A 29-year-old Daniel K., a British hacker has pleaded guilty to launching dangerous attacks with the aim of selling the hacked data on the Darknet marketplace. He admitted to infecting routers and causing damages with a Mirai malware at a court in Cologne on last Friday. The router and the damage valued $1.25 and $2.33 million respectively.
He launched an attack on the Deutsche Telekom which caused a two-day lasting problem on its customers in November 2016, at around 17:00, local time. The attack was successful, but his escape was not successful. This cost a lot to the telecommunication company as its users could not connect to the internet using its service for about two days.
The attack was initially linked to a group of cyber criminals known as Botnet #4. This group had caused multiple cyber attacks, including the hijacking of several routers belong to ISPs. However, it was made known after the investigation that the 29-year-old Daniel was behind the attack.
The Cologne police, therefore, issued an international arrest warrant to bring the suspect to Germany to face the law.
Daniel K., also known as “Peter Parker” and “Spiderman, aimed to sell the compromised devices on the Darknet marketplace. This was confirmed by the Federal Criminal Police Force in a statement; “The aim of the attack wave should have been to take over the routers and integrate into a bot network operated by the accused. The bot network is supposed to have offered the accused in the Darknet for consideration for arbitrary attack scenarios, such as so-called DDoS attacks.”
A report released by the BKA after his arrest was that the suspect faces up to 10 years based on the German law.
His arrest was as a result of the information given by the Telecommunication Company, according to the BKA. “From the outset, Deutsche Telekom cooperated with law enforcement agencies. Technical assistance was also provided by the Federal Office for Information Security (BSI) in the analysis of the malicious software used,” said the BKI.
Several agencies also participated in the investigation that led to his arrest, and these include The Europol, Eurojust, UK’s NCA and Cyprus police.
According to reports, Daniel launched numerous attacks online and demanded money for his work. In the court, Daniel revealed that a Telecommunication provider in Liberia paid him a sum of $10,000 just to launch a DDOS attack on its competitor.
The Federal Criminal Police Office of Germany said; “The aim of the attack wave was to take over the routers and integrate them into a botnet operated by the accused. Access to the botnet was allegedly offered by the accused via the darknet for multiple attack scenarios, such as so-called DDoS attacks.”
The suspect was arrested earlier this year at the Luton Airport, London. He was arrested on the ground of organizing multiple cyber attacks.
The Mirai malware used by Prosper and other hackers is found on the Darknet marketplace. This malware is dangerous and an obstacle to the fight against cybercrime on the Darknet. Cybercrime fighters have always wished that this kind of malware will not be accessed by criminals, due to how it was designed. It was designed to default and hard-coded credentials of IoT devices.
Just last year, a bunch of this Mirai powered botnet malware was found for sale on the Alphabay Darknet market. It was made of 100,000 infested computers and other internet devices. Daniel Cohen, the head of Fraud Action business unit in the Republic of South Africa made this discovery on the Darknet market.
One dangerous thing about the Mirai malware and its Darknet penetration is that anybody with the relevant technological mindset can create his own botnet once he gets hold of the Mirai source code.
Scott Hilton, The Dyn executive vice president said in last year when talking about the attack launched by the Mirai software said: “We’re still working on analyzing the data but the estimate at the time of this report is up to 100,000 malicious endpoints. We are able to confirm that a significant volume of attack traffic originated from Mirai-based botnets.”