British cyber criminal Daniel Kaye has been jailed for two years and eight months for attacks that took Liberia offline and severely disrupted a Liberian telecommunications provider, resulting in losses estimated at tens of millions of dollars.
Kaye, from Egham, Surrey, pleaded guilty in December 2018 to creating and using a botnet and possessing criminal property, and received the prison sentence at Blackfriars Crown Court following an investigation led by the National Cyber Crime Unit (NCCU) of the National Crime Agency (NCA).
He is also subject to a Serious Crime Prevention Order and must forfeit his devices.
Kaye began carrying out distributed denial of service (DDoS) attacks on Liberian telecommunications provider Lonestar MTN in October 2015 using rented botnets and stressors while he was living in Peyia, Cyprus.
The 30-year-old expert hacker was hired by a senior official at Cellcom, a rival Liberian network provider, and was paid a monthly retainer.
From September 2016, Kaye used his own Mirai botnet, comprising a network of infected Dahua security cameras, to carry out consistent attacks on Lonestar.
In November 2016, the volume of traffic from Kaye’s botnet was so high that it disabled internet access across Liberia.
The attacks had a direct impact on Lonestar’s ability to provide services to its customers, resulting in revenue losses of tens of millions of dollars as customers left the network.
Remedial action taken by Lonestar to prevent the attacks incurred costs of about $600,000.
An April 2018 survey revealed that DDoS attacks were costing enterprises up to £35,000 per attack in lost business and productivity, plus mitigation costs.
But lost revenue is considered to be only the fourth most damaging consequence of this type of cyber attack, according to the survey by Corero Network Security. Most respondents cited the loss of customer trust and confidence, the risk of intellectual theft and the threat of malware infection as the most damaging effects on business from DDoS attacks.
A European arrest warrant was issued for Kaye and he was arrested by NCA officers when he returned to the UK in February 2017. His laptop, mobile and passport were seized, as well as $10,000 in $100 bills found in his suitcase.
He was subsequently extradited to Germany, where he admitted attacks on Deutsche Telekom that affected nearly one million customers in November 2016, and received a suspended sentence.
Kaye was returned to the UK on a second European arrest warrant in August 2017 to face charges relating to the Liberia attack and the use of his botnet, known as Mirai#14, to attack and blackmail Lloyds Banking Group, Barclays Bank and Halifax.
Read more about DDoS attacks
- Europe in the firing line of evolving DDoS attacks.
- Malicious insiders and DDoS attacks cost UK businesses the most.
- Criminal activity has become the top motivation for DDoS attacks, so taking no action is not an option.
- Average DDoS attacks fatal to most businesses, report reveals.
The UK banking institutions were able to deal with the DDoS attacks launched by the Mirai#14 botnet, and the charges were dropped after Kaye told prosecutors he had not demanded payment from the banks to call off the attack, and had merely rented his botnet to someone else via a dark web marketplace.
NCA Specials, volunteers with specialist skills, provided technical expertise to NCCU officers to assist with in-depth reviews of material. The niche skills of NCA Specials typically include cyber security, software development and malware analysis.The Shadowserver Foundation also assisted the investigation by sinkholing traffic from the botnet.
Mike Hulett, head of operations at the NCCU, described Kay as a “highly skilled and capable hacker-for-hire” whose activities inflicted substantial damage on numerous businesses in countries around the world, demonstrating the borderless nature of cyber crime.
“The victims in this instance suffered losses of tens of millions of dollars and had to spend a large amount on mitigating action,” said Hulett.
“Working in collaboration with international law enforcement partners played a key role in bringing Daniel Kaye to justice.
“The sentence reflects the fact that these are serious attacks and that cyber crime is not victimless because there are a lot of people who have been affected by Kaye’s attacks.”
Russell Tyner, from the CPS, said: “Kaye was a talented and sophisticated cyber criminal who created one of the world’s largest networks of compromised computers, which he then made available to other cyber criminals with no consideration as to the damage it would cause.
“The CPS and the NCA, together with the authorities in Germany and Cyprus, worked closely together to bring him to justice.”