Hacker 'BestBuy' sentenced to prison for operating Mirai DDoS botnet

Hacker knocked an entire country's internet connection offline.
Written by Catalin Cimpanu, Contributor

A UK court sentenced today a 30-year-old man to two years and eight months in prison for using a DDoS botnet to viciously attack and take down internet connectivity in Liberia in the fall of 2016.

The man is 30-year-old Daniel Kaye, also known online under the monickers of "BestBuy" and "Popopret."

He is one of the many hackers who downloaded the source code of the Mirai IoT malware when it was first published online in October 2016.

Mirai is an infamous malware strain that can infect routers and IoT devices and which was used in several DDoS attacks in the fall of 2016, including against managed DNS provider Dyn, an attack that led to almost a quarter of the internet going down.

Following the Dyn attack, the Mirai author published the source code of the malware in an attempt to hide his tracks. Kaye was just one of the many other hackers who downloaded the source code and created his own Mirai offshoot in the autumn of 2016.

Daniel Kaye - Hacker Popopret, BestBuy

Daniel Kaye

Image: UK NCA

Kaye, a British citizen who at the time was living in Cyprus, rented his botnet. According to a press release from the UK National Crime Agency, one of the entities who hired Kaye and his botnet was Cellcom, a Liberian ISP.

Cellcom instructed Kaye to use his skills and botnet to attack rival Liberian ISP Lonestar MTN. The attacks, which ZDNet reported at the time, were so massive that it took out internet connectivity for the entire country. The NCA says said today that damages from these attacks reached tens of millions of US dollars.

Following attacks on Liberia, Kaye proceeded to hijack new routers into his Mirai botnet to improve his DDoS capabilities. This was his downfall.

He attempted to hijack routers from the networks of Deutsche Telekom in November 2016, but only managed to cause over 900,000 routers to lose connectivity. A few weeks later, he attempted the same thing but managed to knock offline over 100,000 routers from the networks of UK Postal Office, TalkTalk, and Kcom --all three British ISPs. These attacks did nothing but attract law enforcement's interest towards the hacker.

In late February 2017, UK police arrested Kaye at a London airport. Before prosecuting him in the UK, authorities first sent him to Germany where he eventually pleaded guilty in July 2017 and received a suspended prison sentence for the attacks on Deutche Telekom's network.

He was sent back to the UK, where he likewise pleaded guilty for the attacks on the Liberian ISP and was sentenced today.

UK authorities described Kaye as "a talented and sophisticated cyber criminal who created one of the world's largest networks of compromised computers which he then made available to other cyber criminals with no consideration as to the damage it would cause."

Kaye previously advertised his DDoS botnet via XMPP/Jabber spam. In a previous conversation with this reported, he claimed to have ensnared over 400,000 routers into his botnet. These claims were never verified, but the attacks launched from his botnet were known to be bigger than any other Mirai DDoS botnet at the time.

Cybercrime and malware, 2019 predictions

More cybersecurity news:

Editorial standards