UPDATED 21:04 EST / DECEMBER 13 2017

INFRA

Three men plead guilty to creation and distribution of infamous Mirai botnet

Three men have pleaded guilty to their role in the creation and distribution of the infamous Mirai botnet, which took down wide swaths of the internet in October 2016.

This particularly pernicious botnet, which is a group of internet-connected devices that are infected with malware, first emerged in 2016. It has been responsible for multiple distributed denial-of-service attacks since then, as well as related mischief such as hijacking computers to mine bitcoin.

Paras Jha, 21, of Fanwood, New Jersey; Josiah White, 20, of Washington, Pennsylvania; and Dalton Norman, 21, of Metairie, Louisiana, pleaded guilty to charges of conspiracy to violate the Computer Fraud & Abuse Act. The Department of Justice said in a statement Wednesday that the trio had created Mirai in the summer and fall of 2016 to infect “internet of things” devices. Then, once the botnet was in place, they allegedly conducted a number of “powerful” DDoS attacks.

In a separate charge, Jha and Norman also pleaded guilty to infecting more than 100,000 IoT devices with malware subsequently used as part of a clickfraud scheme. That involved fake clicks on online advertising to generate revenue fraudulently. The trio admitted earning about 200 bitcoin, valued at more than $180,000 on Jan. 29. Norman is accused of earning more than 30 bitcoin, valued then at $27,000.

Bringing his number of charges to three, Jha also pleaded guilty to violating the Computer Fraud & Abuse Act for a series of attacks aimed at the networks of Rutgers University between November 2014 and September 2016. Jha was previously a student of the university, though it’s not clear what his motivation for the attacks was.

In an interesting twist, it was revealed that Jha and White were co-founders of Protraf Solutions LLC, a company that specialized in mitigating large-scale DDoS attacks.

“Like firemen getting paid to put out the fires they started, Jha and White would target organizations with DDoS attacks and then either extort them for money to call off the attacks, or try to sell those companies services they claimed could uniquely help fend off the attacks,” security expert Brian Krebs, himself a target of a Mirai attack, wrote in a blog post.

All three involved with the Mirai botnet face up to 10 years in jail on the charge, with Jhu and Norman also facing more jail time on the additional charges.

Image: Joey Devilla/Wikimedia Commons

A message from John Furrier, co-founder of SiliconANGLE:

Your vote of support is important to us and it helps us keep the content FREE.

One click below supports our mission to provide free, deep, and relevant content.  

Join our community on YouTube

Join the community that includes more than 15,000 #CubeAlumni experts, including Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger, and many more luminaries and experts.

“TheCUBE is an important partner to the industry. You guys really are a part of our events and we really appreciate you coming and I know people appreciate the content you create as well” – Andy Jassy

THANK YOU