Mirai Creators Cooperate with Feds to Avoid Prison

The three 20-something-year-old creators of the Mirai botnet have cooperated with the federal investigators on their case to avoid jail time.

The three men–Paras Jha, 22, of Fanwood, New Jersey; Josiah White, 21, of Washington, Pennsylvania; and Dalton Norman, 22, of Metairie, Louisiana–were sentenced by a federal judge in Alaska to serve a five-year period of probation, perform 2,500 hours of community service, and pay restitution in the amount of $127,000. They also have voluntarily abandoned significant amounts of cryptocurrency seized during the course of the investigation.

Jha White, and Norman also have another caveat to their sentences–they have to continue to provide relevant info on cybercrime and cybersecurity investigations to the FBI and to the greater security research community at large, something they’ve already been doing to keep themselves out of jail for their crimes, according to a press release on their sentencing.

“The plea agreement with the young offenders in this case was a unique opportunity for law enforcement officers, and will give FBI investigators the knowledge and tools they need to stay ahead of cyber criminals around the world,” said U.S. Attorney Bryan Schroder, who prosecuted the case, which was investigated by the FBI’s Anchorage Field Office.

Mira botnet infections globally. (Image courtesy of Imperva.)

Government agencies in the United States, United Kingdom, Northern Ireland, and France–as well as a number of private firms, including Palo Alto Networks, Google, Cloudflare and Akamai–joined forces to investigate, identify and convict the three since the Mirai botnet first appeared in the fall of 2016.

Jha, White and Norman pleaded guilty on Dec. 8, 2017, for their roles in creating Mirai, which to date has been the biggest malware attack on the IoT. The malware infected and then rapidly spread to hundreds of thousands of cameras, routers and other IoT devices.

To make an already bad situation worse, Jha posted the source code for Mirai on Hackforums, a known cybercriminal forum in October 2016, spawning numerous variants of Mirai from other criminal actors that are still engaged in widespread attacks on devices today. Indeed, research by Kaspersky Lab released earlier this week found that hackers continue to barrage vulnerable IoT devices with Mirai variants. Meanwhile, the IoT  continues to pose a massive global security risk.

Mirai isn’t the only malware the feds identified as originating with Jha, White and Norman. The three also were implicated in a “click fraud” attack that took place between December 2016 to February 2017. According to the federal government, the three infected 100,000 computing devices with malware that created the botnet that mounted the attack. Their plea deal also takes into account this cybercrime activity.

The announcement is just the latest concerning a botnet author. On Wednesday, the Justice Department announced that Peter Yuryevich Levashov, 38, of St. Petersburg, Russia, pleaded guilty to offenses stemming from his operation of the Kelihos botnet. Levashov was linked to a number of botnets that stole user credentials. He was arrested in Spain in 2017, before being extradited to the U.S.

Comments are closed.