In October, 2016, Jha, White and Norman used their botnet to target the domain name server Dyn and the DDoS attack subsequently shut down a number of major websites including Twitter, Reddit and the New York Times. The same botnet was also used to target security researcher Brian Krebs' site KrebsOnSecurity a month earlier, reportedly a retaliation move against Krebs for releasing information that led to the arrest of two hackers behind the 'vDos' attack service. After the attack on his site, Krebs decided to figure out who was behind the botnet and ultimately pinpointed Rutgers University student Paras Jha.
In the plea agreement, the three admit to creating the botnet to, "(1) initiate powerful distributed denial of service attacks against business competitors and others against whom Jha and his co-conspirators held grudges; and (2) provide a source of revenue to Jha and his co-conspirators, who could (a) rent the botnet to third-parties in exchange for payment, and (b) use the botnet to extort hosting companies and others into paying protection money in order to avoid being targeted by denial of service attacks."
According to the plea agreement, the Mirai botnet included over 300,000 devices and Jha admitted to publicly releasing the botnet's code in order to establish plausible deniability if it was ever found on his or his co-conspirators' computers. Along with Jha, Norman also pleaded guilty to using the botnet in a click fraud scheme.
The click fraud charges come with a sentence of up to five years in prison and a fine equal to $250,000 or twice the gain or loss of the offense. For the conspiracy charges related to the authorship and use of the botnet, the three face an additional fine and five year prison term maximum. In addition to the the charges filed in Alaska, Jha also pleaded guilty today to charges filed in New Jersey that addressed attacks Jha enacted against Rutgers University networks between 2014 and 2016.
"The Mirai and Clickfraud botnet schemes are powerful reminders that as we continue on a path of a more interconnected world, we must guard against the threats posed by cybercriminals that can quickly weaponize technological developments to cause vast and varied types of harm," Acting Assistant Attorney General Cronan of the Department of Justice said in a statement. "The Criminal Division will remain constantly vigilant in combating these sophisticated schemes, prosecuting cybercriminals, and protecting the American people."