The team of hackers behind an overwhelming DDoS attack that targeted major websites in the US and other parts of the world pleaded guilty in a federal court in Alaska late last month.
Based on the court documents released, the three perpetrators were 21-year-old Paras Jha from New Jersey; 20-year-old Josiah White from Washington; and 21-year-old Dalton Norman from Louisiana.
The young men were indicted in multiple cases for their roles in the massive cyberattack that victimised Amazon, Twitter, Spotify, and Reddit among other widely used websites in late 2016.
The group of cybercriminals used Mirai, a powerful malware that looks for unsecured routers, webcams, or other IoT devices – which can be used to launch attacks on specific Internet infrastructure.
Paras Jha’s plea agreement stated he “conspired to conduct DDoS attacks against websites and web hosting companies located in the United States and abroad” by hijacking more than 300,000 Internet-connected devices – even demanding a ransom to stop the attack.
The trio was also responsible for other attacks that infected upwards of 100,000 devices
Starting around September 2016, Jha posted on numerous dark web forums to advertise his Mirai botnet database. He also confessed to covering his tracks by securely cleaning his Mirai device, as well as publishing the source code online.
This caused other cybercriminals to copy his source code and make their own iterations of the Mirai botnets for their own personal agendas.
Along with Josiah White, Jha was exposed by online security blogger Brian Krebs in early 2017 as the culprits in another DDoS attack using the Mirai botnets. Krebs’ website was knocked offline by the two perpetrators.
White confessed to producing the scanner that identified and controlled unsecured Internet-connected devices for the botnet; while Dalton Norman identified zero-day vulnerabilities to incorporate into their botnet ecosystem.
For a few months in late 2016 to early 2017, the threesome was also successful in taking over at least 100,000 devices to create Clickfraud – another botnet with the intention of scamming online ad networks through artificial revenue generation.
According to the press release from the US Department of Justice, the trio’s “involvement with the original Mirai variant ended in the fall of 2016, when Jha posted the source code for (it) on a criminal forum. Since then, other criminal actors have used Mirai variants in a variety of other attacks.”
Comprehensive multi-device protection for you and your family for up to 6 PCs, Macs, Android, and iOS devices. For more info click here.