Kenneth Currin Schuchman, a 21 year old resident of Vancouver in Washington State pleaded guilty in a federal court in Alaska this week to aiding and abetting computer intrusions. Schuchman is suspected to be the mastermind behind the re-use of the Satori botnets, a destructivemalware which preyed on vulnerable internet devices like surveillance cameras, digital video recorders, fibre-optic networking devices and the like which were then commandeered to act as DDoS cannons from July 2017 to October of 2018.
Mugshot of Kenneth Currin Schuchman
Prosecutors allege that:
At all relevant times, Schuchman knew and understood that these botnets were designed to be used, and was in fact being used, to commit illegal and unauthorised DDoS attacks against computers in the United States and elsewhere,
They maintain Schuchman played a major role in the operation at all stages.
These DDoS cannons, were controlled by Schuchman under the moniker “Nexus” or “Nexus-Zeta” and his team to target computers and bombard them with enormous amounts of junk traffic rendered at speeds of at least a 100Gb per second, essentially crippling those devices and shielding them from legitimate visitors, at a price.
Schuchman and his rather popular colleagues, who went by the internet handles “Vamp” & “Drake” ran a rather decentralised operation which meant that Schuchman handled the acquisition of vulnerable gadgets to add to the army of botnets, “Drake” was responsible for writing the code for the malware and “Vamp” took care of the financial aspect of things.
“Vamp” is said to have been primarily responsible for coding the Satori botnet and is linked to a serious hacking attack on TalkTalk, a UK based phone and broadband provider in 2015, while he was still a minor. In October 2016, he is also suspected to have led a DDoS attack on Dyn, Internet Service host of a lot of major websites including Spotify, Twitter, Reddit and others, resulting in outages on those platforms.
The two are however uncharged at this time though Schuchman’s plea arrangement implicates them; stating
all three idividuals and other currently uncharged co-conspirators took an active role in aiding and abetting the criminal development and deployment of DDoS botnets during this period for the purpose of hijacking victim devices and targeting victims with DDoS attacks.
In March 2018, the group allegedly renamed their network “Tsunami/Fbot” “Masuta”, “Okiru” amongst others and staged a series of attacks on multiple devices, racking up a total of about 700,000 including that of 35,000 High Silicon DVRs and 32,000 devices belonging to a Canadian Internet Service Provider (ISP). It was also being used to target several online games and their servers, including gaming server provider Nuclear Fallout.
Schuchman was indicted in August last year, but is reported to have continued the illegal activity, gaining even more notoriety while out on supervised release.
In September of last year, Schuchman’s identity was found out because he was allegedly unskilled at masking his real identity online. A domain name instrumental to his operation was traced back to a Kenny Schuchman in Vancouver, Washington. During this period, Schuchman agrees in his plea deal he "frequently used identification devices belonging to his father to further the criminal scheme."
This plea agreement guaranteed that Schuchman not be charged for other crimes which included an isolated event where he “swatted” fellow conspirator, “Drake”, which meant that he set up his colleague by reporting anonymously a violent incident happening at Drake’s residence, prompting a heavily armed show of police at his location in October of 2018.
Schuchman, who suffers from Asperger Syndrome and Autism is set to receive sentencing on November 21st. His charge carries a maximum penalty of 10 years in prison and a $250,000 USD fine.