The alleged mastermind behind a series of cyber-attacks on Lloyds and Barclays banks that disrupted up to 20 million accounts has been extradited from Germany to face charges in the UK.
The British man, Daniel Kaye, 29, is accused of attempting to blackmail the banks after using an infected network of computers known as the Mirai#14 botnet.
Over two days from 11 January to 13 January, Lloyds, Halifax and Bank of Scotland were bombarded with millions of fake requests, designed to grind the groups’ systems to a halt in what is known as a “distributed denial of service” (DDoS) attack.
It is understood that at the time Lloyds was asked to pay about £75,000 in bitcoins for the attack to be called off. The bank did not make any payment to the cyber-attackers.
Barclays fended off an apparent cyber-attack in the same month.
The charges follow an investigation by the National Crime Agency (NCA) with support from Germany’s BKA, the country’s federal investigative police body.
Kaye, of Egham, Surrey, was returned to the UK by NCA officers on Wednesday under a European arrest warrant and remains in custody. He is due at Westminster magistrates court on Thursday.
He is also facing a charge that he endangered human welfare with an alleged cyber-attack against Lonestar MTN, Liberia’s biggest internet provider. In November last year Lonestar Cell MTN revealed that it was experiencing unprecedented and repeated DDoS attacks.
Luke Wyllie, senior operations manager at the NCA, said: “The investigation leading to these charges was complex and crossed borders. Our cybercrime officers have analysed reams of data on the way.
“Cyber crime is not victimless and we are determined to bring suspects before the courts.”
The Mirai botnet allegedly used by Kaye is a type of malware that conscripts internet-connected devices to form a botnet that can be centrally controlled. The malware infects devices such as webcams and CCTV cameras, and any other internet-connected appliances where security passwords are often weak.
A Lloyds Banking Group spokesperson said: “In January we were the target of a substantial distributed denial of service (DDoS) attack. This was successfully defended but resulted in intermittent and temporary service issues for some customers. There was no attempt to access the bank’s systems and no customer details or accounts were compromised.
“We have been working with the authorities since the attack began to assist with their investigations and have shared our findings with other financial institutions to help protect the finance sector.”