A self-taught hacker from Surrey has been sentenced to 32 months in prison after masterminding a cyber attack that knocked the entire network in Liberia offline.
Between October 2016 and February 2017, Daniel Kaye was paid $30,000 (£23,000) to develop and distribute malware that would hit telecoms firm Lonestar with a Distributed Denial of Service (DDoS) attack. The aim was to overwhelm its servers enough to take it offline. It’s suggested that the payment came from a rival of Lonestar, in a move the UK courts called a “cynical and financially-driven attack upon a legitimate business enterprise”.
Kaye was approached by an individual who worked for business rival Cellcom, although the company itself maintains it knew nothing of the arrangement and hadn’t sanctioned such activity.
Kaye’s efforts went on to do much more than just take Lonestar offline, though. His botnet – named Mirai #14 – was designed to turn thousands of connected devices into ‘zombies’ capable of overloading the Lonestar servers, but it was so powerful it ended up taking the whole country offline the following year.
Perhaps most alarming was the relative ease with which this was done, as Kaye didn’t need to build his botnet from scratch but could simply amend an existing piece of malware.
Under attack from more connections than it could deal with, Lonestar collapsed and its servers were unable to work properly. Remedial action was taken by the company, at a cost of $600,000 (£467,000). Worse news was to come, though, as the attack saw Lonestar’s revenue plummet from $84 million (£65.3 million) to $17 million (£13.2 million) in just the four months between October 2016 and February 2017.
Sentencing Kaye to 32 months in prison, Judge Alexander Hugh Milne QC said the hacker’s efforts were both unlawful and large scale. The case was presented before the UK courts following an international extradition campaign to return Kaye to Britain under a European Arrest Warrant, thanks to an investigation involving Germany’s Bundeskriminalamt.
