IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

Mirai: Trio confesses to creating the world's most powerful DDoS botnet

One of the hackers also open sourced the code, enabling criminals to launch their own attacks

Three men have admitted to being the authors of the devastating Mirai botnet, which was used to launch a DDoS attack that took large parts of the internet offline last year before being widely shared with cyber criminals.

Paras Jha, 21, of Fanwood, New Jersey; Josiah White, 20, of Washington, Pennsylvania; and Dalton Norman, 21, of Metairie, Louisiana, all pleaded guilty to operating Mirai last week, in a court case unsealed by the US Department of Justice yesterday.

The trio built the botnet over the summer and autumn of 2016, targeting IoT devices like routers and wireless cameras, and targeting device vulnerabilities that would let Mirai enslave connected gadgets.

Mirai was behind one of the most effective DDoS attacks ever, hammering DNS provider Dyn with access requests from tens of millions of different IP addresses to force it offline and thereby bring down Github, Reddit, Twitter, Spotify and other huge companies that rely on Dyn to route users to their sites.

The trio conducted multiple DDoS attacks using the Mirai software in 2016, but the FBI doesn't believe they were behind the Dyn attack - they ended their involvement with Mirai in the autumn, when Jha posted the source code on a criminal forum to let other hackers use it to launch their own attacks.

Under the pseudonym of Anna-senpai, Jha wrote on the forum: "When I first go in DDoS industry, I wasn't planning on staying in it long. I made my money, there're lots of eyes looking at IOT now, so it's time to GTFO."

This came shortly after an attack on KrebsOnSecurity, security journalist Brian Krebs' blog, that was so big his pro-bono DDoS protection provider Akamai dropped him as a customer due to the cost of protecting his site.

"After Kreb [sic] DDoS, ISPs been slowly shutting downs and cleaning up their act," Jha wrote on the criminal forum, warning that such a public attack had seen ISPs grow more wary. "Today, max pull is about 300k bots, and dropping."

That was still large enough to pull down Dyn, however. Open sourcing Mirai also led to 15,194 attacks, according to a paper assessing the impact of the botnet.

Jha and Norman also pleaded guilty to using their pool of more than 100,000 connected devices to launch a 'clickfraud' campaign between December 2016 and February this year, generating false advertising clicks online.

Mirai wasn't Jha's first involvement with cyber attacks however - he pleaded guilty yesterday to a series of attacks on Rutgers University between 2014 and 2016, shutting down the university's central authentication server that staff and students used to deliver assignments and assessments.

"The Mirai and Clickfraud botnet schemes are powerful reminders that as we continue on a path of a more interconnected world, we must guard against the threats posed by cybercriminals that can quickly weaponize technological developments to cause vast and varied types of harm," said the Justice Department's acting assistant attorney John Cronan.

The FBI's assistant director, Scott Smith, added: "These cases illustrate how the FBI works tirelessly against the actions of criminals who use malicious code to cause widespread damage and disruptions to the general population.

"The FBI is dedicated to working with its domestic and international partners to aggressively pursue these individuals and bring justice to the victims."

Jha, White and Norman are yet to be sentenced.

Featured Resources

Activation playbook: Deliver data that powers impactful, game-changing campaigns

Bringing together data and technology to drive better business outcomes

Free Download

In unpredictable times, a data strategy is key

Data processes are crucial to guide decisions and drive business growth

Free Download

Achieving resiliency with Everything-as-a-Service (XAAS)

Transforming the enterprise IT landscape

Free Download

What is contextual analytics?

Creating more customer value in HR software applications

Free Download

Most Popular

16 ways to speed up your laptop

16 ways to speed up your laptop

13 May 2022
(ISC)2 launches free scheme to get 100,000 UK citizens into cyber security
Careers & training

(ISC)2 launches free scheme to get 100,000 UK citizens into cyber security

17 May 2022
Preparing for the 3G sunset
Network & Internet

Preparing for the 3G sunset

18 May 2022