Brother
Professional
- Messages
- 2,590
- Reaction score
- 542
- Points
- 113
The 21-year-old creator of several IoT botnets, including Satori, Kenneth Currin Schuchman, also known as Nexus Zeta, has pleaded guilty to creating and operating several botnets that were primarily used for DDoS attacks. Schutzman not only leased his botnets to other criminals, but also used it himself, organizing DDoS attacks on various targets.
Let me remind you that the arrest of the creator of Satori became known last year. Prior to that, Nexus Zeta liked to attract attention, actively and willingly communicated with journalists and experts, which ultimately helped to establish his identity and led to his arrest. In particular, Shutzman's arrest was led by the fact that he used his father's ID and data to register domains, which he then used for his operations and DDoS attacks for hire.
In court documents, it is noted that Schutzman was diagnosed with Asperger's syndrome and autistic disorder. He was an avid user of HackForums, where he is believed to have acquired all his hacking skills.
Although it was initially assumed that Schutzman acted alone, court documents now reveal that he worked alongside two other hackers, who appear in the documents as Vamp and Drake. According to the investigation, Vamp was the main developer and programmer, Drake was in charge of sales and customer support, and Nexus Zeta himself was the second developer whose task was to develop or acquire new exploits that the botnet could use to infect new IoT devices ...
According to the US authorities, they do not report whether they have brought charges against Vamp and Drake, but it is argued that law enforcement officers already know their real identities.
A very interesting chronology of events was published in the court documents, shedding light on the activity of hackers and the events that ultimately led to the arrest of Shutsman.
July-August 2017: Schutzman, Vamp and Drake create the Satori botnet, based on the source code of the well-known IoT malware Marai. Law enforcement writes that the initial version of Satori "extended the capabilities of the Mirai DDoS botnet, targeted devices with Telnet vulnerabilities, and used an improved scanning system borrowed from another botnet known as Remaiten." And while the first botnet relied solely on compromising devices with default credentials or easy-to-guess weak passwords, it infected more than 100,000 devices in its first month alone. According to court documents, more than 32,000 of these devices belonged to a major Canadian Internet service provider, and the botnet was capable of DDoS attacks up to 1 Tbps.
September-October 2017: Hackers upgrade the original Satori to a new version called Okiru. This version already uses not only Telnet, but also exploits to compromise vulnerable devices. The main targets of the Okiru botnet are Goahead cameras.
November 2017: Schutzman, Vamp and Drake develop Satori and Okiru. They create a new version of the botnet called Masuta, which they use to attack GPON routers. Their business of DDoS attacks for hire is booming. Schutzman creates his own separate botnet that he uses to attack the infrastructure of ProxyPipe, a DDoS prevention firm.
January 2018: Nexus Zeta and Drake create another botnet combining Mirai and Satori functionality, with a focus on Vietnam-based devices.
March 2018: Three hackers continue to work on this botnet, which later becomes known as Tsunami or Fbot. The botnet infects about 30,000 devices, mostly Goahead cameras again. Later, exploiting bugs in High Silicon DVR systems, the botnet expands to 35,000 new devices. The US authorities write that this botnet could carry out DDoS attacks with a capacity of up to 100 Gbps.
April 2018: Schutzman parted ways with Vamp and Drake, after which he independently develops another botnet, this time based on the Qbot malware family. This botnet attacked mainly GPON routers on the Mexican Telemax network. In addition, Nexus Zeta began competing with Vamp, and both deployed botnets to interfere with the competitor's operations.
July 2018: Schutzman makes peace with Vamp, but by this time the FBI has already tracked him down, later this month Nexus Zeta is being interrogated.
August 21, 2018: US authorities formally indict Shutzman but allow him to remain at large pending trial.
August-October 2018: Schutzman violates the terms of his release from custody by accessing the internet and developing a new botnet (again based on Qbot). He also sets up a swatting to Drake's home address.
October 2018: Schutzman is arrested and this time taken into custody.
Now, after Shutsman pleaded guilty, he faces up to ten years in prison, a fine of up to $ 250,000, and after another three years under the close supervision of law enforcement agencies. A hearing on the hacker's case is scheduled for November this year.
