Satori Botnet Co-Creator SentencedJustice Department Also Unseals Indictments of Alleged Co-Conspirators in DDoS Attacks
A 22-year-old man from the state of Washington has been sentenced to 13 months in federal prison for his role in developing the Satori botnet, which was used to conduct several large-scale distributed denial-of-service attacks, the U.S. Department of Justice announced Thursday.
Kenneth Currin Schuchman, 22, who went by the online name "Nexus Zeta," pleaded guilty in September 2019 to one count of aiding and abetting computer intrusions - a violation of the federal Computer Fraud and Abuse Act, according to the U.S. Attorney’s Office for the District of Alaska, which oversaw the case (see: Satori Botnet Co-Creator Pleads Guilty).
Schuchman must also serve 18 months of community confinement after his prison term is complete, according to the Justice Department.
In addition to announcing the sentencing, the Justice Department unsealed indictments Thursday charging two alleged co-conspirators with helping to develop the Satori botnet and then using it to conduct DDoS attacks or renting out its capabilities to others.
Aaron Sterritt, a U.K. citizen who also goes by the names "Vamp" or "Viktor," and Logan Shwydiuk, a Canadian also known as "Drake," each faces charges of conspiracy and fraud, according to the newly released federal indictment. Another court document indicates the Justice Department will eventually seek their extradition to face charges.
In the indictment unsealed this week, federal prosecutors allege that Schuchman, Sterritt and Shwydiuk began developing a botnet in 2017 that eventually infected thousands of devices worldwide.
To create the Satori botnet, the group used a variant of Mirai malware after its developers leaked the source code online, prosecutors allege (see: Mirai Botnet Code Gets Exploit Refresh).
In a sentencing document for Schuchman, authorities described how the botnet was allegedly developed by each member of the group.
The document alleges that Sterritt or Vamp served as the primary developer and coder for the botnet, while Shwydiuk or Drake took the lead in managing the sales and customer support. Schuchman developed and acquired exploits used to infect new devices and provided development support, according to prosecutors.
New Botnet Variants
Between 2017 and 2018, the group allegedly developed new variants of Satori with additional features, prosecutors say. These other botnets went by the names Okiru, Masuta and Tsunami. In addition to infecting several devices, the hackers also rented out the botnets to generate payments they accepted through bitcoin or a PayPal account, according to court documents.
The hackers ultimately compromised 32,000 devices belonging to an unnamed Canadian internet service provider and took down 700,000 fiber-optic devices belonging to Huawei and another networking equipment provider, according to federal prosecutors.
In January 2018, Schuchman and another hacker leveraged some 30,000 vulnerable devices in Vietnam to create yet another version of the botnet that they used to attack servers hosting online games, court documents allege.
In addition to DDoS attacks, cyberciminals who rented the botnets from the group used them to target cryptocurrency wallets to mine Ethereum, according to security researchers (see: Satori Botnet's Alleged Developer Rearrested).
Schuchman was first arrested in August 2018 and released on bail. He was re-arrested in October 2018 for breaking several conditions of his pre-trial release after the federal agents caught him developing a new variant of the botnet, according to the Justice Department.
Managing Editor Scott Ferguson contributed to this report.