Three men who operated and controlled the notorious Mirai botnet have been sentenced to five years of probation.

The Mirai botnet notoriously launched a massive distributed denial-of-service (DDoS) attack on DNS service company Dyn in October 2016, and made it impossible for many users to reach popular sites such as Amazon, Reddit, Netflix, Twitter, Soundcloud, Spotify, Etsy and Github.

Paras Jha, Josiah White, and Dalton Norman hijacked hundreds of thousands of vulnerable IoT devices, without the knowledge or permission of their owners, with the intention of:

• launching powerful DDoS attacks.
• renting the botnet to criminal third-parties.
• using the botnet to extort protection money from companies not wishing to be targeted by a DDoS attack.

As I described at the time of Jha’s guilty plea late last year, he and White ventured into cybercrime via a perhaps unexpected route – Minecraft.

Jha and White co-founded a company called ProTraf Solutions, which provided anti-DDoS services to Minecraft servers. Nothing wrong with that of course. But in order to create new customers the pair started themselves targeting websites with DDoS attacks, and then either try to extort money to call off the attacks or offer services which they claimed could defend the sites.

The men subsequently released the source code of Mirai on hacking forums – allowing others to create their own versions of the botnet from their blueprints, with variants including versions that engaged in cryptomining or exploited zero-day vulnerabilities to commandeer hundreds of thousands of internet-connected surveillance cameras.

In all likelihood, the reason for the release of Mirai’s source code was not to give a deliberate helping-hand to fellow online criminals, but rather done in fear that if the code was found only on their own computers it might be an indication of their guilt.

However, the three young men have (Read more...)