IoT botnet creator cops plea to hacking more than 800,000 devices

By Dan Goodin

A judge's gavel on a desk.

Enlarge (credit: Getty Images | Marilyn Nieves)

A 21-year-old Washington man has pleaded guilty to creating botnets that converted hundreds of thousands of routers, cameras, and other Internet-facing devices into money-making denial-of-service fleets that could knock out entire Web hosting companies.

Kenneth Currin Schuchman of Vancouver, Washington, admitted in federal court documents on Tuesday that he and two other co-conspirators operated Sartori and at least two other botnets that collectively enslaved more than 800,000 Internet-of-Things devices. They then used those botnets to sell denial-of-service attacks that customers could order. Last October, while on supervisory release after being indicted for those crimes, Schuchman created a new botnet and also arranged a swatting attack on one of his co-conspirators, the plea agreement, which is signed by the hacker, said.

The crime outlined in the court documents started with the advent in late 2016 of Mirai, a botnet that changed the DDoS paradigm by capitalizing on two salient features of IoT devices: their sheer numbers and their notoriously bad security. Mirai scanned the Internet for devices that were protected by an easy-to-guess default password. When the botnet found one, it corralled it into a botnet that could overwhelm even large targets with more junk traffic than they could handle.

Read 6 remaining paragraphs | Comments

Read more here:: feeds.arstechnica.com/arstechnica/index?format=xml

Posted on: September 4, 2019

Leave a Reply

Your email address will not be published. Required fields are marked *

Captcha loading...

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: