IPNews-Monrovia: British hacker, 30, who masterminded cyber-attack on Liberian telecoms firm for £25,000 payoff from rival company is jailed for nearly three years
According to a dispatch from London, Daniel Kaye, 30, of Egham, Surrey, was sentenced at Blackfriars Crown Court on yesterday, Friday November 24 2019, to a total of 32 months in prison
A British hacker who masterminded a cyber-attack on a Liberian telecoms firm has been jailed for nearly three years.
Daniel Kaye, 30, of Egham, Surrey, was paid 30,000 US dollars by a rival company to disrupt the systems of mobile phone company Lonestar between October 2016 and February 2017.
He created a botnet called Mirai £14 whose purpose was to trigger a distributed denial of service (DDoS) assault on the business‘s computer network, causing it to spend 600,000 US dollars (£467,000) in remedial action.
Kaye pleaded guilty to two offences under the Computer Misuse Act and to one charge of possessing criminal property and was sentenced at Black-friars Crown Court.
The court heard how the virus turned thousands of internet-connected devices into ‘zombies‘ that overwhelmed Lonestar‘s network and costed it tens of millions of US dollars.
Kaye was extradited back to Britain in August 2017 under a European Arrest Warrant following an investigation involving the National Crime Agency‘s (NCA) German counterpart, the Bundeskriminalamt (BKA).
Sentencing, Judge Alexander Hugh Milne QC said Kaye had pursued a ‘large scale unlawful‘ attack on Lonestar‘s computer systems.
‘You were paid by a rival company to disrupt and undermine the legitimate business of Lonestar,‘ he said.
He said that Kaye‘s actions were a ‘cynical and financially-driven attack upon a legitimate business enterprise‘.
Kaye, who was supported in court by his girlfriend, could be seen weeping as the sentence was delivered.
Daniel Kaye admitted attacking an African phone company – inadvertently crashing Liberia’s internet – in 2016.
The 30-year-old remains at the heart of a major international investigation into hundreds of acts of cyber sabotage around the world.
The National Crime Agency says Kaye is perhaps the most significant cyber-criminal yet caught in the UK.
Jailing Kaye for 32 months at Blackfriars Crown Court in London, Judge Alexander Milne QC said Kaye had committed a “cynical” financial crime.
He added: “Paradoxically, what is urged on your behalf is that you are an intelligent young man who knows what your powers can do.
“But that makes it all the more worrying that you used your abilities to carry out this attack.”
Kaye wept as he was taken down.
Prosecutor Robin Sellers told the court how Kaye made a rolling arrangement with a third party who worked for the company Cellcom under which he was paid 30,000 US dollars (£23,000) between late 2016 and early 2017.
The self-taught hacker adapted an existing virus to create a botnet variant called Mirai £14 whose purpose was to trigger DDoS assaults on internet networks.
The court heard that the DDoS attack involved the Mirai code searching out devices that connected to the internet to turn them into ‘zombies‘.
‘Hundreds of thousands of internet-ready devices are in effect taken away from their usual use,‘ Mr Sellers added.
The devices became a ‘conduit for the attack upon the Lonestar servers‘ with the effect of ‘overwhelming it with the sheer number of connections‘.
Mr Sellers said Lonestar‘s servers collapsed and ‘couldn‘t operate properly‘.
The court heard that the company estimated its revenue dipped from 84 million US dollars (£65.3 million) to 17 million US dollars (£13.2 million) between October 2016 and February 2017.
Kaye was arrested at Heathrow in February 2017 under a European Police Warrant in relation to interference with the systems of Deutsche Telekom.
He was found to be carrying 10,000 US dollars (£7,800) in cash, which Mr Sellers said he had been paid for his work against Lonestar.
A mobile phone was also seized which contained a ‘Mirai monitor‘ that showed Kaye‘s code connecting to hundreds of thousands of devices.
Kaye was convicted in Germany of attempted computer sabotage and given a one-year and eight months sentence, suspended for three years.
