Mirai botnet authors avoid prison after "substantial assistance" to the FBI

Mirai botnet authors go from black hats to white hats.
Written by Catalin Cimpanu, Contributor

The three men who created and ran the original Mirai botnet back in 2016 have avoided prison sentences after cooperating with the FBI and providing "substantial assistance in other complex cybercrime investigations," the US Department of Justice (DOJ) said on Tuesday.

The three --Paras Jha, 22, of Fanwood, New Jersey; Josiah White, 21, of Washington, Pennsylvania; and Dalton Norman, 22, of Metairie, Louisiana-- previously pleaded guilty in December 2017.

The trio admitted to creating a malware strain --later known as Mirai-- that was configured to infect routers and smart devices running Linux-based operating systems.

Also: Today's leading causes of DDoS attacks


The malware would assemble infected systems into a giant botnet, which the trio used to launch DDoS attacks or rent the botnet to other users for the same purpose. Investigators also said the three used the botnet for clickfraud, by using the routers to "click" on ads on websites that earned them revenue.

Also: Apple News adds dedicated 2018 US midterm elections section CNET

The botnet went undetected from late 2014 to mid-2016, carrying out attacks on a multitude of targets. Things came crashing down after the Mirai botnet had been used to attack the blog of infosec journalist Brian Krebs, French hosting provider OVH, and managed DNS provider Dyn.

At the time, the attacks were some of the largest ISPs and DDoS mitigation providers had seen to date, bringing a lot of media attention to the Mirai malware and its botnet, estimated at around 300,000 bots, at the time.

Even if the trio released the source code of the original Mirai malware online in an attempt to muddle their tracks, authorities were eventually successful in tracking down the three suspects.

The FBI questioned Jha in January 2017 and filed charges a few months later in May 2017.

Also: New Hakai IoT botnet takes aim at D-Link, Huawei, and Realtek routers

But in a sentencing memorandum filed last week before yesterday's DOJ announcement, US authorities say the three had been collaborating with the FBI since their guilty plea last December.

The DOJ says Jha, White, and Norman had helped the FBI in several cybersecurity matters. The court documents don't give out specific names and dates for the incidents during which the three helped authorities, but any cybersecurity expert reading the document can spot investigations around the wave of Memcached-based DDoS attacks, the DDoS attacks that usually happen on Christmas, and the VPNFilter botnet, which the DOJ mentioned as the work of a foreign nation-state advanced persistent threat (APT) --FBI previously attributed the VPNFilter botnet to Russian intelligence.

Also: Trump administration: We'll let AI 'freely develop' in US TechRepublic

For their extensive work with authorities, the DOJ rewarded the three with sentences that don't include any prison time. Jha, White, and Norman were each sentenced to serve a five-year period of probation, 2,500 hours of community service, ordered to pay restitution in the amount of $127,000, and forfeited "significant amounts" of cryptocurrency seized during the investigation.

As part of the lighter sentence, the three must also continue their work with the FBI and the cyber-security industry.

21 other CEOs we'd like to see run for president

Previous and related coverage:

West Virginia to pioneer mobile phone voting in midterm elections (CNET)

The Voatz app is designed for troops serving abroad and uses blockchain tech.

No more interference: Facebook is a building a war room ahead of US midterms

Facebook is planning to establish a physical "war room" designed to bring staff together to find and destroy attempts to meddle with upcoming elections.

Microsoft: We've just messed up Russian plans to attack US 2018 midterm elections

Claiming a win over Russian plans to hack US politicians, Microsoft unveils a new security service to detect attacks expected in the lead-up to the midterms.

These are the House members who voted to extend NSA spying and reject privacy reforms

And nearly all of them are up for re-election later this year.

Related stories:

Editorial standards