Last Friday in Alaska and this morning in New Jersey, three defendants pleaded guilty to creating the Mirai botnet, a sophisticated malware program behind many of the largest cyberattacks over the last couple of years. Mirai works by taking over Internet of Things devices with predictably poor security measures. IoT devices are are usually smart devices that aren’t your traditional computer or phone — cameras, routers, light bulbs, refrigerators, coffee pots, and so on.
In federal court in New Jersey today, Paras Jha pleaded guilty to violating the Computer Fraud and Abuse Act by orchestrating a number of DDoS attacks against the Rutgers University network, overloading it with traffic at points when it could cause the most disruption, usually around midterms and finals. Jha, as well as Josiah White and Dalton Norman, pleaded guilty to violating the CFAA in the District of Alaska by operating the Mirai botnet. They authored the software, and then posted the code online to cover their tracks. Jha and White are 20 years old, Norman is 21.
At its peak, the Mirai botnet had compromised more than 600,000 devices, creating a DDoS tool magnitudes greater than anything the internet had seen before, capable of crippling huge parts of it. Last October, a Mirai-based take on Dyn’s DNS service caused disruptions all up and down the East Coast. At the time, Mirai was reportedly directing upward of a terabyte of traffic at Dyn every second, an unprecedented statistic. (The three men who pleaded guilty this month are not believed to be behind that attack.)
Eventually, investigators were able to track down the trio thanks to a few digital clues. The origins of Mirai, according to a new report from Wired, however, are fairly innocuous. Mirai was built as a tool to disrupt competing Minecraft servers, thus allowing the botnet owners to control the lucrative market. Tracking the program’s architects was a concerted global effort. According to the Justice Department, it involved collaborators from “the FBI Newark Cyber Task Force, Rutgers University Police Department, N.J. State Police, the Federal Protective Service, FBI’s New Orleans and Pittsburgh Field Offices, the U.S. Attorney’s Office for the Eastern District of Louisiana, the United Kingdom’s National Crime Agency, the French General Directorate for Internal Security, the National Cyber-Forensics & Training Alliance, Palo Alto Networks Unit 42, Google, Cloudflare, Coinbase, Flashpoint, Yahoo and Akamai.”
Jha is scheduled to be sentenced in March of next year.