The three hackers behind the Mirai botnet have pleaded guilty to charges related to the cyberattack of October 2016 that shut down various websites and online services.
The Mirai botnet took out large parts of the internet, severely affecting the daily lives of people and the ongoing operations of businesses.
The Power Of The Mirai Botnet
The defendants, 21-year-old Paras Jha, 20-year-old Josiah White, and 21-year-old Dalton Norman, all admitted to creating the Mirai botnet and then using it to launch massive distributed denial-of-service, or DDoS, attacks.
A botnet is a collection of internet-connected devices that can be used to carry out commands without their owners knowing about it. The three hackers were able to create their botnet by propagating the Mirai malware that they wrote to infect devices that include computers, routers, and wireless cameras.
Dynamic domain name service provider Dyn was one of the targets of the Mirai botnet DDoS attacks in October last year, preventing a significant number of users from accessing websites and online services. Security researcher Brian Krebs and his Krebs On Security website was also one of Mirai's victims for releasing information that resulted in the arrest of a pair of hackers behind the vDos attack service. Krebs was then able to pinpoint Jha as one of the perpetrators of the Mirai botnet.
Jha also uploaded the Mirai source code, giving even more hackers the ability to create botnets and launch their own DDoS attacks.
Hackers Behind Mirai Botnet Plead Guilty
According to the Department of Justice, Jha, White, and Norman have all pleaded guilty to the creation and operation of the Mirai botnet.
In their plea agreement, the three hackers admitted to launching DDoS attacks against businesses and others whom they held grudges against. They also admitted to using the Mirai botnet as a source of revenue by renting it out to third parties and extorting companies into making payments to avoid being targeted by DDoS attacks.
The plea agreement also revealed that the Mirai botnet included more than 300,000 devices and that Jha released the Mirai source code to the public to establish plausible deniability if the malware was found in the three hackers' computers.
Jha and Norman also pleaded guilty to engaging in clickfraud schemes, tricking users into clicking what appeared to be real advertisements to generate revenue for them.
For the conspiracy charges of creating and operating the Mirai botnet, the three hackers are facing an unspecified fine and up to five years in prison. The clickfraud charges, meanwhile, may add another five years in prison and a fine of $250,000 or equal to twice the gain or loss of the offense for Jha and Norman.