Mirai: Trio confesses to creating the world's most powerful DDoS botnet

One of the hackers also open sourced the code, enabling criminals to launch their own attacks

Three men have admitted to being the authors of the devastating Mirai botnet, which was used to launch a DDoS attack that took large parts of the internet offline last year before being widely shared with cyber criminals.

Paras Jha, 21, of Fanwood, New Jersey; Josiah White, 20, of Washington, Pennsylvania; and Dalton Norman, 21, of Metairie, Louisiana, all pleaded guilty to operating Mirai last week, in a court case unsealed by the US Department of Justice yesterday.

The trio built the botnet over the summer and autumn of 2016, targeting IoT devices like routers and wireless cameras, and targeting device vulnerabilities that would let Mirai enslave connected gadgets.

Mirai was behind one of the most effective DDoS attacks ever, hammering DNS provider Dyn with access requests from tens of millions of different IP addresses to force it offline and thereby bring down Github, Reddit, Twitter, Spotify and other huge companies that rely on Dyn to route users to their sites.

The trio conducted multiple DDoS attacks using the Mirai software in 2016, but the FBI doesn't believe they were behind the Dyn attack - they ended their involvement with Mirai in the autumn, when Jha posted the source code on a criminal forum to let other hackers use it to launch their own attacks.

Advertisement
Advertisement - Article continues below

Under the pseudonym of Anna-senpai, Jha wrote on the forum: "When I first go in DDoS industry, I wasn't planning on staying in it long. I made my money, there're lots of eyes looking at IOT now, so it's time to GTFO."

This came shortly after an attack on KrebsOnSecurity, security journalist Brian Krebs' blog, that was so big his pro-bono DDoS protection provider Akamai dropped him as a customer due to the cost of protecting his site.

"After Kreb [sic] DDoS, ISPs been slowly shutting downs and cleaning up their act," Jha wrote on the criminal forum, warning that such a public attack had seen ISPs grow more wary. "Today, max pull is about 300k bots, and dropping."

That was still large enough to pull down Dyn, however. Open sourcing Mirai also led to 15,194 attacks, according to a paper assessing the impact of the botnet.

Jha and Norman also pleaded guilty to using their pool of more than 100,000 connected devices to launch a 'clickfraud' campaign between December 2016 and February this year, generating false advertising clicks online.

Mirai wasn't Jha's first involvement with cyber attacks however - he pleaded guilty yesterday to a series of attacks on Rutgers University between 2014 and 2016, shutting down the university's central authentication server that staff and students used to deliver assignments and assessments.

"The Mirai and Clickfraud botnet schemes are powerful reminders that as we continue on a path of a more interconnected world, we must guard against the threats posed by cybercriminals that can quickly weaponize technological developments to cause vast and varied types of harm," said the Justice Department's acting assistant attorney John Cronan.

The FBI's assistant director, Scott Smith, added: "These cases illustrate how the FBI works tirelessly against the actions of criminals who use malicious code to cause widespread damage and disruptions to the general population.

"The FBI is dedicated to working with its domestic and international partners to aggressively pursue these individuals and bring justice to the victims."

Jha, White and Norman are yet to be sentenced.

Featured Resources

The IT Pro guide to Windows 10 migration

Everything you need to know for a successful transition

Download now

Managing security risk and compliance in a challenging landscape

How key technology partners grow with your organisation

Download now

Software-defined storage for dummies

Control storage costs, eliminate storage bottlenecks and solve storage management challenges

Download now

6 best practices for escaping ransomware

A complete guide to tackling ransomware attacks

Download now
Advertisement

Most Popular

Visit/operating-systems/microsoft-windows/354297/this-exploit-could-give-users-free-windows-7-updates
Microsoft Windows

This exploit could give users free Windows 7 updates beyond 2020

9 Dec 2019
Visit/business/business-strategy/354304/ex-apple-cpu-architect-accuses-the-firm-of-invading-privacy
Business strategy

Ex-Apple CPU architect accuses the firm of invading privacy

10 Dec 2019
Visit/security/vulnerability/354309/patch-issued-for-critical-windows-bug
vulnerability

Patch issued for critical Windows bug

11 Dec 2019
Visit/cloud/microsoft-azure/354230/microsoft-not-amazon-is-going-to-win-the-cloud-wars
Microsoft Azure

Microsoft, not Amazon, is going to win the cloud wars

30 Nov 2019