Three responsible for Mirai botnet attacks plead guilty

  • Liam Tung (CSO Online)
  • 14 December, 2017 09:30

The young men behind the highly disruptive Mirai botnet were at one point sitting on a stockpile of 100 Bitcoin — worth $1.6 million — they made by renting out their botnet for online ad fraud.  

Three US men on Tuesday pleaded guilty to creating and using the Mirai, a botnet of hundreds of thousands of IoT devices that made dozens of huge websites inaccessible in 2016. 

The three, all in their early twenties, agreed to plea deals with the US Justice Department this week that require them to abandon now high-priced Bitcoin and other cryptocurrencies to avoid further prosecution. 

Paras Jha, a 21 year-old previously identified as Mirai’s authors by cybercrime investigator Brian Krebs, pleaded guilty to charges related to writing Mirai code. The botnet was used against Krebs’ site and to attack internet firm Dyn in July 2016, which blocked access within the US to several major websites, including Amazon, the New York Times, and Spotify.

Jha also agreed to a guilty plea for posting the source code for Mirai on a hacker forum, which allowed others to use it for subsequent attacks. He was arrested in January and identified as a Rutgers University computer science student. 

Josiah White and Dalton Norman, also in their early twenties, pleaded guilty to their involvement in the Mirai botnet’s use and commercialization. 

In documents unsealed today, the Justice Department revealed that Jha agreed to give up 13 Bitcoin as part of a plea deal regarding online click fraud, while White gave up 33 Bitcoin for his role. Back then each Bitcoin was worth around $800 compared to the nearly $18,000 it's worth today.

Mirai is best known for the havoc wreaked on online businesses using unsecured IoT devices, but the trio also faced charges for using the botnet for online ad click-fraud. 

By January 2017 the three had begun leasing the botnet to third-party criminals, which appears to have been paid mostly in Bitcoin. 

Charges against Norman unsealed today revealed that renting out the botnet for click-fraud netted the three 100 Bitcoin by January 2017. Norman earned a third of this and in January exchanged it for a lesser-known cryptocurrency called Golem. He gave up all his cryptocurrency under his plea deal. 

Had Jha and his co-conspirators not been caught in January, their stash of Bitcoin worth around $80,000 at the time could have been exchanged for $1.6 million today.