Washington Man Sentenced for Role in Developing “Mirai” Successor Botnets
Anchorage, Alaska – U.S. Attorney Bryan Schroder announced that a Washington man has been sentenced to federal prison for his role in a long-running scheme in which he and his criminal associates developed distributed denial-of-service (DDoS) botnets. The defendant used the botnets to facilitate DDoS attacks, which occur when multiple computers acting in unison flood targeted computers with information to prevent them from being able to access the internet.
Kenneth Currin Schuchman, 22, of Vancouver, WA, was sentenced today by Chief U.S. District Judge Timothy M. Burgess to serve 13 months in prison, after previously pleading guilty to one count of fraud and related activity in connection with computers, in violation of the Computer Fraud & Abuse Act. As part of his sentence, Schuchman was also ordered to serve a term of 18 months of community confinement following his release from prison and a three year term of supervised release.
According to court documents, the botnets were initially based largely on the source code previously developed by other individuals to create the Mirai botnet; however, Schuchman and his criminal associates “Vamp” and “Drake” added additional features over time, so that the botnets grew more complex and effective. At various times, these successor botnets were known as “Satori,” “Okiru,” “Masuta,” and “Tsunami”/”Fbot.” While Schuchman and his criminal associates utilized these successor botnets to conduct DDoS attacks themselves, their primary focus was selling access to paying customers in order to generate illicit proceeds.
The investigation revealed that Schuchman had been engaging in criminal botnet activity since at least August 2017, ultimately compromising hundreds of thousands of devices worldwide, including devices in the District of Alaska. Schuchman continued to engage in criminal botnet activity, and violated several other conditions of his pretrial release, following his arrest in August 2018. The three defendants responsible for creating the Mirai botnet, the computer attack platform that inspired the successor botnets, were previously sentenced in September 2018.
“Cybercriminals depend on anonymity, but remain visible in the eyes of justice,” said U.S. Attorney Schroder. “Today’s sentencing should serve as a reminder that together with our law enforcement and private sector partners, we have the ability and resolve to find and bring to justice those that prey on Alaskans and victims across the United States.”
“Cyber-attacks pose serious harm to Alaskans, especially those in our more remote communities,” said Special Agent in Charge Robert W. Britt of the FBI's Anchorage Field Office. “The increasing number of Internet-connected devices presents challenges to our network security and our daily lives. The FBI Anchorage Field Office will continue to work tirelessly alongside our partners to combat those criminals who use these devices to cause damage globally, as well as right here in our own neighborhoods.”
In a recently unsealed indictment, Schuchman’s criminal associates Aaron Sterritt, a/k/a “Vamp,” or “Viktor” a national of the United Kingdom; and Logan Shwydiuk, a/k/a “Drake,” a Canadian national, have also been charged for their roles in developing and operating these botnets to conduct DDoS attacks, following an investigation by the FBI with the assistance of other law enforcement partners.
The FBI’s Anchorage Field Office conducted the investigation leading to the successful prosecution of this case. This case was prosecuted by Assistant U.S. Attorney Adam Alexander of the U.S. Attorney’s Office for the District of Alaska, and Trial Attorney C. Alden Pelker of the Computer Crime and Intellectual Property Section (CCIPS) of the Justice Department’s Criminal Division. The U.S. Attorney’s Offices for the Western District of Washington and the District of Oregon, and the FBI’s Portland Field Office and Vancouver, WA Resident Agency provided assistance and support during the investigation. Additional assistance was provided by Akamai, Cloudflare, Google, Oracle, Palo Alto Unit 42, Unit 221B, LLC and the University of Cambridge, among other partners.