Three responsible for Mirai botnet attacks plead guilty

The young men behind the highly disruptive Mirai botnet were at one point sitting on a stockpile of 100 Bitcoin — worth $1.6 million — they made by renting out their botnet for online ad fraud.  

Three US men on Tuesday pleaded guilty to creating and using the Mirai, a botnet of hundreds of thousands of IoT devices that made dozens of huge websites inaccessible in 2016. 

The three, all in their early twenties, agreed to plea deals with the US Justice Department this week that require them to abandon now high-priced Bitcoin and other cryptocurrencies to avoid further prosecution. 

Paras Jha, a 21 year-old previously identified as Mirai’s authors by cybercrime investigator Brian Krebs, pleaded guilty to charges related to writing Mirai code. The botnet was used against Krebs’ site and to attack internet firm Dyn in July 2016, which blocked access within the US to several major websites, including Amazon, the New York Times, and Spotify.

Jha also agreed to a guilty plea for posting the source code for Mirai on a hacker forum, which allowed others to use it for subsequent attacks. He was arrested in January and identified as a Rutgers University computer science student. 

Josiah White and Dalton Norman, also in their early twenties, pleaded guilty to their involvement in the Mirai botnet’s use and commercialization. 

In documents unsealed today, the Justice Department revealed that Jha agreed to give up 13 Bitcoin as part of a plea deal regarding online click fraud, while White gave up 33 Bitcoin for his role. Back then each Bitcoin was worth around $800 compared to the nearly $18,000 it's worth today.

Mirai is best known for the havoc wreaked on online businesses using unsecured IoT devices, but the trio also faced charges for using the botnet for online ad click-fraud. 

By January 2017 the three had begun leasing the botnet to third-party criminals, which appears to have been paid mostly in Bitcoin. 

Charges against Norman unsealed today revealed that renting out the botnet for click-fraud netted the three 100 Bitcoin by January 2017. Norman earned a third of this and in January exchanged it for a lesser-known cryptocurrency called Golem. He gave up all his cryptocurrency under his plea deal. 

Had Jha and his co-conspirators not been caught in January, their stash of Bitcoin worth around $80,000 at the time could have been exchanged for $1.6 million today.

Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.
Follow our new CSO Australia LinkedIn
Follow our new social and we'll keep you in the loop for exclusive events and all things security!
Have an opinion on security? Want to have your articles published on CSO? Please contact CSO Content Manager for our guidelines.

Tags cyber securityclick fraudDDoS attacksBitcoinMirai

More about AmazonNormanSpotify

Show Comments

Featured Whitepapers

Editor's Recommendations

Brand Page

Stories by Liam Tung

Latest Videos

More videos

Blog Posts