We now know more about the cyberpirate, Nexus Zeta, whose real name is Kenneth Currin Schuchman, who distinguished himself with the creation of the Satori botnet.
Pleading guilty to the charges regarding Satori botnet creation, his confessions describe the implementation of this attack using IoT flaws.
For reminder, a botnet is a set of infected computers remotely controlled by a cybercriminal. The machines that belong to a botnet are often called “bots” or “zombies”. The aim: to spread a malware or a virus to the greatest number of machines possible.
The hacker Nexus Zeta did not act alone but worked together with two other cybercriminals: Vamp who served as the primary developer/coder of Satori and Drake who managed the botnet sales.
The Satori botnet was created based on the public code of the Mirai IoT malware.
For reminder, in 2016, Mirai was the source of one of the biggest DDoS ever seen in 2016, targeting in particular the American provider DYN. The functioning is based on the permanent research on the Internet, of IP addresses corresponding to connected objects (IoT). Once the vulnerable connected objects identified, Mirai connects to them to install the malware.
If the Satori botnet mainly attacked the devices running with factory-set or easy to guess passwords, in its first month of deployment, it has infected over 100 000 devices.
Between 2017 and 2018, the three hackers continue to develop Satori, which they will rename Okiru and Masuta. The botnet went as far as to infect over 700 000 devices.
Officially accused by the American authorities, Kenneth Currin Schuchman is free until his trial. However, he breaks the pre-trial release conditions by accessing the Internet and developing a new botnet. It is in October 2018 that he is this time arrested and jailed. Pleading guilty, he’s facing up to ten years in prison and a fine of 250 000 dollars.