Daniel Kaye, a 29-year-old hacker known under the nicknames of BestBuy and Popopret, will appear in a UK court today to face hacking charges related to his activity as master of one of the biggest Mirai botnets ever assembled.

Kaye, a UK citizen from the town of Egham, Surrey, had already pleaded guilty in a German court for infecting routers and IoT devices with the Mirai malware and using it to launch DDoS attacks.

On July 28, a German court sentenced him to a suspended prison sentence of one year and eight months.

Hacker will face similar charges in the UK

Following legal procedures in Germany, the hacker was extradited back to his home country to face similar charges.

According to an official statement from UK authorities, Kaye stands accused of using his personal Mirai botnet — known under the codename of Mirai #14 — to launch DDoS attacks on Lloyds Banking Group and Barclays banks in January 2017.  Authorities say he was also behind blackmail attempts against the same banks.

In addition, Kaye is also facing a charge of "endangering human welfare" because of DDoS attacks he carried out against Lonestar MTN, Liberia’s biggest Internet provider. During his trial in Germany, Kaye said an unidentified/unnamed party paid him $10,000 to attack the Liberian ISP.

While UK authorities have not pressed official charges, an InfoArmor report fingered Kaye's "BestBuy/Popopret" persona as the author of the GovRAT malware, used to infect computers and steal data from a large number of US government and state organizations.

Hacker crashed over 100,000 UK routers

Kaye activated on the underground hacking scene for years, but he caught the eye of cyber-security firms and law enforcement agencies in November and December 2016 when a botched version of the Mirai malware he modified infected and brought down over 900,000 Deutsche Telekom routers in Germany, and another 100,000 routers from several ISPs in the UK.

German police spearheaded an investigation into Kaye's Mirai botnet #14, which at one point the hacker was offering for rent online, and bragged about reaching 1.5 million devices.

UK police arrested Kaye at a London airport in late February and immediately extradited the hacker to Germany to face charges. Kaye is now back in the UK to face the music for the crimes committed in his native country.

Below is a simple timeline of all events:

Early September 2016 - original Mirai IoT malware spotted online
Late September 2016 - a Mirai botnet was used to DDoS the blog of infosec investigative journalist Brian Krebs and the infrastructure of French hosting provider OVH
Early October 2016 - hacker Anna-senpai releases the source code of the Mirai malware online on HackForums
Early November 2016 - BestBuy starts advertising his DDoS-for-hire services, which utilize a massive botnet of 400,000 Mirai-infected hosts
Early November 2016 - a Mirai botnet attacks some Liberian ISPs
Late November 2016 - a buggy version of the Mirai malware causes 900,000 Deutsche Telekom routers to go offline in Germany
Early December 2016 - another buggy version of Mirai causes over 100,000 routers to go offline in the UK. Routers belonged to UK Postal Office, TalkTalk, and Kcom ISPs.
Late February 2017 - UK police arrest hacker BestBuy
Late July 2017 - BestBuy pleads guilty in a German court and is sentenced to a suspended prison sentence a week later.
Late August 2017 - Hacker is extradited to the UK to face similar charges <-- You're here

Related Articles:

Dramatic Increase of DDoS Attack Sizes Attributed to IoT Devices

Mirai, Gafgyt IoT Botnets Reach To the Enterprise Sector

Andromeda Botnet Operator Released With a Slap on the Wrist

New Iot Botnet Torii Uses Six Methods for Persistence, Has No Clear Purpose

Hide and Seek Botnet Adds Infection Vector for Android Devices