The hacker had initiated controlled attacks on internet routers that knocked out the internet connections of Deutsche Telekom customers.
It also affected the Cologne water treatment facility and other telephony systems.
Mitigating, Jonathan Green said the impact of Kaye‘s cyber attacks had been greater in Germany than in Liberia.
‘Nobody died, nobody‘s life was imperilled, at worst Lonestar customers suffered slow internet speeds,‘ he said.
He rejected Lonestar‘s estimates of its losses which he claimed were were ‘unsupported by any evidence‘.
Mr Green argued that Kaye was an ‘intelligent‘ young man who had received interest from ‘illustrious businesses‘ and could be a ‘valuable‘ support to the internet technology industry.
‘All the best gamekeepers were at one time poachers,‘ he said.
Addressing Kaye, Judge Milne QC said: ‘You are an intelligent, talented and skilful young man capable of understanding what your powers can do.
‘It makes it even more worrying that you used your abilities for the purposes of this cyber attack.‘
Mike Hulett, Head of Operations at the National Crime Agency‘s National Cyber Crime Unit helped lead the investigation into Kaye.
He said after his conviction: ‘Daniel Kaye was operating as a highly skilled and capable hacker-for-hire.
‘His activities inflicted substantial damage on numerous businesses in countries around the world, demonstrating the borderless nature of cyber crime.
‘The victims in this instance suffered losses of tens of millions of dollars and had to spend a large amount on mitigating action.
‘Working in collaboration with international law enforcement partners played a key role in bringing Daniel Kaye to justice.‘
Russell Tyner, from the crown prosecution service, said: ‘Kaye was a talented and sophisticated cyber criminal who created one of the world‘s largest networks of compromised computers which he then made available to other cyber criminals with no consideration as to the damage it would cause.
‘The CPS and the NCA together with the authorities in Germany and Cyprus worked closely together in order to bring him to justice.‘
Kaye was sentenced to 32 months for unauthorised acts in relation to a computer under the Computer Misuse Act.
He also received 12 months for a charge of making an article for use in the commission of an offence under the same act, and 12 months for possessing criminal property.
The judge ruled that the sentences would be served concurrently.
Kaye had previously been charged with blackmail and other offences under the Computer Misuse Act in relation to cyber attacks on the Lloyds Banking Group in the UK, but these were dropped by the prosecution.
Who is Daniel Kaye?
Kaye, from Egham in Surrey, is a self-taught hacker who began selling his considerable skills on the dark web – offering individuals opportunities to target and destroy their business rivals.
According to court papers, Kaye was hired in 2015 to attack Lonestar, Liberia’s leading mobile phone and internet company, by an individual working for Cellcom, its competitor.
There is no suggestion that Cellcom knew what the employee was doing – but the individual offered Kaye up to $10,000 (£7,800) a month to use his skills to do as much as possible to destroy Lonestar’s service and reputation.
Robin Sellers, prosecuting, told Blackfriars Crown Court that in November 2016 Kaye had built a “botnet” – a particularly powerful form of cyber attack that is designed to overwhelm a target’s systems, making it impossible to carry out normal business.
This type of attack is known as a Distributed Denial of Service (DDOS). It is different to a ransom demand that locks up systems, such as the “Wannacry” attack on the NHS.
What did Kaye’s botnet do?
The weapon, known as “Mirai #14” worked by secretly hijacking a vast number of Chinese-made Dahua webcams, which are used for security in homes and businesses around the world.
He identified that the cheap cameras and other similar equipment had a security flaw – and he exploited that to take over the devices without owners knowing.
That meant he could turn them into what amounted to a “zombie” cyber army to attack his target.
In November 2016, working secretly out of Cyprus and controlling the botnet via his mobile phone, Kaye ordered it to overwhelm Lonestar’s systems.
On his command, hundreds of thousands of the webcams began firing data requests at the west African company.
The system began to struggle to manage the demands and parts of the infrastructure crashed.
