IoT

Mirai botnet perpetrators plead guilty

Shutterstock image (by fotogestoeber): virus infection spreading out in a network.

Three individuals pleaded guilty Dec. 8 for their role in the 2016 Mirai botnet attack that choked off access to large portions of the internet.

Paras Jha, 21, Josiah White, 20, and Dalton Norman, 21, all pleaded guilty to violating of the Computer Fraud and Abuse Act in the District Court of Alaska. The plea agreement for Jha indicates that federal prosecutors agreed not to bring additional charges in exchange for the defendants pleading guilty.

According to those same documents, the three individuals began working together in August 2016, scanning the internet for unprotected internet of things devices. Using both known and previously unknown vulnerabilities, the trio took over more than 300,000 IoT devices in order to conduct distributed denial of service attacks against entities for the purposes of revenge and extortion of ransom payments.

The three also admitted to renting out their botnet to other unnamed criminal groups for their own similar attacks. A release from the Department of Justice announcing the decision mentions that two of the individuals, Jha and Norman, pleaded guilty on Dec. 8 to separate charges related to botnet DDOS attacks between December 2016 and February 2017. Jha also pleaded guilty to a series of cyber attacks directed at Rutgers University between 2014 and 2016. Jha faces up to five years in prison and a $250,000 fine.

"The Mirai and Clickfraud botnet schemes are powerful reminders that as we continue on a path of a more interconnected world, we must guard against the threats posed by cybercriminals that can quickly weaponize technological developments," said John P. Cronan, acting assistant attorney general for the Department of Justice’s criminal division, in a statement announcing the plea deals.

The Mirai botnet attack sent shockwaves through the cybersecurity community, demonstrating just how vulnerable the companies that provide the internet’s backbone are to straightforward DDOS attacks. It also heightened existing concerns around the security of IoT devices, which number in the billions and are subject to little to no regulation.

In October 2017, two Democratic congressman introduced legislation that would establish a voluntary framework for companies to identify and label IoT device security. And in August 2017, Sens. Mark Warner (D-Va.) and Cory Gardner (R-Colo.) introduced a bill that would ban unpatchable products and limit the type of devices that government agencies could purchase. 

About the Author

Derek B. Johnson is a senior staff writer at FCW, covering governmentwide IT policy, cybersecurity and a range of other federal technology issues.

Prior to joining FCW, Johnson was a freelance technology journalist. His work has appeared in The Washington Post, GoodCall News, Foreign Policy Journal, Washington Technology, Elevation DC, Connection Newspapers and The Maryland Gazette.

Johnson has a Bachelor's degree in journalism from Hofstra University and a Master's degree in public policy from George Mason University. He can be contacted at djohnson@fcw.com, or follow him on Twitter @derekdoestech.

Click here for previous articles by Johnson.


Featured

  • Congress
    Rep. Jim Langevin (D-R.I.) at the Hack the Capitol conference Sept. 20, 2018

    Jim Langevin's view from the Hill

    As chairman of of the Intelligence and Emerging Threats and Capabilities subcommittee of the House Armed Services Committe and a member of the House Homeland Security Committee, Rhode Island Democrat Jim Langevin is one of the most influential voices on cybersecurity in Congress.

  • Comment
    Pilot Class. The author and Barbie Flowers are first row third and second from right, respectively.

    How VA is disrupting tech delivery

    A former Digital Service specialist at the Department of Veterans Affairs explains efforts to transition government from a legacy "project" approach to a more user-centered "product" method.

  • Cloud
    cloud migration

    DHS cloud push comes with complications

    A pressing data center closure schedule and an ensuing scramble to move applications means that some Homeland Security components might need more than one hop to get to the cloud.

Stay Connected

FCW INSIDER

Sign up for our newsletter.

I agree to this site's Privacy Policy.