Mirai Botnet Author Got House Arrest and Fined $8.6 Million
The federal court in Trenton, New Jersey, has sentenced Paras Jha, 22, to six months of house arrest after pleading guilty for violating Computer Fraud and Abuse Act. The court also handed him 2500 hours of community service and five years of parole. According to report, Jha launched a series of DDOS attacks on institutions including Rutgers University in New Brunswick, New Jersey, between November 2014 and September 2016. As claimed by the Justice Department, Jha hacked into the University’s Central authenticator server and put the portal offline on multiple occasions. This action was interrupted by the operation of the University, faculty and the students. It was estimated that Jha’s move cost the university between $3.5 million to $9.5 million.
According to reports, Paras Jha and two other Mirai authors, Josiah White, 21, of Washington, Pennsylvania, and Dalton Norman, 22, of Metairie, Louisiana, created a Mirai botnet. Between the summer and fall, the trio launched an attack that infected collections of computers. Mirai Botnet enables a third party to control a group of infected computers without the knowledge of the owners. Authorities revealed that the defendants used the Mirai botnet to compromise the devices of other institutions. After their operation, they exposed the Mirai source code on the darknet that enabled other hackers to carry on with the Mirai botnet attack.
Further investigation reveals that Jha and Norman were able to infect 100,000 primarily U.S-based Internet-connected computing devices between the period of December 2016 and February 2017. The Mirai targeted non-traditional computing devices such as Reuters and cameras. The malware infected these devices and formed a powerful botnet.
In August 2016, Josiah White created a scanner that enabled the Mirai to detect and access devices that can be infected. According to the court document, Norman aided with the expansion of the botnet to accommodate 300,000 devices in September 2016.
The Justice Department further disclosed that the defendants used the compromised device of the victims to advertise their fraudulent schemes on the internet. They actively used their computer skills to engage in another fraudulent scheme called “click fraud”, making them generate fake traffics. It is important to understand that this kind of traffic generation is foul and not allowed. Jha admitted that he made 200 bitcoins from the “click fraud” scheme.
They, therefore, pleaded guilty to violating the Computer Fraud and Abuse Act. On 18 September 2018, the three Mirai botnet creators were sentenced to 2500 hours of community service and five years of probation. This sentence was to send a message to other cybercriminals out there on the punishment that awaits them. Also, the Alaska District Court ordered them to pay $127,000 each in restitution.
Robert Stahl, Jha’s lawyer, said to reporters that Jha had made series of mistakes since the age of 19, and he fully appreciates the consequences. His lawyer added that Jha was extremely remorseful and accepts all the responsibilities of his actions.
Jha agreed to cooperate with the law enforcement in their investigation into malware cases. According to U.S. Attorney Bryan Schroder, malware attack is a worldwide epidemic, and cooperation with the offender will give the law enforcement a step ahead to technologically deal with future cases. Recently, countries such as Germany have also been reported to be facing problems of high cybercrime related incidents.
The need for authorities to understand the operation of malware was influenced by the recent rise in cybercrime-related cases in the U.S. The Norton Cyber Security Insights Report revealed that about 143 million Americans were affected by cybercrime in 2017. The report also showed that over 50% of their respondents admitted to having been a victim to malware attacks, or knowing someone who has been a victim.
Schroder acknowledged the cooperation with international law enforcement and private agencies in making this case a success. He assured that the FBI is committed to strengthening the relationship and also counter cybercrime with innovative measures. He also said that cybercriminals usually acquire their skills at a younger age, and the prosecution of the trio indicates how they are ready to subject all arrested criminals under the authority of the law. “This case demonstrates our commitment to hold criminals accountable while encouraging offenders to choose a different path to apply their skills,” he said.