An 21 year old from Vancouver, Washington, confessed to being responsible for the creation and operation of many DDoS botnets, consisting of home router and others Appliances Network and Internet of Things (IoT).
The culprit is named Kenneth Currin Schuchman (The Internet is known as Nexus Zeta) and used botnets either to "rent" them, to that is, it allows others to acquire access in these (paid) or to do it himself attacks DDoS.
Authorities were investigating the case from 2017. However, now, with the confession of guilt, more details about Schuchman's behavior have come to light.
One of the most important things that was never discovered before is that the Nexus Zeta didn't work alone, but with the help two others hacker, which were identified in court documents as a Vamp and Drake.
According to new information, Vamp was the key developer, Drake managed botnet sales and communicated with them customers, while the Nexus Zeta was the "second" developer. He was looking for new ones vulnerabilities, which could exploit botnets to infect victims' devices.
The following is the timeline of the case until Schuchman's arrest and confession:
July-August 2017: The three actors create the botnet Satori, based on the malicious IoT public code software Mirai. The US authorities were investigating the case and warned that the new botnet was carrying out more sophisticated DdoS attacks, exploiting Telnet vulnerabilities. The Satori botnet managed to infect over 100.000 devices during the first month of use. Schuchman said the 32.000 devices belonged to a large Canadian ISP.
September-October 2017: Nexus Zeta, Vamp and Drake improve the original Satori botnet. New version it is called Okiru. This version, like the previous one, exploits vulnerabilities to spread to vulnerable devices. The Okiru botnet mainly targeted cameras security of Goahead.
November 2017: The three hackers create a new version of the botnet, known as Masuta. The new release mainly targets GPON routers. At this time, hackers' jobs are at their peak. Schuchman creates his own botnet, which he uses to attack the ProxyPipe infrastructure. ProxyPipe is a company trying to tackle them DDoS attacks.
January 2018: Schuchman and Drake create a new botnet typically borrowed from Mirai and Satori. With the new botnet they are mainly attacking devices in Vietnam.
March 2018: The three hackers work together to develop the Schuchman and Drake botnet. The new advanced version is called Tsunami (also known as Fbot) and infects about 30.000 devices, mainly Goahead cameras. Later, other 35.000 attacks become known.
April 2018: Schuchman leaves the team and creates another DDoS botnet, based on Qbot malware and exploits GPON routers. Schuchman and Vamp are involved in a competition and each tries to hinder the other's work.
July 2018: Schuchman and Vamp reconcile and start working together again. But the FBI detects Schuchman and catches him to interrogate him.
21 August 2018: Schuchman is formally charged by the authorities USA, but are not sentenced to prison yet. However, it is free under certain conditions.
August-October 2018: Schuchman fails to comply with the terms of his freedom and creates a new botnet that attacks Drake's home.
October 2018: US authorities jail Schuchman.
After his confession, the court decided to impose on Schuchman ten years imprisonment, fine 250.000 dollars, and three years controlled freedom.
Schuchman has Asperger's syndrome and autism. For several years, HackForums has been a forum for discussing techniques hacking and other. It is believed that from there he acquired their knowledge and skills.
Authorities were able to trace Schuchman because he used his father's identity and credentials of. He later used the same data for his suspicious activities.