The U.S. federal officials have arrested two hackers who have pleaded guilty to computer-crimes charges for creating and distributing Mirai botnet that crippled some of the world’s biggest and most popular websites by launching the massive DDoS attacks last year.
According to the federal court documents unsealed Tuesday, Paras Jha and Josiah White were indicted by an Alaska court last week on six charges for their role in massive cyber attacks conducted using Mirai botnet.
Mirai is a piece of nasty IoT malware that scans for insecure routers, cameras, DVRs, and other Internet of Things devices which are still using their default passwords and then add them into a botnet network, which is then used to launch DDoS attacks on websites and Internet infrastructure.
“Jha and his co-conspirators successfully infected hundreds of thousands of internet-connected computing devices, including computers in Alaska and other states, with malicious software,” the plea agreement said.
Paras Jha and his business partner Josiah White are the same people who were outed by blogger Brian Krebs earlier this year after his blog was also knocked offline by a massive 620 Gbps of DDoS attack using Mirai botnet.
According to Jha’s LinkedIn profile, he is a 21-year-old passionate programmer from Fanwood, U.S., who knows how to code in multiple programming languages and is positioned as president of a DDoS mitigation firm, ProTraf Solutions.
A week after the massive DDoS attack, the source code of Mirai was released on the widely used hacker chat forum Hackforums by Jha who, under the name Anna-senpai, wrote he had “made their money…so it’s time to GTFO.”
“So today, I have an amazing release for you,” he wrote. “With Mirai, I usually pull max 380k bots from telnet alone. However, after the Kreb [sic] DDoS, ISPs been slowly shutting down and cleaning up their act. Today, max pull is about 300k bots, and dropping.”
Once Mirai source code was out, various cyber criminals started exploiting the IoT malware to launch powerful DDoS attacks against websites and Internet infrastructure, one of which was the popular DNS provider Dyn, which was DDoSed by a botnet of an around 100,000 Mirai malware-infected devices.
The U.S. Department of Justice has not released more details about the case yet. We will update this article with new information. Stay Tuned!
- Three Hackers Plead Guilty to Creating IoT-based Mirai DDoS Botnet
- New Rapidly-Growing IoT Botnet Threatens to Take Down the Internet
- Mirai Variant Adds Dozen New Exploits to Target Enterprise IoT Devices
- Mirai Botnet Creators Helping FBI Fight Cybercrime to Stay Out of Jail
- New Mirai Botnet Variant Found Targeting ZyXEL Devices In Argentina