Mirai: Trio confesses to creating the world's most powerful DDoS botnet

One of the hackers also open sourced the code, enabling criminals to launch their own attacks

Three men have admitted to being the authors of the devastating Mirai botnet, which was used to launch a DDoS attack that took large parts of the internet offline last year before being widely shared with cyber criminals.

Paras Jha, 21, of Fanwood, New Jersey; Josiah White, 20, of Washington, Pennsylvania; and Dalton Norman, 21, of Metairie, Louisiana, all pleaded guilty to operating Mirai last week, in a court case unsealed by the US Department of Justice yesterday.

The trio built the botnet over the summer and autumn of 2016, targeting IoT devices like routers and wireless cameras, and targeting device vulnerabilities that would let Mirai enslave connected gadgets.

Mirai was behind one of the most effective DDoS attacks ever, hammering DNS provider Dyn with access requests from tens of millions of different IP addresses to force it offline and thereby bring down Github, Reddit, Twitter, Spotify and other huge companies that rely on Dyn to route users to their sites.

The trio conducted multiple DDoS attacks using the Mirai software in 2016, but the FBI doesn't believe they were behind the Dyn attack - they ended their involvement with Mirai in the autumn, when Jha posted the source code on a criminal forum to let other hackers use it to launch their own attacks.

Advertisement
Advertisement - Article continues below
Advertisement - Article continues below

Under the pseudonym of Anna-senpai, Jha wrote on the forum: "When I first go in DDoS industry, I wasn't planning on staying in it long. I made my money, there're lots of eyes looking at IOT now, so it's time to GTFO."

This came shortly after an attack on KrebsOnSecurity, security journalist Brian Krebs' blog, that was so big his pro-bono DDoS protection provider Akamai dropped him as a customer due to the cost of protecting his site.

"After Kreb [sic] DDoS, ISPs been slowly shutting downs and cleaning up their act," Jha wrote on the criminal forum, warning that such a public attack had seen ISPs grow more wary. "Today, max pull is about 300k bots, and dropping."

That was still large enough to pull down Dyn, however. Open sourcing Mirai also led to 15,194 attacks, according to a paper assessing the impact of the botnet.

Jha and Norman also pleaded guilty to using their pool of more than 100,000 connected devices to launch a 'clickfraud' campaign between December 2016 and February this year, generating false advertising clicks online.

Advertisement - Article continues below

Mirai wasn't Jha's first involvement with cyber attacks however - he pleaded guilty yesterday to a series of attacks on Rutgers University between 2014 and 2016, shutting down the university's central authentication server that staff and students used to deliver assignments and assessments.

"The Mirai and Clickfraud botnet schemes are powerful reminders that as we continue on a path of a more interconnected world, we must guard against the threats posed by cybercriminals that can quickly weaponize technological developments to cause vast and varied types of harm," said the Justice Department's acting assistant attorney John Cronan.

The FBI's assistant director, Scott Smith, added: "These cases illustrate how the FBI works tirelessly against the actions of criminals who use malicious code to cause widespread damage and disruptions to the general population.

"The FBI is dedicated to working with its domestic and international partners to aggressively pursue these individuals and bring justice to the victims."

Jha, White and Norman are yet to be sentenced.

Featured Resources

What you need to know about migrating to SAP S/4HANA

Factors to assess how and when to begin migration

Download now

Your enterprise cloud solutions guide

Infrastructure designed to meet your company's IT needs for next-generation cloud applications

Download now

Testing for compliance just became easier

How you can use technology to ensure compliance in your organisation

Download now

Best practices for implementing security awareness training

How to develop a security awareness programme that will actually change behaviour

Download now
Advertisement

Most Popular

Visit/microsoft-windows/32066/what-to-do-if-youre-still-running-windows-7
Microsoft Windows

What to do if you're still running Windows 7

14 Jan 2020
Visit/operating-systems/25802/17-windows-10-problems-and-how-to-fix-them
operating systems

17 Windows 10 problems - and how to fix them

13 Jan 2020
Visit/policy-legislation/data-governance/354496/brexit-security-talks-under-threat-after-uk-accused-of
data governance

Brexit security talks under threat after UK accused of illegally copying Schengen data

10 Jan 2020
Visit/hardware/laptops/354533/dell-xps-13-new-9300-hands-on-review-chasing-perfection
Laptops

Dell XPS 13 (New 9300) hands-on review: Chasing perfection

14 Jan 2020