Russian Sandworm, NSA with Stuxnet, or just North Korea sabotaging film studios, we have an overload of sophistication out there.
But the fast-evolving case of Kenneth Schuchman, a 20-year-old from Vancouver, Washington shows that wanna-be hackers can be an even bigger threat. He was just indicted on US federal government on charges of hacking and damaging computers and is suspected of launching a major botnet.
The problem is that Kenneth is not a sophisticated guy. He has been a presence on online hacker forums, asking basic questions as he tried to get his botnet up and running. And as the Daily Beast’s Kevin Poulsen put it, the “accused hacker doesn’t seem to have been terribly knowledgeable about hacking.” Prior to arrest, he also worked hard to get media attention for his online efforts by directly contacting security expert Brian Krebs and others. He’s got some attention now.
But what Kenneth allegedly did is noteworthy. He is supposed to be the guy behind the Satori botnet which infected at least a half million routers around the world. Most of these devices were put to work generating distributed denial of service (DDoS) attacks against targeted websites. It was also used to break into a cryptocurrency wallet. Yes, somehow this guy got ahold of a zero-day vulnerability in Huawei routers (since patched) and put it to work.
Kenneth was also aided by hackers’ propensity to share code. The Satori botnet was inspired by Mirai botnet, the first botnet to show the real potential of harnessing thousands of insecure smart devices for devious purposes. It has been used to launch some of the largest known DDoS attacks. The code for Mirai was posted online by its developers, potentially hoping that a wave of copy-cat botnets would throw the police off their trail. No news yet on who Kenneth shared with. The prosecutors that took down these guys are now focused on Kenneth.
The target for Kenneth was an easy target: routers and those ever-popular IoT smart devices. These internet-connected devices are notorious for having hardwired insecurities, often having lousy default passwords or even no passwords. Sophisticated? Sometimes not. The security lapses built into these devices mean that Kenneth-style attacks are inevitable.
The ability of wannabes to access and share the latest in new botnet code should really scare us all. While there are only so many nation-states with well-funded cyber-activity divisions, there are a lot more individuals ready to tinker with code and the makings of the internet. Patently insecure smart devices are making this a rewarding pursuit. As the Satori botnet moves from the internet to the courthouse, the space it carved out is being followed by the Hakai botnet – and its variants. So think about this: The well-funded national groups are a real threat … but they might be falling behind an army of wannabes.