Three individuals have pleaded guilty to orchestrating and deploying the massive Mirai IoT attack in 2016, the Department of Justice announced on Wednesday.
The three U.S.-based individuals, Paras Jha, Josiah White and Dalton Norman, pleaded guilty to roles in the botnet attack, which was orchestrated as a distributed denial of service attack through 300,000 vulnerable Internet of Things devices like webcams, routers and video recorders.
"In the summer and fall of 2016, White, Jha, and Norman created a powerful botnet – a collection of computers infected with malicious software and controlled as a group without the knowledge or permission of the computers' owners," according to the Justice Department.
[Related: Massive DDoS Attack On U.S. College Throws IoT Security Into The Spotlight – Again]
The attack, which occurred in October 2016, overwhelmed servers at Dynamic Network Services (Dyn) and led to the blockage of more than 1,200 websites, including Netflix and Twitter.
The three individuals were each charged with conspiracy to violate the Computer Fraud and Abuse Act in operating the Mirai Botnet.
Meanwhile, the Justice Department also alleged that between December 2016 to February 2017, Jha and Norman successfully infected over 100,000 U.S.-based computing devices, such as home internet routers, with malicious software.
These devices were used primarily in advertising fraud, including "click fraud," which is an Internet-based scheme that makes it appear that a real user has clicked on an advertisement to generate revenue artificially.
According to well-known independent computer security journalist Brian Krebs, Jha and White were also co-founders of DDoS mitigation company Protraf Solutions. The two would target companies with DDoS attacks and try to sell those companies services to mitigate the attacks, according to Krebs.
The Justice Department said that the three men's involvement with the original Mirai variant ended in the fall of 2016 when Jha posted the source code for Mirai on a criminal forum. Since then, other criminal actors have used Mirai variants in a variety of other attacks.
IoT security is a big concern for customers moving into 2018 – according to information service provider Neustar, the frequency of DDoS attacks increased in 2016 due in part to IoT botnets. The Sterling, Va.-based company said it mitigated 40 percent more DDoS attacks from January through November compared with the same span last year.
The channel, for its part, plays a critical role in educating customers of the security risks inherent in deploying Internet of Things devices, especially as DDoS attacks continually evolve.
"IoT continues to be a conversation with customers who want to hear about how they can implement security solutions," said Jeff Murray, president of Control Point, a Scarborough, Maine-based operational technology solution provider. "I expect the concerns and questions around IoT security will continue and even increase in 2018, especially around operational technology."
related stories
trending stories
Video
sponsored resources

NetApp
NetApp Data Driven Learning Center

Vertiv
Edge Computing 360

Best of Breed Showcase

Annual Report Card Showcase

NexGen Showcase

Cloud PPG Showcase

100 People You Should Know Showcase

APC by Schneider Electric
IoT Platforms 360

Silver Peak
Silver Peak Learning Center

Veeam
Veeam

NPD
Industry Trends 360

Comcast
Comcast Business Learning Center

AT&T Cybersecurity
Cloud Security 360

ConnectWise
ConnectWise

Symantec
Symantec Business Security Learning Center

RSA
RSA

Eaton
Eaton Learning Center

BlackBerry Cylance
BlackBerry Cylance Learning Center

Storagecraft
Disaster Recovery Learning Center

Lenovo
Lenovo Learning Center

ID Agent
Managed Security 360

Wasabi
Wasabi

Sophos
Sophos Cybersecurity Learning Center

Scale Computing
Scale Computing Learning Center

SonicWall
Network Security 360

Cohesity
Cohesity Learning Center

Dell EMC
Software-defined Data Center 360

Sherweb
Cloud Partner Programs 360
