Mirai: Trio confesses to creating the world's most powerful DDoS botnet

One of the hackers also open sourced the code, enabling criminals to launch their own attacks

Three men have admitted to being the authors of the devastating Mirai botnet, which was used to launch a DDoS attack that took large parts of the internet offline last year before being widely shared with cyber criminals.

Paras Jha, 21, of Fanwood, New Jersey; Josiah White, 20, of Washington, Pennsylvania; and Dalton Norman, 21, of Metairie, Louisiana, all pleaded guilty to operating Mirai last week, in a court case unsealed by the US Department of Justice yesterday.

Advertisement - Article continues below

The trio built the botnet over the summer and autumn of 2016, targeting IoT devices like routers and wireless cameras, and targeting device vulnerabilities that would let Mirai enslave connected gadgets.

Mirai was behind one of the most effective DDoS attacks ever, hammering DNS provider Dyn with access requests from tens of millions of different IP addresses to force it offline and thereby bring down Github, Reddit, Twitter, Spotify and other huge companies that rely on Dyn to route users to their sites.

The trio conducted multiple DDoS attacks using the Mirai software in 2016, but the FBI doesn't believe they were behind the Dyn attack - they ended their involvement with Mirai in the autumn, when Jha posted the source code on a criminal forum to let other hackers use it to launch their own attacks.

Advertisement
Advertisement - Article continues below

Under the pseudonym of Anna-senpai, Jha wrote on the forum: "When I first go in DDoS industry, I wasn't planning on staying in it long. I made my money, there're lots of eyes looking at IOT now, so it's time to GTFO."

Advertisement - Article continues below

This came shortly after an attack on KrebsOnSecurity, security journalist Brian Krebs' blog, that was so big his pro-bono DDoS protection provider Akamai dropped him as a customer due to the cost of protecting his site.

"After Kreb [sic] DDoS, ISPs been slowly shutting downs and cleaning up their act," Jha wrote on the criminal forum, warning that such a public attack had seen ISPs grow more wary. "Today, max pull is about 300k bots, and dropping."

That was still large enough to pull down Dyn, however. Open sourcing Mirai also led to 15,194 attacks, according to a paper assessing the impact of the botnet.

Jha and Norman also pleaded guilty to using their pool of more than 100,000 connected devices to launch a 'clickfraud' campaign between December 2016 and February this year, generating false advertising clicks online.

Mirai wasn't Jha's first involvement with cyber attacks however - he pleaded guilty yesterday to a series of attacks on Rutgers University between 2014 and 2016, shutting down the university's central authentication server that staff and students used to deliver assignments and assessments.

Advertisement - Article continues below

"The Mirai and Clickfraud botnet schemes are powerful reminders that as we continue on a path of a more interconnected world, we must guard against the threats posed by cybercriminals that can quickly weaponize technological developments to cause vast and varied types of harm," said the Justice Department's acting assistant attorney John Cronan.

The FBI's assistant director, Scott Smith, added: "These cases illustrate how the FBI works tirelessly against the actions of criminals who use malicious code to cause widespread damage and disruptions to the general population.

"The FBI is dedicated to working with its domestic and international partners to aggressively pursue these individuals and bring justice to the victims."

Jha, White and Norman are yet to be sentenced.

Featured Resources

Preparing for long-term remote working after COVID-19

Learn how to safely and securely enable your remote workforce

Download now

Cloud vs on-premise storage: What’s right for you?

Key considerations driving document storage decisions for businesses

Download now

Staying ahead of the game in the world of data

Create successful marketing campaigns by understanding your customers better

Download now

Transforming productivity

Solutions that facilitate work at full speed

Download now
Advertisement
Advertisement

Most Popular

Visit/laptops/29190/how-to-find-ram-speed-size-and-type
Laptops

How to find RAM speed, size and type

24 Jun 2020
Visit/mobile/google-android/356373/over-2-dozen-additional-android-apps-found-stealing-user-data
Google Android

Over two dozen Android apps found stealing user data

7 Jul 2020
Visit/cloud/356260/the-road-to-recovery
Sponsored

The road to recovery

30 Jun 2020