Who is Paras Jha? Hackers behind the massive Mirai botnet that took down the internet plead guilty
The record-breaking cyberattack last year crippled a slew of major websites including Twitter, Amazon, The New York Times, Netflix, Reddit, Paypal and more.
Three men have pleaded guilty to federal cybercrime charges involving the devastating Mirai botnet that knocked large swathes of the internet offline last year. In October 2016, a massive botnet powered by the Mirai malware hijacked hundreds of thousands of Internet-connected devices and targeted DNS provider Dyn with powerful distributed denial-of-service (DDoS) attacks.
The record-breaking cyberattack crippled a slew of major websites including Twitter, Amazon, The New York Times, Netflix, Reddit, Paypal and more.
Paras Jha, Josiah White and Dalton Norman pleaded guilty to creating and operating two botnets target IoT devices in an Alaska court last week, according to court documents unsealed on Wednesday (13 December).
Jha, a 21-year-old computer science student at Rutgers University admitted to writing and implementing the Mirai code in July 2016. He was initially identified as a likely suspect earlier this year by cybersecurity journalist Brian Krebs earlier this year.
According to Jha's plea agreement, he "conspired to conduct DDoS attacks against websites and web hosting companies located in the United States and abroad" by ensnaring over 300,000 web-connected devices. He also demanded payment "in exchange for halting the attack."
Between September and October 2016, Jha advertised Mirai on multiple criminal web forums using the monikers "ogmemes" and "Anna Senpai" and discussed its capabilities. He also admitted to securely erasing the virtual machine used to run Mirai on his device and posting the Mirai code online for free to create "plausible deniability" if the code was found on his computers.
The publishing of the malicious source code essentially made the botnet open-source and allowed any nefarious actor to use the botnet to launch cyberattacks.
"The defendants attempted to discover both known and previously undisclosed vulnerabilities that allowed them to surreptitiously attain control over the victim devices for the purpose of forcing the devices to participate in the Mirai Botnet," the Justice Department said.
"The defendants used the botnet to conduct a number of powerful distributed denial-of-service, or "DDOS" attacks, which occur when multiple computers, acting in unison, flood the Internet connection of a targeted computer or computers. "
Officials said the trio's involvement with the original Mirai variant ended in the fall of 2016 after Jha posted the source code for Mirai on a criminal forum. Since then, multiple threat actors have used Mirai variants in other cyberattacks.
Josiah White, 20, of Washington, Pennsylvania, admitted to creating the Mirai botnet's scanner to identify and hijack vulnerable IoT devices to enlist in the botnet. Meanwhile, 21-year-old Dalton Norman of Metairie, Louisiana, admitted to identifying private zero-day vulnerabilities and exploits to build into the massive botnet.
Between December 2016 and February 2017, the trio also carried out a "click fraud" scheme using a botnet designed to scam online ad networks by simulating clicks on advertisements to artificially generate revenue.
They face a maximum prison sentence of five years.
"The Mirai and Clickfraud botnet schemes are powerful reminders that as we continue on a path of a more interconnected world, we must guard against the threats posed by cybercriminals that can quickly weaponize technological developments to cause vast and varied types of harm," Acting Assistant Attorney General Cronan said in a statement.
Separately, Jha also pleaded guilty in a New Jersey court to launching a series of DDoS attacks to disrupt the networks of Rutgers University, where he was a student. Taunting the Rutgers tech staff during the attacks, he managed to shut down the university's central authentication server that maintained the gateway portal used by staff, students and faculty for assignments and assessments.
Times during midterms, he was often able to knock the portal offline for days at a time, maliciously disrupting the educational process for tens of thousands of Rutgers' students."
According to his plea agreement, estimated damages will amount to about $3.5m and $9.5m.