A group of three hackers have pleaded guilty to their role in developing, spreading and using Mirai malware botnet to conduct large-scale Distributed Denial of Service (DDoS) attacks on some of the Internet’s most popular websites and Dyn DNS, a prominent Domain Name Servers (DNS) service provider.
Pleading guilty
In a proceeding that took place in US District Court for Alaska on November 28th, Paras Jha pleaded guilty to six charges including developing and operating Mirai botnet while Dalton Norman and Josiah White, his partners in crime also pleaded guilty to their role in the campaign in which Mirai was used for criminal activities.
In January this year, Jha’s father Anand Jha denied his son’s role in Mirai’s scheme and said “I know what he is capable of. Nothing of the sort of what has been described here has happened.” However, according to the court documents released on Tuesday, Jha admitted his crime.
Furthermore, court documents revealed that Jha erased the device he used to run Mirai on. Paras Jha “securely erased the virtual machine used to run Mirai on his device. Jha posted the Mirai code online in order to create plausible deniability if law enforcement found the code on computers controlled by Jha or his co-conspirators,” said one of the court documents.
Damage caused by Mirai
On October 21st, 2016, Mirai malware caused havoc by hijacking millions of IoT devices including security cameras and hit some of the most popular websites on the Internet including the servers of Dyn. The sites that were forced to go offline included Reddit, Amazon, New York Time, Twitter and hundreds of others.
As a result, Internet services in the United States, India, Japan and some parts of Europe suffered major interruption. Like other botnets, Mirai also compromised Internet of Things (IoT) devices including security cameras and DVRs to carry attacks against DYN, Brian Krebs’ blog and OVH hostings servers in France.
Hackers also conducted click fraud through Mirai and made nearly 100 bitcoin that is more than $1.6 million today due to a massive increase in Bitcoin’s value. But the trio did not stop there, soon after targeting DYN, the source code for Mirai was leaked online that was later used by several other hackers to carry DDoS attacks.
The person who claimed to leak the source code stated his name as Anna-senpai however, on October 4th, 2016, security journalist Brian Krebs claimed Senpai is actually Jha, but Jha denied the allegation and his role in the development of Mirai botnet.
According to Department of Justice’s press release, Paras Jha has also admitted his responsibility for multiple hacks of the Rutgers University computer system.
“Paras Jha has admitted his responsibility for multiple hacks of the Rutgers University computer system,” said Acting U.S. Attorney Fitzpatrick. “These computer attacks shut down the server used for all communications among faculty, staff, and students, including assignment of coursework to students, and students’ submission of their work to professors to be graded. The defendant’s actions effectively paralyzed the system for days at a time and maliciously disrupted the educational process for tens of thousands of Rutgers’ students. Today, the defendant has admitted his role in this criminal offense and will face the legal consequences for it.”
Plea agreements
According to document (PDF) sharted by Brian Krebs, under Jha’s click fraud guilty plea agreement, he would hand over 13 bitcoin to the United States government. White, on the other hand, has agreed to pay 33 bitcoin. The current price of 33 Bitcoin is more than $547,469 while 13 Bitcoin is $215,669.