Mirai botnet creators plead guilty to charges over 2016 attack

From Engadget - December 13, 2017

In October, 2016, Jha, White and Norman used their botnet to target the domain name server Dyn and the DDoS attack subsequently shut down a number of major websites including Twitter, Reddit and the New York Times. The same botnet was also used to target security researcher Brian Krebs' site KrebsOnSecurity a month earlier, reportedly a retaliation move against Krebs for releasing information that led to the arrest of two hackers behind the 'vDos' attack service. After the attack on his site, Krebs decided to figure out who was behind the botnet and ultimately pinpointed Rutgers University student Paras Jha.

In the plea agreement, the three admit to creating the botnet to, "(1) initiate powerful distributed denial of service attacks against business competitors and others against whom Jha and his co-conspirators held grudges; and (2) provide a source of revenue to Jha and his co-conspirators, who could (a) rent the botnet to third-parties in exchange for payment, and (b) use the botnet to extort hosting companies and others into paying protection money in order to avoid being targeted by denial of service attacks."

According to the plea agreement, the Mirai botnet included over 300,000 devices and Jha admitted to publicly releasing the botnet's code in order to establish plausible deniability if it was ever found on his or his co-conspirators' computers. Along with Jha, Norman also pleaded guilty to using the botnet in a click fraud scheme.


Continue reading at Engadget »