Satori and Okiru Botnet creator Kenneth Schuchman aka Nexus Zeta gets 13 months in Jail


Kenneth Schuchman aka Nexus Zeta who created DDoS botnets like Satori, Okiru, Masuta, and Fbot/Tsunami jailed for 13 months

A 22-year old programmer who created and ran multiple botnets to bring down big websites was sentenced to 13 months in prison by a U.S. Federal Court. Kenneth Currin Schuchman who used the online handle of Nexus Zeta is based in Vancouver, Washington. He created and operated DDoS botnets like Satori, Okiru, Masuta, and Fbot/Tsunami and offered them for rent. He is known to have two associates who use the online moniker Drake and Vamp. Together, the trio rented their botnets to DDoSers for bringing down websites.

The United States Department of Justice indictment says that Schuchman created the botnets by infecting thousands of Internet of Things devices like routers and security cameras with malware. US officials say Vamp and Drake contributed to the botnet coding and features.

Schuchman, Vamp, and Drake first created the Satori botnet from the publicly leaked source code of Mirai IoT malware in 2017. The trio improved Mirai’s DDoS capabilities by importing some features from another DDoS botnet known as Remaiten. Satori was so successful that the trio could infect over 100,000 IoT connected devices in its first month itself. The court documents say that Satori botnet was capable for 1Tbps DDoS attacks.

The trio then released the v2.0 of Satori called Okira in Oct 2017,  which specifically targeted security cameras manufactured by Goahead. The v3.0 of Satori was called Masuta and targeted GPON routers. Masuta infected over 700,000 IoT devices according to DoJ.

By November 2017, Schuchman was making huge amounts of money from renting these botnets. He branched out by creating his own botnet which he used to DDoS ProxyPipe, a DDoS mitigation firm. DOJ officials said that besides renting the botnets to buyers, Schuchman and his associates also used the botnets themselves to attack various online services and companies.

DoJ had identified Schuchman in August 2018 but was awaiting trial. He was formally arrested in October 2018 after breaking his pre-trial release conditions. After Schuchman pleaded guilty, he was sentenced to 13 months in prison and he was also ordered to serve a term of 18 months of community confinement following his release from prison and a three-year term of supervised release.

DoJ separately said they has identified the real identities of Vamp and Drake and would be nailing them soon.


About Author

"The Internet is the first thing that humanity has built that humanity doesn't understand, the largest experiment in anarchy that we have ever had." Eric Schmidt

Notify of
Inline Feedbacks
View all comments