Hacking & Cyberattacks

Case closed: Mirai botnet creators plead guilty

The Mirai botnet has been on the minds of cybersecurity professionals ever since it was first uncovered last year. While it has spawned numerous variants, no researcher who has had to contend with the botnet will forget it anytime soon. Mirai has been dissected and analyzed extensively since it first appeared, but the Mirai botnet creators remained elusive. This fact has changed in recent days, though, as the accused creators of the Mirai botnet have pleaded guilty.

In a report by Bleeping Computer’s Catalin Cimpanu, it is detailed how the U.S. Department of Justice had charged three men (Paras Jha, Josiah White, and Dalton Norman) with being the Mirai botnet creators. The report shows how an extensive FBI investigation led the DOJ to the metaphorical doorstep of these cybercriminals. The evidence was apparently overwhelming enough to cause guilty pleas to be submitted in the case of all three defendants.

In exchange for their guilty pleas, Jha, White, and Norman went into extensive detail on the inception and implementation of the Mirai botnet. The three men divided up responsibilities based on their specializations while creating Mirai. According to the released legal documents, Josiah White was in charge of Mirai’s Telnet scanner, which was used to find targets, while Paras Jha coded Mirai’s infrastructure and the malware’s remote control features. Finally, Dalton Norman developed new exploits to assist in finding new attack vectors.

The trio released Mirai initially as a DDoS-for-hire service, advertising it extensively on a plethora of hacking forums. I use the term “initially” as one of the men, Paras Jha, utilized Mirai to “attempt to extort a hosting company.” The group later took advantage of their creation, according to Cimpanu:

Court documents, available here, also say the three used the Mirai botnet to relay regular traffic for click-fraud malware that surreptitiously clicked on ads, creating illicit profits for operators, some of which ended up in Jha, White, and Norman’s pockets.

It is worth noting that, before the FBI does the predictable and claims all the credit for nabbing these guys, the InfoSec community played a major role in the investigation. One notable instance is the independent investigation by researcher Brian Krebs. Krebs had personal reasons for this investigation as he became one of the high-profile victims of Mirai’s wrath. In the final analysis of all the data Brian Krebs compiled, he deduced that Paras Jha and Josiah White were likely culprits.

Thanks to the InfoSec community and various DOJ investigators, this was a much-needed win for the cybersecurity community and all that were affected by Mirai’s DDoS mayhem.

Photo credit: Wikimedia

Derek Kortepeter

Derek Kortepeter is a graduate of UCLA and tech journalist. Kortepeter specializes in areas such as cyber defense, privacy rights, cyber warfare, and governmental InfoSec policy.

Published by
Derek Kortepeter

Recent Posts

T-mobile's recent robocall report shows massive increase in 2021

Wireless service provider T-Mobile released a new report on robocalls. The report confirms the recent…

2 days ago

Overview of PowerShell versions and how to check what version you have?

PowerShell is one of the most popular scripting languages and it is installed by default…

2 days ago

TCP vs. UDP: Understanding the Limitations

TCP and UDP are two different protocols to handle data transfer. Both have their benefits…

3 days ago

Three ways to run .exe files in PowerShell

An executable file can have hundreds of different file extensions, and ".exe" is just one…

3 days ago

How to delete files and folders using PowerShell

Do you want to delete files and folders using PowerShell? We have you covered! Read…

4 days ago

The Major Barriers to SMB Cybersecurity

Small and medium-sized businesses (SMBs) are a less resistant target for cyber attackers. This is…

4 days ago