Prosecutors accused the hackers of writing and using the Mirai botnet to hijack vulnerable internet-connected devices to launch powerful distributed denial-of-service (DDoS) attacks.
According to Jha's plea agreement, the botnet ensnared more than 300,000 vulnerable devices.
The filing says that Jha "conspired to conduct DDoS attacks against websites and web hosting companies located in the United States and abroad," and "demanded payment in exchange for halting the attack."
DDoS attacks are a common way to disrupt online services, and often require little or no technical knowledge. The operator uses ensnared, vulnerable devices to flood a domain or server with bandwidth, which in turn can prevent legitimate access from accessing sites and services.
Jha admitted to releasing the code publicly to create "plausible deniability" if code was found on his computers. The publishing of that code effectively made the botnet open source, so that anyone can use the botnet to launch attacks.
White pleaded guilty to creating the Mirai botnet's scanner, used to seek out and hijack vulnerable internet-connected devices. Norman admitted to developing exploits to build into the botnet.