Cybersecurity

Botnet bandits drop dimes on cybercrimes

botnet (BeeBright/Shutterstock.com) 

The story of three American teenagers who banded together to create the devastating Mirai botnet serves as a cautionary tale of young, technically minded youths led astray.

Now, in a twist, a court has sentenced the three men to just five years of probation, with prosecutors citing their "extraordinary assistance and cooperation" with the FBI on other cybercrime investigations over the past year.

Paras Jha, Josiah White and Dalton Norman are apparently so good at tracking and identifying criminal botnet activity that the government would rather they continue their work, with the Department of Justice requesting that the court bump their community service requirements from 200 hours to 2,500 hours and to define community service to include continuing their work with the FBI on cybercrime and cybersecurity cases.

"The plea agreement with the young offenders in this case was a unique opportunity for law enforcement officers, and will give FBI investigators the knowledge and tools they need to stay ahead of cyber criminals around the world," said U.S. Attorney Bryan Schroder in a statement announcing the sentence.

In court documents, U.S. lawyers revealed that the trio has spent the past year working closely with the FBI's Anchorage, Alaska, office, applying the same skillset they once used as cyber criminals to find "novel ways" to crack down on botnet crime.

The three men worked "exhaustively" to identify botnet operators and proxy networks used to launch distributed denial-of-service attacks since being arrested and pleading guilty in 2017 to multiple violations of the Computer Fraud and Abuse Act, said Adam Alexander, assistant U.S. attorney for Alaska, where the case was investigated. 

"By working with the FBI, the defendants assisted in thwarting potentially devastating cyberattacks and developed concrete strategies for mitigating new attack methods," Alexander wrote in court documents.

Alexander also credited them with helping to mitigate a new attack vector using memcached servers capable of exponentially amplifying DDoS attacks. The vulnerability, which security researchers at the time characterized as "rare," led to a series of massive DDoS attacks in Europe and the U.S. earlier this year

The three worked with the FBI and security vendors to identify vulnerable servers and communicated with affected companies to quickly and drastically curb the volume and effectiveness of the attack to "mere fractions" in a matter of weeks. The defendants also helped reverse engineer botnet computer code, developed tools to help law enforcement examine cryptocurrencies, participated in briefings with companies and security researchers and reconfigured data seized from another notorious botnet, Kelihos, so that law enforcement could identify and notify victims.

Jha, White and Norman pleaded guilty in December 2017 to hijacking hundreds of thousands of internet-connected devices in order to execute DDoS attacks against businesses and competitors in service of extortion and click-fraud schemes. Their botnet, nicknamed Mirai, was substantially more powerful and sophisticated than others, and investigators characterize its activities against U.S. and European hosting companies in September 2016 as "the largest such [DDoS] attack ever recorded."

While attempting to throw investigators off of his trail, Jha posted the source code for Mirai to the internet in September 2016, a step that prosecutors called "the most damaging and significant acts," noting that the code has since "become the progenitor to countless descendant variations" of botnets worldwide.

In a Sept. 18 post, cybersecurity company Kaspersky Lab said that Mirai code still serves as "cybercriminals preferred option" for downloading malware onto internet-connected devices.

About the Author

Derek B. Johnson is a senior staff writer at FCW, covering governmentwide IT policy, cybersecurity and a range of other federal technology issues.

Prior to joining FCW, Johnson was a freelance technology journalist. His work has appeared in The Washington Post, GoodCall News, Foreign Policy Journal, Washington Technology, Elevation DC, Connection Newspapers and The Maryland Gazette.

Johnson has a Bachelor's degree in journalism from Hofstra University and a Master's degree in public policy from George Mason University. He can be contacted at djohnson@fcw.com, or follow him on Twitter @derekdoestech.

Click here for previous articles by Johnson.


Featured

  • Contracting
    8 prototypes of the border walls as tweeted by CBP San Diego

    DHS contractors face protests – on the streets

    Tech companies are facing protests internally from workers and externally from activists about doing for government amid controversial policies like "zero tolerance" for illegal immigration.

  • Workforce
    By Mark Van Scyoc Royalty-free stock photo ID: 285175268

    At OPM, Weichert pushes direct hire, pay agent changes

    Margaret Weichert, now acting director of the Office of Personnel Management, is clearing agencies to make direct hires in IT, cyber and other tech fields and is changing pay for specialized occupations.

  • Cloud
    Shutterstock ID ID: 222190471 By wk1003mike

    IBM protests JEDI cloud deal

    As the deadline to submit bids on the Pentagon's $10 billion, 10-year warfighter cloud deal draws near, IBM announced a legal protest.

Stay Connected

FCW Update

Sign up for our newsletter.

I agree to this site's Privacy Policy.