Prosecutors say the three created Mirai ‘botnet’ used in attack and built massive network of infected devices, but were not responsible for attack itself
Three men pleaded guilty to creating a “botnet” known as Mirai that was used to paralyze chunks of the internet in 2016.
Paras Jha, Josiah White and Dalton Norman admitted to one count of conspiracy in plea agreements filed this month. Federal prosecutors in Alaska and New Jersey said Wednesday that the men created a collection of hundreds of thousands of computers and internet-connected devices – including routers, webcams and other devices – infected with malware that they controlled.
A broad “denial of service” attack waged using the Mirai botnet knocked services such as Twitter and Netflix offline in October 2016. Prosecutors said they did not believe the three men were responsible for that attack, as Jha had already posted the code for Mirai to online criminal forums.
Jha, 21, of Fanwood, New Jersey, and Norman, 21, of Metairie, Louisiana, also pleaded guilty to a separate conspiracy charge for using another powerful botnet for a “clickfraud” scheme, used to artificially generate advertising revenue by making it appear that a real user clicked on an online ad.
Jha, a former Rutgers University computer science student, also pleaded guilty Wednesday in a New Jersey federal court to a computer fraud charge for allegedly executing a series of attacks from 2014 through 2016 that paralyzed the university’s networks, often during high-stress times such as mid-term or final exams.
Jha’s attorney, Robert Stahl, said Jha “is a brilliant young man whose intellect far exceeded his emotional maturity” and that he was “extremely remorseful and accepts responsibility for his actions.” He said the guilty pleas “are the first step in his evolution into adulthood and responsibility”.
A prominent cybersecurity journalist, Brian Krebs, had outed Jha and White back in January as likely suspects involved in creating the Mirai botnet.
White, 20, of Washington, Pennsylvania, and Norman could not immediately be reached for comment Wednesday.
The investigation originated in Anchorage after some internet-connected devices in Alaska were discovered to have been affected by the Mirai malware.
Bill Walton, a special agent who oversees the Anchorage FBI’s cybercrime unit, said the botnet’s name is a reference to a Japanese anime called Mirai Nikki, which loosely translated into English means “future diary”.
“The co-conspirators were all just a fan of that particular anime,” Walton said.