Hacker behind malicious Satori botnet sentenced to 13 months in prison

A 22-year-old hacker has been sentenced to thirteen months in prison in the U.S. for developing the malicious Satori or Okiru botnet to launch powerful DDoS attacks and for selling the botnet to other hackers to earn money.

In December 2017, security researcher Li Fengpei revealed the arrival of a new Mirai variant named Satori which, he said, infected more than 280,000 different IPs which were scanning ports 37215 and 52869 within a space of twelve hours. Unlike other Mirai variants, the Satori botnet featured two embedded exploits that connect to ports 37215 and 52869 to infect more devices.

Li added that the Satori botnet featured the ability to behave like an IoT worm and could propagate itself quickly by attacking ports used by millions of IoT devices.

In January 2018, security researcher Odisseus claimed on Twitter that he had discovered a new variant of the Mirai botnet that, unlike other Mirai variants, potentially affected over a billion ARC processors that were used in IoT devices across the world.

"This is the FIRST TIME ever in the history of computer engineering that there is a malware for ARC CPU, & it is #MIRAI OKIRU!! Pls be noted of this fact, & be ready for the bigger impact on infection Mirai (specially #Okiru) to devices hasn't been infected yet," the researcher warned.

On Thursday, the U.S. District Court of Alaska sentenced 22-year-old Kenneth Currin Schuchman of Vancouver, Washington, to thirteen months in prison for developing the Satori distributed denial-of-service (DDoS) botnet, for carrying out DDoS attacks using these botnets, and for selling access to the botnets to paying customers to earn money.

According to the Department of Justice, Schuchman had been engaging in criminal botnet activity since at least August 2017 and worked along with two associates “Vamp” and “Drake” to make the Satori botnet more complex and effective over time. Aaron Sterritt, a/k/a “Vamp” is a British national and Logan Shwydiuk, a/k/a “Drake,” is a Canadian national.

“Cybercriminals depend on anonymity, but remain visible in the eyes of justice. Today’s sentencing should serve as a reminder that together with our law enforcement and private sector partners, we have the ability and resolve to find and bring to justice those that prey on Alaskans and victims across the United States,” said U.S. Attorney Bryan Schroder.

In September 2018, the U.S. District Court of New Jersey had also sentenced 22-year-old Paras Jha to six months of house arrest and ordered him to pay $8.6 million in damages for using the feared Mirai botnet to launch cyber attacks against a large number of business websites.

In 2019, British hacker Daniel Kaye was also sentenced by the Blackfriars Crown Court to 32 months in prison for launching a devastating DDoS attack on Liberian mobile network Lonestar that cost the company millions of pounds in lost revenue between October 2016 and February 2017.

Kaye developed a unique variant of the Mirai botnet, named it Mirai £14, and used the new botnet to scan for thousands of internet-connected Lonestar devices. Once the botnet infiltrated the devices, Lonestar's server crashed and the company's revenue dipped from USD 84 million in October 2016 to just USD 17 million in February 2017.

MORE ABOUT: