32 Months of Prison for Hacker Who Knocked Liberia Offline

In late 2016 the country of Liberia lost internet connectivity because of a massive distributed denial of service (DDoS) attack. Now the man responsible, Daniel Kaye (pictured) is in prison, after receiving a 2 years 8 months sentence from a UK court.

Kaye pleaded guilty to renting his Mirai-powered botnet to the Liberian network Cellcom, who engaged his services to undermine rival telco Lonestar. Kaye launched DDoS attacks at Lonestar that were so powerful that the whole country was affected.

The consequent churn of Lonestar customers is estimated to have cost them in excess of USD10mn. The telco was forced to spend USD600,000 just on preventing the attacks from taking them down again.

Kaye, like other hackers, obtained the code for the Mirai malware when the original author published it online. Mirai is designed to infect routers and IoT devices. Kaye developed a variant of Mirai that ironically exploited a weakness with internet-connected Dahua security cameras. He took control of thousands of the devices with the intention of profiting from his DDoS-for-hire service, which was advertised via XMPP/Jabber.

Kaye was arrested in the UK in February 2017 following an investigation by the National Cyber Crime Unit of the UK’s National Crime Agency. He was extradited to Germany where he received a suspended sentence for attacks on Deutsche Telekom that affected a million customers. He was then returned to face trial in the UK in August 2017.

A press release from by the National Crime Agency described Kaye as a “highly skilled and capable hacker-for-hire”. They described his botnet as “one of the world’s largest networks of compromised computers”.

The prison sentence for Kaye should have been a lot longer. The economic cost of denying internet access to millions of people extends well beyond the losses of any single telco. Huge amounts of resources are expended on providing network connectivity only to be wasted by the machinations of individuals like Kaye. Whilst the UK authorities are to be commended for pursuing Kaye and securing his conviction, legislators and courts must impose more severe penalties to protect a world increasingly dependent on the internet.

The following video shows Mike Hulett, Head of Operations at the National Cyber Crime Unit, talking about Kaye and his crime.

Eric Priezkalns
Eric Priezkalns
Eric is the Editor of Commsrisk. Look here for more about the history of Commsrisk and the role played by Eric.

Eric is also the Chief Executive of the Risk & Assurance Group (RAG), a global association of professionals working in risk management and business assurance for communications providers.

Previously Eric was Director of Risk Management for Qatar Telecom and he has worked with Cable & Wireless, T‑Mobile, Sky, Worldcom and other telcos. He was lead author of Revenue Assurance: Expert Opinions for Communications Providers, published by CRC Press. He is a qualified chartered accountant, with degrees in information systems, and in mathematics and philosophy.