Mirai botnet authors plead guilty to 2016 IoT cyberattacks

Three of the people responsible for the widely reported IoT botnet attacks in 2016 have pleaded guilty for their involvement in them.

Paras Jha, Josiah White and Dalton Norman admitted to carrying out distributed denial-of-service (DDoS) attacks with hundreds of thousands of IoT devices using the Mirai botnet at different points in time throughout 2016, according to US Department of Justice (DOJ) documents unsealed on Dec. 12.

Mirai is, by any definition, a very powerful piece of malware. Japanese for “the future,” Mirai was designed to turn networked devices into “bots” that can be used as part of a large-scale network attack, also known as a botnet.

The plea agreement with Jha says the defendant “wrote and implemented computer code with his co-conspirators that enabled them to control and direct devices infected with the Mirai malware.”

The trio first used the botnet to take down security expert Brian Krebs’s blog. Shortly after, they hit internet service provider OVH. A subsequent DDoS attack against DynDNS caused massive outages across the internet. Later in 2016, a new Mirai attack targeted an unnamed company in the United States.

Court documents now reveal some of the malware’s underpinnings. For example, Mirai could grab hold of entire classes of IP addresses and compromise a whole network.

“This feature, in conjunction with the very large size of the Mirai botnet, rendered useless many methods that are used to mitigate DDOS attacks, meaning that the attacks were capable of causing more network disruption than would be experienced in attacks by other DDOS services,” the documents state.

The perpetrators used both known and unknown vulnerabilities in the IoT devices that they targeted, forcing them to partake in the Mirai botnet. The fact that they used unknown (zero day) vulnerabilities allowed Jha and his partners in crime to outcompete hackers seeking to carry out similar attacks with the same IoT products.

Hoping to create plausible deniability if law enforcement found the code on his computer, Jha posted the Mirai code online. At the time, though, authorities had already gathered enough evidence to detain Jha and his co-conspirators.

Jha reportedly deployed the global attacks from a virtual machine he ran on his home computer in New Jersey.

Add Comment

Your email address will not be published. Required fields are marked *