In late 2016 the country of Liberia lost internet connectivity because of a massive distributed denial of service (DDoS) attack. Now the man responsible, Daniel Kaye (pictured) is in prison, after receiving a 2 years 8 months sentence from a UK court.
Kaye pleaded guilty to renting his Mirai-powered botnet to the Liberian network Cellcom, who engaged his services to undermine rival telco Lonestar. Kaye launched DDoS attacks at Lonestar that were so powerful that the whole country was affected.
The consequent churn of Lonestar customers is estimated to have cost them in excess of USD10mn. The telco was forced to spend USD600,000 just on preventing the attacks from taking them down again.
Kaye, like other hackers, obtained the code for the Mirai malware when the original author published it online. Mirai is designed to infect routers and IoT devices. Kaye developed a variant of Mirai that ironically exploited a weakness with internet-connected Dahua security cameras. He took control of thousands of the devices with the intention of profiting from his DDoS-for-hire service, which was advertised via XMPP/Jabber.
Kaye was arrested in the UK in February 2017 following an investigation by the National Cyber Crime Unit of the UK’s National Crime Agency. He was extradited to Germany where he received a suspended sentence for attacks on Deutsche Telekom that affected a million customers. He was then returned to face trial in the UK in August 2017.
A press release from by the National Crime Agency described Kaye as a “highly skilled and capable hacker-for-hire”. They described his botnet as “one of the world’s largest networks of compromised computers”.
The prison sentence for Kaye should have been a lot longer. The economic cost of denying internet access to millions of people extends well beyond the losses of any single telco. Huge amounts of resources are expended on providing network connectivity only to be wasted by the machinations of individuals like Kaye. Whilst the UK authorities are to be commended for pursuing Kaye and securing his conviction, legislators and courts must impose more severe penalties to protect a world increasingly dependent on the internet.
The following video shows Mike Hulett, Head of Operations at the National Cyber Crime Unit, talking about Kaye and his crime.