Malware

The school kid who hacked over a million IoT devices

Not all young people use their potential for the best purposes. According to ethical hacking specialists, the young man Kenneth Currin Schuchman, while unemployed and without completing his high school studies, decided to hack nearly a million Internet-connected devices using the code of an infamous botnet.

The 21-year-old claimed to have participated in the creation of the giant botnet Satori, which affected millions of Internet of Things (IoT) devices, in complicity with four other individuals. Schuchman pleaded guilty to computer intrusion before a federal court in Anchorage, Alaska. 

According to a specialized platform, Schuchman
met with an expert in ethical hacking shortly before his indictment for an
interview, on the sole condition of not publishing the details of the
encounter, at least until he pleaded guilty. At the time, the defendant was
under house arrest. Although he was on probation and the investigation was
still ongoing, the young hacker was not restricted from accessing the Internet,
so he remained active in some hacker forums specializing in security vulnerabilities
in IoT devices.

When questioned about the current security
state of this technology, the hacker mentioned: “It’s terrible, and in the
future it will be worse. You don’t need to be a great researcher to realize the
huge security weaknesses in IoT devices”, Schuchman said. Ethical hacking
firms and intelligence agencies agree with the defendant, even the US
government already sees IoT infrastructure as a national security issue.
“These devices are the most important security threats going forward”,
Robert Ashley, director of the Defense Intelligence Agency, said recently at a
US Senate appearance.

Back to the interview,   Schuchman claims that he began interesting in this world around
the age of 16, through some forums for Xbox players, he was subsequently
contacted via Skype by some people with similar interests. Eventually, Schuchman
became friends with a group of hackers dedicated to deploying denial
of service
(DoS) attacks including Paras Jha, who collaborated in the
development of the well-known Mirai botnet.

The hacker claims that his intention was to
replace Mirai’s attack method, which used brute force to infect vulnerable
Huawei devices. However, after launching the Satori bot, he realized that he
forgot to disable the original Mirai scanner, so anyone could see where the
attack originated from, so he decided to create a botnet to avoid being
discovered.

According to the International Institute of
Cyber Security (IICS), although court documents attribute him around 100k infections,
Schuchman could be responsible for compromising more than 1.5 million IoT
devices.

Comments
To Top

Pin It on Pinterest

Share This