He then tried to pull in additional firepower by sending further attacks from Germany, where he had sought to hijack part of Deutsche Telekom’s national infrastructure.
Researchers found that at the peak of the attack, the Mirai #14 code had compromised about one million devices worldwide.
In Liberia, mobile phone users began to see their devices go offline.
The company called in cyber security consultants who attempted to repel the attack, but by that point it was too late because the botnet ran out of control.
What charges did Daniel Kaye admit?
- Making the Mirai #14 botnet for use in a Computer Misuse Act 1990 offence
- Launching cyber attacks against Lonestar in Liberia – another crime under the Computer Misuse Act
- Possessing criminal property – relating to $10,000 found on him when he was arrested
At the time, Liberia’s internet was dependent on both a small number of providers and a relatively limited Atlantic cable. European nations, by comparison, have a vastly more secure internet because traffic can reach users through many different connection routes.
Kaye had sent so much traffic at Lonestar, the entire national system jammed.
According to investigators, the country’s internet repeatedly failed between 3 November and 4 November 2016 – disrupting not just Lonestar but organisations and ordinary users up and down the state.
This is believed to be the first time that a single cyber attacker had disrupted an entire nation’s internet – albeit without intending to do so.
In written submissions to the court, Babatunde Osho, Lonestar’s former chief executive, said Kaye’s criminality had been devastating.
“The DDOS perpetrated by Daniel Kaye seriously compromised Lonestar’s ability to provide a reliable internet connection to its customers,” said Mr Osho.
“In turn, Mr Kaye’s actions prevented Lonestar’s customers from communicating with each other, obtaining access to essential services and carrying out their day-to-day business activities.
“A substantial number of Lonestar’s customers switched to competitors.
“In the years preceding the DDOS attacks, Lonestar’s annual revenue exceeded $80m (£62.4m). Since the attacks, revenue has decreased by tens of millions and its current liabilities have increased by tens of millions.”
How did investigators catch Kaye?
Kaye was already suspected of being behind the attack – and he was arrested when he returned to the UK on holiday in February 2017.
He was carrying $10,000 which the National Crime Agency says was part of the payments he received for the Lonestar attack.
Germany asked for Kaye to be extradited – and later that year he was convicted in a Cologne court of interfering with the Deutsche Telekom system. More than 124,000 Deutsche Telekom customers had seen their services crash – including Cologne’s main sewage facility.
The German authorities then extradited Kaye back to the UK to face the far more serious Liberia charges – because British law allows a cyber criminal to be prosecuted for an offence anywhere in the world.
By this time time, National Crime Agency cyber specialists had also linked Kaye’s Mirai #14 botnet to attacks against three British banks – Lloyds, Barclays and Halifax – in January 2017.
The anonymous attacker had demanded payments to call off the attack.
Unlike Lonestar and Liberia, the sophisticated defences at all three British institutions repelled the onslaught.
Kaye was initially charged with carrying out those attacks – but told prosecutors that while his botnet was behind the operation, he had loaned it to someone else via a dark web marketplace.
At Blackfriars Crown Court on Friday, those allegations were formally dropped.
Mike Hulett, head of the National Cyber Crimes Unit at the NCA, told the BBC that investigators were still trying to get to the bottom of the full scale of Kaye’s criminality around the world.
“I regard Daniel Kaye as one of the most significant cyber criminals arrested in the UK,” said Mr Hulett. “He has a significant level of skill. The attacks that he carried out were not victimless.”
Mr Hulett added that, to the NCA’s knowledge, no cyber criminal had ever knocked an entire country off the internet through the force of one attack.
At court, counsel for Kaye told the judge that the defendant did not accept the losses that Lonestar claimed to have suffered.
Jonathan Green said that Liberia’s internet was limited regardless of Kaye’s attack.
“We say that a relatively slow internet service became slower. It is not accepted that this was a direct threat to Liberia.”
He also told the court that Kaye had received interest from major technology firms who wanted to use his skills despite the criminality.
“We will need people like Mr Kaye on the side of the angels.”
