The school kid who hacked over a million IoT devices

Not all young people use their potential for the best purposes. According to ethical hacking specialists, the young man Kenneth Currin Schuchman, while unemployed and without completing his high school studies, decided to hack nearly a million Internet-connected devices using the code of an infamous botnet.

The 21-year-old claimed to have participated in the creation of the giant botnet Satori, which affected millions of Internet of Things (IoT) devices, in complicity with four other individuals. Schuchman pleaded guilty to computer intrusion before a federal court in Anchorage, Alaska. 

According to a specialized platform, Schuchman met with an expert in ethical hacking shortly before his indictment for an interview, on the sole condition of not publishing the details of the encounter, at least until he pleaded guilty. At the time, the defendant was under house arrest. Although he was on probation and the investigation was still ongoing, the young hacker was not restricted from accessing the Internet, so he remained active in some hacker forums specializing in security vulnerabilities in IoT devices.

When questioned about the current security state of this technology, the hacker mentioned: “It’s terrible, and in the future it will be worse. You don’t need to be a great researcher to realize the huge security weaknesses in IoT devices”, Schuchman said. Ethical hacking firms and intelligence agencies agree with the defendant, even the US government already sees IoT infrastructure as a national security issue. “These devices are the most important security threats going forward”, Robert Ashley, director of the Defense Intelligence Agency, said recently at a US Senate appearance.

Back to the interview,   Schuchman claims that he began interesting in this world around the age of 16, through some forums for Xbox players, he was subsequently contacted via Skype by some people with similar interests. Eventually, Schuchman became friends with a group of hackers dedicated to deploying denial of service (DoS) attacks including Paras Jha, who collaborated in the development of the well-known Mirai botnet.

The hacker claims that his intention was to replace Mirai’s attack method, which used brute force to infect vulnerable Huawei devices. However, after launching the Satori bot, he realized that he forgot to disable the original Mirai scanner, so anyone could see where the attack originated from, so he decided to create a botnet to avoid being discovered.

According to the International Institute of Cyber Security (IICS), although court documents attribute him around 100k infections, Schuchman could be responsible for compromising more than 1.5 million IoT devices.