Mirai Malware Mastermind Extradited To The United Kingdom

A hacker, who used the Mirai botnet to conduct attacks on UK banks, was extradited from Germany to the United Kingdom.

Daniel Kaye, 29, of Surrey, England, was recently extradited from Germany to the United Kingdom. The 29-year-old could face serious charges including launching cyber attacks against two of the UK’s biggest financial institutions.

On August 30, Britain’s National Crime Agency executed a European arrest warrant on Kaye and returned the alleged hacker to the United Kingdom. According to the NCA, the 29-year-old is accused of “using an infected network of computers known as the Mirai#14 botnet to attack and blackmail Lloyds Banking Group and Barclays banks.”

Kaye allegedly launched the attacks against the two financial institutions in January. While the Lloyds Banking Group’s systems were successfully breached, resulting in the users’ financial information distributed on the dark web. Barclays managed to fight back the attack.

An NCA spokesman told the Information Security Media Group that Kaye will soon appear at the Westminster Magistrates’ Court in London where he will face nine charges under the UK Computer Misuse Act, as well as two charges of blackmail and one relating to the possession of criminal property.

Furthermore, the prosecution has charged the 29-year-old with “endangered human welfare with an alleged cyber attack against Lonestar MTN,” one of the largest internet providers in Liberia.

At the end of July, Kaye pleaded guilty to launching cyber attacks against the German internet provider Deutsche Telekom. The 29-year-old admitted that he infected routers with the Mirai malware. His attacks resulted in Deutsche Telekom users not accessing the internet for two days in November 2016. According to the Cologne court, the damage caused by Kaye is valued at $2.33 million.

The NCA conducted a complex investigation on the suspect, which involved the assistance of Germany’s Federal Criminal Police Office (BKA).

“The investigation leading to these charges was complex and crossed borders. Our cybercrime officers have analyzed reams of data on the way. Cybercrime is not victimless and we are determined to bring suspects before the courts,” NCA’s senior operations manager Luke Wyllie said in a statement.

According to the charges, Kaye used a low-tech, high-impact Mirai malware to conduct his own attacks against the victims. The malicious software was originally built by PoodleCorp (an individual or an organization) in order to exploit the default user logins used by several IoT device manufacturers. In October 2016, PoodleCorp dumped the Mirai source code online. That event resulted in numerous hackers running their own Mirai botnets. It was reported that Kaye was among those persons.

On February 22, at the request of the BKA, the NCA arrested Kaye at the Luton Airport in London. In March, British authorities extradited the suspect to Germany.

In August, after pleading guilty to infecting 1.25 million Deutsche Telekom routers and launching DDoS attacks, the Cologne court imposed a suspended sentence – of one year and eight months – on the 29-year-old. The defendant showed regret during his court trial and said that it was the “worst mistake” of his life.

“The aim of the attack wave was to take over the routers and integrate them into a botnet operated by the accused. Access to the botnet was allegedly offered by the accused via the darknet for multiple attack scenarios, such as so-called DDoS attacks,” the BKA stated.

However, Kaye’s criminal activity did not start with the Deutsche Telekom attack. AFP reported that the 29-year-old was paid $10,000 to conduct an attack on Lonestar MTN. According to the news publication, one of the rival companies paid the hacker for the attack. The victim company estimated the damage of the breach at two million euros. Lonestar reported that the firm had to instruct their users to disconnect their routers, install a patch and restart the devices.

According to the security experts, Kaye is being tied to a hacker named “Peter Parker,” “Spiderman,” “BestBuy,” “Popopret” and “Spidr”. There is also a strong suspicion insisting that Kaye was the author of GovRat, a remote-access Trojan and keylogger that has been sold on the darknet hacking forums since 2014.