Indian American Paras Jha, along with Josiah White and Dalton Norman will serve five years of probation, do 2,500 hours of community service and pay restitution, instead of going to prison after they pleaded guilty to violating the Computer Fraud and Abuse Act, on December 8, 2017.
According to a TechTarget report, the three Mirai botnet creators have helped the FBI in “exceptional” ways and will be cooperating with them on cybercrime and cybersecurity matters and assistance to law enforcement as well as the broader research community.
“According to court documents, the defendants have provided assistance that substantially contributed to active complex cybercrime investigations as well as the broader defensive effort by law enforcement and the cybersecurity research community,” U.S. attorney for the District of Alaska, Bryan Schroder wrote in an announcement.
“The plea agreement with the young offenders in this case was a unique opportunity for law enforcement officers, and will give FBI investigators the knowledge and tools they need to stay ahead of cyber criminals around the world. This case demonstrates our commitment to hold criminals accountable while encouraging offenders to choose a different path to apply their skills,” he added.
Jha, White and Norman assisted the FBI in a multitude of ways, including limiting the threat landscape for attacks around the 2017 holiday season and identified servers vulnerable to the distributed denial-of-service denial of service amplification attack known as Memcache earlier this year, according to TechTarget.
Jha, White and Norman had created the Mirai botnet in 2016, targeting Internet of Things devices while launching denial of service attacks.
The botnet was compromised of hundreds of thousands of devices and has been used by many other hackers to develop variants of the original, which then led to even more attacks.
In January 2017, cybersecurity journalist Brian Krebs had identified Jha and White as likely suspects behind the Mirai botnet before they were officially identified later.
According to a Philly.com report, the Mirai malware was initially designed to create an advantage for players of the online game Minecraft.
Once the Mirai hijacked and enslaved poorly secured Internet of Things devices to create a botnet that included computer routers, security cameras, and baby monitors, it could work in favor of them in their Minecraft adventures.
However, the trio soon discovered that the botnet also could be used to launch widespread distributed denial of service attacks for criminal purposes, which would stifle internet service providers and websites.
Jha had unleashed the first major attacks in 2015 on the computer network at Rutgers University, causing major disruptions on campus.
He then conspired with White to hire out the Mirai botnet to other criminal actors for $2,000 and $3,000 per attack and monetized the botnet by sending out extortion notices to internet service providers, according to Philly.com.
The trio continued to hack devices in several ways, eventually stopping in the fall of 2016, when Jha discovered the FBI was closing in on them.