Satori botnet author in jail again after breaking pretrial release conditions

Still unclear what Nexus Zeta has done, but he's now incarcerated in the SeaTac detention center.
Written by Catalin Cimpanu, Contributor

The alleged creator of the Satori IoT botnet is back in jail after breaking the terms of his pretrial conditional release, ZDNet has learned.


Kenneth Currin Schuchman mugshot

Image: Rapsheets

The suspect is Kenneth Currin Schuchman, a 20-year-old man from Bend, Washington. He was first arrested this year in August and charged on two counts under the CFAA (Computer Fraud and Abuse Act) by using malware to damage computers.

Schuchman developed his skills on underground hacking forums like HackForums, where he was an old member and frequent poster. He went online by the nickname of Nexus Zeta and was widely known for modifying the Mirai IoT malware to create his custom Mirai strain named Satori.

The Satori malware initially rose to infamy last year when it infected roughly 280,000 routers and IoT devices. A month after Satori made headlines in the press, Check Point researchers publicly linked Nexus Zeta to Satori in one of their reports.

But despite having his alter-ego connected to Satori, Nexus Zeta continued to evolve his botnet and wreak havoc throughout 2018, targeting Ethereum mining rigs and D-Link routers, up until his arrest in August.

Schuchman was charged in Anchorage, Alaska, but he did not have the finances to travel for his day in court. At the time, Schuchman's defense team secured his conditional release following a video conference with an Alaskan judge,

His pretrial release conditions included the standard terms, such as that he surrender his passport, avoid contact with any of his victims/witnesses/prosecution, not possess a firearm, not drink alcohol, not use any narcotics, and submit for any alcohol and narcotics tests when required.

He was also confined to home detention, ordered to wear a GPS tracker, and forbidden to use the internet without supervision.

But on October 12, Schuchman's probation officers filed a report alleging that Schuchman broke one of these conditions. He was arrested on October 19 and is currently incarcerated at the SeaTac Federal Detention Center.

Court documents reviewed by ZDNet today did not specify which of the terms of his conditional release the suspect broke. A call and an email to the defendant's lawyer sent outside of business hours were not answered on Sunday. An update will be added to the story on Monday if provided. ZDNet understands from one of our readers that Schuchman was seen online on Skype, although we cannot officially confirm this information right now.

Schuchman will be transported to Anchorage, Alaska to attend a hearing on the alleged violation of his pretrial conditions on November 8.


Editorial standards