US v Schuchman

U.S. prosecutors in Alaska last week filed charges against a Washington man who is allegedly linked to the Satori IoT botnet that infected more than 280,000 IP addresses in 12 hours upon its debut in late 2017.

The federal indictment charges Kenneth Schuchman with two counts of violating the U.S. Computer Fraud and Abuse Act, accusing the 20-year-old man of propagating malicious code that caused damage to protected computers. The court documentation claims the first incident took place from August through November 2017 and damaged 10 or more protected computers within a one-year period, and that the second attack occurred in November 2017 and caused damage to a protected computer owned by one unspecified victim.

The indictment does not actually mention Satori, but an Aug. 30 report in the Daily Beast explains that two months after researchers linked the IoT malware to a hacker with the alias Nexus Zeta, a Pastebin post by other hackers claimed the actor’s actual identity was Schuchman.

The researchers, from Check Point Software Technologies, described Nexus Zeta as an apparent amateur hacker as opposed to a sophisticated expert, noting that he spent time in forums asking for help creating a derivative of the Mirai IoT botnet.

Satori, which is descended from Mirai, works by exploring a zero-day vulnerability in Huawei Home Gateway routers.