A British hacker who launched DDoS attacks using a Mirai botnet on Lloyds, Halifax, Bank of Scotland and Barclays banks earlier this year has been extradited from Germany after he was arrested by the NCA.
Daniel Kaye is accused of launching multiple DDoS attacks on several banks and demanding ransom from them to stop the attacks.
A resident of Egham, Surrey, Kaye appeared before magistrates yesterday after he was slapped with nine charges under the Computer Misuse Act and other charges for blackmailing and possessing criminal property.
In January, the Lloyds Banking Group suffered a temporary disruption in its internet services after it received millions of fake requests that prevented many genuine customers from accessing banking services. In the middle of such attacks, the group received a £75,000 ransom demand from a hacker who said he'll stop the attacks if the money is paid.
The bank decided not to pay the ransom but instead invested £190,000 to get its internet services back online. Shortly afterward, Barclays bank found itself at the receiving end of a similar DDoS attack that interrupted its internet services. Like Lloyds, Barclays paid £146,000 to resume its online operations instead of bowing to the hacker's demands.
In both instances, while the banks suffered temporary disruptions, they did not suffer any financial losses nor was any data belonging to their customers compromised.
Kaye is accused of using the Mirai#14 botnet to perpetrate DDoS attacks on the two banks. Mirai is a type of malware used to gain control of Internet of Things (IoT) devices and to launch short-term and repeated DDoS attacks on pre-defined targets to take down their IT infrastructure.
According to Akamai Technologies Inc, Mirai botnets are being used increasingly and strategically by hackers to cripple businesses. In December last year, a Mirai botnet attack on Deutsche Telekom resulted in widespread internet outages and hundreds of thousands of customers faced connectivity issues. A similar Mirai botnet attack on DNS provider Dyn had disrupted popular services and websites including Amazon, Netflix, and Spotify.
Following the DDoS attacks on the Lloyds Group and Barclays Bank, both banks informed the authorities and cooperated in a detailed investigation conducted by the National Crime Agency to help the agency zero in on Kaye. Kaye is also accused of perpetrating a DDoS attack on Lonestar MTN, Liberia’s biggest internet provider, in November last year.
'The investigation leading to these charges was complex and crossed borders. Our cybercrime officers have analysed reams of data on the way,' said Luke Wyllie, senior operations manager at the NCA.
'Cyber crime is not victimless and we are determined to bring suspects before the court,' he added.