundreds of thousands of IoT devices, exploiting vulnerabilities to even infect routers wrongly assumed to have been protected with strong passwords.
Kenneth Currin Schuchman, who used the online handle “Nexus-Zeta”, was sentenced yesterday to 13 months in prison, having previously pleaded guilty to charges under the Computer Fraud & Abuse Act. In addition, Schuchman has been ordered to serve 18 months of community confinement to help him address mental health and substance abuse issues, and a three year term of supervised release.
After being initially charged in August 2018 Schuchman was released to pretrial supervision, but broke the terms of his release by making the astonishing decision to continue to create and operate a DDoS botnet, and communicate with his co-conspirators.
In one Discord chat with a co-conspirator using the handle “Viktor”, Schuchman is reminded that he is not supposed to be using the internet without the supervision of his father.
The conversation is accompanied by a screen capture from Schuchman’s conditions of release.
Schuchman, who has already spent 13 months confined in a jail in Alaska, is not the only person of interest to law enforcement as it investigates the Satori botnet.
As Brian Krebs reports, minutes after Schuchman’s sentencing the US Department of Justice charged men from Canada and Northern Ireland for their alleged involvement in the Satori and related IoT botnets.
Aaron Sterritt, 20, from Larne, Northern Ireland and 31-year-old Logan Shwydiuk of Saskatoon, Canada are said by prosecutors to have built, maintained, and sold access to the botnets under their control.
Sterritt is particularly of interest. According to the Department of Justice he was a criminal associate of Schuchman, and used the aliases “Viktor” or “Vamp.” As a teenager he was involved in the high-profile hack of TalkTalk, sentenced to 50 hours community service, and – perhaps most painfully of all – ordered to write a letter apologising to the telecoms firm.
It’s no excuse for criminal behaviour, of course, but the Satori botnet would not have been capable of launching crippling DDoS attacks if it hadn’t successfully recruited vulnerable routers and other IoT devices to form part of its army.
Businesses and home users can play their part by ensuring that IoT devices are not using default or easy-to-crack passwords, are running the latest security patches, and are properly configured and defended to reduce the threat surface.
But there is also a need for manufacturers to build more secure devices in the first place, and to ensure that when a new vulnerability is discovered that it can be easily rolled out to protect customers and the rest of the internet.
Enhance your cyber resilience and privacy on Computer Security Day in four easy steps
November 29, 2022
How to monitor your online privacy during your Thanksgiving trip
November 22, 2022
Just your yearly dose of Black Friday spam: Cybercrooks get ahead of the game to steal shoppers’ info
November 16, 2022
Bitdefender VPN in 2022: the new, the improved, and the soon-to-be
November 14, 2022
Cyber Tips for a Spook-Free Halloween
October 26, 2022
August Spam Debrief: Bitdefender Labs Warns of Fraud Campaigns Exploiting the Russia-Ukraine War
August 31, 2022