A British court today sentenced a 30-year-old man to two years and eight months in prison for using a DDoS botnet to attack and destroy Internet connectivity in Liberia in the fall of 2016.
It is Daniel Kaye, 30, also known as "BestBuy" and "Popopret".
He is one of the many hackers who downloaded the source code of the Mirai IoT malware when it was first published online in October 2016.
Mirai is a strain of malware that can infect routers and IoT devices. It has been used in several DDoS attacks in the fall of 2016, especially against the managed DNS provider Dyn, an attack that caused the loss of nearly a quarter of the Internet.
As a result of Dyn's attack, the author of Mirai has released the source code of the malicious software in order to hide his tracks. Kaye was only one of many other hackers who downloaded the source code and created his own Mirai sub-branch in the fall of 2016.
Image: UK NCA
Kaye, a British citizen who lived in Cyprus at the time, rented his botnet. According to a press release from the British National Crime Agency, one of the entities that hired Kaye and his botnet was Cellcom, a Liberian Internet access provider.
Cellcom asked Kaye to use his skills and his botnet to attack his rival, the Liberian Internet access provider Lonestar MTN. The attacks, reported at the time by ZDNet, were so massive that they ended Internet connectivity for the country as a whole. The NCA said today that the damage caused by these attacks had reached tens of millions of dollars.
As a result of the attacks on Liberia, Kaye diverted new routers into his Mirai botnet to improve his DDoS capabilities. It was his fall.
It attempted to hijack routers from Deutsche Telekom's networks in November 2016, but was able to lose more than 900,000 routers to connectivity. A few weeks later, he tried the same thing but managed to take more than 100,000 routers out of the UK Post, TalkTalk and Kcom networks – all three British ISPs. These attacks have only attracted the attention of law enforcement on the hacker.
In late February 2017, British police arrested Kaye at a London airport. Before pursuing him in the United Kingdom, the authorities first sent him to Germany, where he finally pleaded guilty in July 2017 and was sentenced to a suspended prison sentence for the attacks perpetrated against the network of Deutche Telekom.
He was sent back to the United Kingdom, where he also pleaded guilty to the attacks against the Liberian FAI and was sentenced today.
UK authorities have described Kaye as "a talented and sophisticated cyber criminal who has created one of the largest compromised computer networks in the world, which he then made available to others. cybercriminals without any consideration for the damage it would cause ".
Kaye had previously announced his DDoS bot network via XMPP / Jabber spam. In a previous conversation with the latter, he claimed to have trapped more than 400,000 routers in his botnet. These claims have never been verified, but it was known that attacks from his botnet were more important than any other Mirai DDoS botnet at the time.