If you were using sites like Netflix, Spotify, Twitter, Reddit, and Amazon in October 2016, you may recall these and other services going down for a while in the middle of the month.
The cause was one of those pesky distributed denial of service (DDoS) attacks, and this week a U.S.-based man admitted to creating the hugely disruptive botnet that made it happen.
Paras Jha, 21, of Fanwood, New Jersey, this week pleaded guilty in a New Jersey court to violating the Computer Fraud & Abuse Act when he created the Mirai malware. Mirai infected more than 300,000 connected devices globally and was used in multiple DDoS attacks on various online services carried out by Jha and others.
As we mentioned at the start, the most significant attack using Mirai struck popular online services in October 2016. The botnet targeted data centers operated by Dyn, a company providing internet traffic management and optimization services for many high-profile sites. When the DDoS attack was in full swing, internet users were unable to access web addresses assigned to sites serviced by Dyn, causing huge disruption and frustration in the process.
Jha isn’t accused of any direct involvement in the Dyn attack, which could have been carried out by others after he posted the Mirai code on online forums in September or October 2016, apparently in a bid to make it harder for law enforcement to trace the botnet’s origin back to him.
But Jha did carry out his own DDoS attacks using Mirai, including on Rutger University, where he had been a computer science student.
The website of well-known cybersecurity expert Brian Krebs was also knocked offline for several days by Mirai, prompting Krebs to undertake a meticulous investigation that led him to identify Jha as the possible perpetrator behind the damaging botnet.
More guilty pleas
Two other men, Josiah White and Dalton Norman, also entered guilty pleas for using the botnet for criminal gain.
White told the authorities he modified Mirai’s code so it could more effectively identify vulnerable connected devices, among them webcams and baby monitors, before infecting them to increase the power of the botnet. Norman also used his knowledge to help further increase Mirai’s reach and effectiveness.
Jha’s plea agreement reveals that he created Mirai’s code some time around July 2016. He also rented Mirai to others, and even set up a company with White to help rescue businesses affected by the botnet, “like firemen getting paid to put out the fires they started,” as Krebs put it.
Jha could face a maximum of 10 years in prison and a fine of $250,000 when he’s sentenced in March 2018.
Commenting on the case in a release, the FBI’s Timothy Gallagher described Jha’s guilty plea as “a testament to the countless hours of hard work and dedication by law enforcement in the fight against cyber criminals.”