Washington man sentenced for role in developing “Mirai” successor botnets

The Long and Winding Road to Cyber Recovery

U.S. Attorney Bryan Schroder announced that a Washington man has been sentenced to federal prison for his role in a long-running scheme in which he and his criminal associates developed distributed denial-of-service (DDoS) botnets. The defendant used the botnets to facilitate DDoS attacks, which occur when multiple computers acting in unison flood targeted computers with information to prevent them from being able to access the internet, says the U.S. Department of Justice.

Kenneth Currin Schuchman, 22, of Vancouver, WA, was sentenced by Chief U.S. District Judge Timothy M. Burgess to serve 13 months in prison, after previously pleading guilty to one count of fraud and related activity in connection with computers, in violation of the Computer Fraud & Abuse Act. As part of his sentence, Schuchman was also ordered to serve a term of 18 months of community confinement following his release from prison and a three year term of supervised release, says the DoJ.

According to court documents, the botnets were initially based largely on the source code previously developed by other individuals to create the Mirai botnet; however, Schuchman and his criminal associates “Vamp” and “Drake” added additional features over time, so that the botnets grew more complex and effective. At various times, these successor botnets were known as “Satori,” “Okiru,” “Masuta,” and “Tsunami”/”Fbot.” While Schuchman and his criminal associates utilized these successor botnets to conduct DDoS attacks themselves, their primary focus was selling access to paying customers in order to generate illicit proceeds.

The investigation revealed that Schuchman had been engaging in criminal botnet activity since at least August 2017, ultimately compromising hundreds of thousands of devices worldwide, including devices in the District of Alaska. Schuchman continued to engage in criminal botnet activity, and violated several other conditions of his pretrial release, following his arrest in August 2018. The three defendants responsible for creating the Mirai botnet, the computer attack platform that inspired the successor botnets, were previously sentenced in September 2018.

“Cybercriminals depend on anonymity, but remain visible in the eyes of justice,” said U.S. Attorney Schroder. “Today’s sentencing should serve as a reminder that together with our law enforcement and private sector partners, we have the ability and resolve to find and bring to justice those that prey on Alaskans and victims across the United States.”

“Cyber-attacks pose serious harm to Alaskans, especially those in our more remote communities,” said Special Agent in Charge Robert W. Britt of the FBI's Anchorage Field Office. “The increasing number of Internet-connected devices presents challenges to our network security and our daily lives. The FBI Anchorage Field Office will continue to work tirelessly alongside our partners to combat those criminals who use these devices to cause damage globally, as well as right here in our own neighborhoods.”

The FBI’s Anchorage Field Office conducted the investigation leading to the successful prosecution of this case. This case was prosecuted by Assistant U.S. Attorney Adam Alexander of the U.S. Attorney’s Office for the District of Alaska, and Trial Attorney C. Alden Pelker of the Computer Crime and Intellectual Property Section (CCIPS) of the Justice Department’s Criminal Division. The U.S. Attorney’s Offices for the Western District of Washington and the District of Oregon, and the FBI’s Portland Field Office and Vancouver, WA Resident Agency provided assistance and support during the investigation. Additional assistance was provided by Akamai, Cloudflare, Google, Oracle, Palo Alto Unit 42, Unit 221B, LLC and the University of Cambridge, among other partners, says the DoJ.

ON DEMAND: In this webinar, Regina Lester, Vice President of Security & Safety Operations at Toledo Zoo, will share her insights on implementing security technologies in the entertainment sector and the challenges all organizations face — large and small — when it comes to balancing budget and security.