The Mirai botnet has been on the minds of cybersecurity professionals ever since it was first uncovered last year. While it has spawned numerous variants, no researcher who has had to contend with the botnet will forget it anytime soon. Mirai has been dissected and analyzed extensively since it first appeared, but the Mirai botnet creators remained elusive. This fact has changed in recent days, though, as the accused creators of the Mirai botnet have pleaded guilty.
In a report by Bleeping Computer’s Catalin Cimpanu, it is detailed how the U.S. Department of Justice had charged three men (Paras Jha, Josiah White, and Dalton Norman) with being the Mirai botnet creators. The report shows how an extensive FBI investigation led the DOJ to the metaphorical doorstep of these cybercriminals. The evidence was apparently overwhelming enough to cause guilty pleas to be submitted in the case of all three defendants.
In exchange for their guilty pleas, Jha, White, and Norman went into extensive detail on the inception and implementation of the Mirai botnet. The three men divided up responsibilities based on their specializations while creating Mirai. According to the released legal documents, Josiah White was in charge of Mirai’s Telnet scanner, which was used to find targets, while Paras Jha coded Mirai’s infrastructure and the malware’s remote control features. Finally, Dalton Norman developed new exploits to assist in finding new attack vectors.
The trio released Mirai initially as a DDoS-for-hire service, advertising it extensively on a plethora of hacking forums. I use the term “initially” as one of the men, Paras Jha, utilized Mirai to “attempt to extort a hosting company.” The group later took advantage of their creation, according to Cimpanu:
Court documents, available here, also say the three used the Mirai botnet to relay regular traffic for click-fraud malware that surreptitiously clicked on ads, creating illicit profits for operators, some of which ended up in Jha, White, and Norman’s pockets.
It is worth noting that, before the FBI does the predictable and claims all the credit for nabbing these guys, the InfoSec community played a major role in the investigation. One notable instance is the independent investigation by researcher Brian Krebs. Krebs had personal reasons for this investigation as he became one of the high-profile victims of Mirai’s wrath. In the final analysis of all the data Brian Krebs compiled, he deduced that Paras Jha and Josiah White were likely culprits.
Thanks to the InfoSec community and various DOJ investigators, this was a much-needed win for the cybersecurity community and all that were affected by Mirai’s DDoS mayhem.
Photo credit: Wikimedia