Three Men Plead Guilty To The Massive Mirai IoT Botnet 2016 Attack That Led To Widespread Internet Outages

Three individuals have pleaded guilty to orchestrating and deploying the massive Mirai IoT attack in 2016, the Department of Justice announced on Wednesday.

The three U.S.-based individuals, Paras Jha, Josiah White and Dalton Norman, pleaded guilty to roles in the botnet attack, which was orchestrated as a distributed denial of service attack through 300,000 vulnerable Internet of Things devices like webcams, routers and video recorders.

"In the summer and fall of 2016, White, Jha, and Norman created a powerful botnet – a collection of computers infected with malicious software and controlled as a group without the knowledge or permission of the computers' owners," according to the Justice Department.

[Related: Massive DDoS Attack On U.S. College Throws IoT Security Into The Spotlight – Again]

id
unit-1659132512259
type
Sponsored post

The attack, which occurred in October 2016, overwhelmed servers at Dynamic Network Services (Dyn) and led to the blockage of more than 1,200 websites, including Netflix and Twitter.

The three individuals were each charged with conspiracy to violate the Computer Fraud and Abuse Act in operating the Mirai Botnet.

Meanwhile, the Justice Department also alleged that between December 2016 to February 2017, Jha and Norman successfully infected over 100,000 U.S.-based computing devices, such as home internet routers, with malicious software.

These devices were used primarily in advertising fraud, including "click fraud," which is an Internet-based scheme that makes it appear that a real user has clicked on an advertisement to generate revenue artificially.

According to well-known independent computer security journalist Brian Krebs, Jha and White were also co-founders of DDoS mitigation company Protraf Solutions. The two would target companies with DDoS attacks and try to sell those companies services to mitigate the attacks, according to Krebs.

The Justice Department said that the three men's involvement with the original Mirai variant ended in the fall of 2016 when Jha posted the source code for Mirai on a criminal forum. Since then, other criminal actors have used Mirai variants in a variety of other attacks.

IoT security is a big concern for customers moving into 2018 – according to information service provider Neustar, the frequency of DDoS attacks increased in 2016 due in part to IoT botnets. The Sterling, Va.-based company said it mitigated 40 percent more DDoS attacks from January through November compared with the same span last year.

The channel, for its part, plays a critical role in educating customers of the security risks inherent in deploying Internet of Things devices, especially as DDoS attacks continually evolve.

"IoT continues to be a conversation with customers who want to hear about how they can implement security solutions," said Jeff Murray, president of Control Point, a Scarborough, Maine-based operational technology solution provider. "I expect the concerns and questions around IoT security will continue and even increase in 2018, especially around operational technology."