June 29, 2020
Satori IoT botnet author sentenced to 13 months in prison
By Lisa Vaas
The coder who created the massive Satori botnet of enslaved devices and a handful of other botnets will be spending 13 months behind bars, the US Attorney’s Office of Alaska announced on Friday.
Kenneth Currin Schuchman, 22, from Vancouver, Wash., spent years developing distributed denial-of-service (DDoS) botnets. In September 2019, he pleaded guilty to operating the Satori botnet, made up of IoT devices, and at least two other botnets; to running a DDoS-for-hire service; to cooking up one of the evolving line of botnets while he was indicted and under supervised release; and to swatting one of his former chums, also while on supervised release.
Satori did massive damage: it and its iterations would be unleashed in record-setting DDoS attacks that enslaved more than 800,000 devices – things like home routers, security cameras and webcams – and flattened ISPs, online gaming platforms and web hosting companies.
Schuchman was indicted in September 2018 on two counts of fraud and related activity in connection with a computer, but in the plea agreement he struck with prosecution, he pleaded guilty to just one count of fraud and related activity in connection with computers, in violation of the Computer Fraud & Abuse Act (CFAA).
Schuchman worked with two criminal colleagues: “Vamp”, also known as “Viktor,” and “Drake”. The recently unsealed indictment reveals the names and locations of the two men who were sometimes his friends, sometimes his competitors and targets. Vamp is actually Aaron Sterritt, a national from the UK, while Drake turns out to be Logan Shwydiuk, a Canadian national.
Read more at https://nakedsecurity.sophos.com/2020/06/29/satori-iot-botnet-author-sentenced-to-13-months-in-prison/
Fancy hacking a PlayStation? Sony announces its bug bounty program
By Paul Ducklin
You’ve probably heard the French saying, “Plus ça change, plus c’est la même chose.”
Alliteratively coined by the French satirical writer Jean-Baptiste Alphonse Karr, it means that the more things change, the more they remain the same, and it’s a cynical observation that what seems like an improvement may not, in the end, sort out the underlying problems or attitudes it was mean to fix.
Well, here’s a change that really does seem to be a change, in heart as well as in direction!
Sony, maker of the PlayStation games console series, has not always been friendly to hackers.
About ten years ago, the company famously took legal action against a young George Hotz, better known as geohot, an American hacker – in the neutral sense of the word here – who has found his way into numerous “locked down” devices over the years.
Hotz, who is now into open source self-driving automotive software, has variously come up with jailbreaks (or roots as they are known on Android phones, after the Unix name for the top-level administrative account) for iPhones, locked-down Androids such as Galaxies…
…and for the Sony PlayStation 3.
Read more at https://nakedsecurity.sophos.com/2020/06/26/fancy-hacking-a-playstation-sony-announces-its-bug-bounty-program/
REvil gang threaten to auction celebrity data from Mariah Carey, Lebron James, MTV and more
By Lisa Vaas
What would you do if your law firm to the stars were to be presented with this choice: pay us $42 million or we’ll sell Mariah Carey’s confidential legal documents on the dark web on 1 July?
… followed by a carefully laid out schedule to sell personal correspondence, contracts, agreements, non-disclosure agreements, court conflicts and other internal correspondence relating to other clients, including Nicki Minaj, Lebron James, Bad Boy Records, MTV and Universal?
If you were Allen Grubman, founder of the star-studded law firm Grubman Shire Meiselas & Sacks, you’d tell the ransomware crooks to get lost. Following a ransomware attack from the REvil cybergang that flattened gsmlaw.com in May, Grubman said he wouldn’t negotiate with the hackers, equating them to terrorists.
In the May attack, the gang stole more than 750GB in total. Now, the blackmailers are making good on their threats to publish it.
According to Variety, REvil has threatened to auction off sensitive documents from the firm’s top clients, laying out a schedule that begins on 1 July with documents from Mariah Carey, Nicki Minaj and Lebron James, starting at $600,000 per celebrity. They plan to auction off documents from Bad Boy Records (starting at $750,000) and from MTV and Universal (starting at $1 million each) two days after that. There’ll be more from an unspecified celebrity – or two or three or more of them, who knows – released on 5 July, the REvil gang promised.