As part of an unusual plea deal, a former Rutgers student who once called himself "Dread" has been ordered to work for the FBI as punishment for staging a cyberattack that brought down huge swathes of the internet across the globe.
Paras Jha, 22, was one of three men sentenced in Alaska on Tuesday for his role in creating Mirai, a powerful malware assault that knocked out thousands of websites in the Northeast, California, and Western Europe in September 2016.
Citing "substantial if not extraordinary levels of cooperation," federal prosecutors recommended equally extraordinary leniency.
Jha, of Fanwood, N.J.; Dalton "Uber" Norman, 22, of Metairie, La.; and Josiah "LiteSpeed" White, 21, of Washington, Pa., pleaded guilty Dec. 8 to conspiracy charges. Each was sentenced to five years' probation and ordered to pay $127,000 in restitution. They were also required to abandon "significant amounts" of crypto currency seized by investigators.
Most interestingly, each was ordered to serve 2,500 hours of community service "to include continued work with the FBI on cybercrime and cybersecurity matters," the sentencing document said. The men's assistance to the FBI already has "substantially contributed both to active complex cybercrimes investigations as well as the broader defensive effort on the part of law enforcement and the research community in this arena."
According to a report in Wired, the trio already has already donned white hats, helping domestic and international investigators on more than a dozen cases that also has included undercover work.
"The plea agreement with the young offenders in this case … will give FBI investigators the knowledge and tools they need to stay ahead of cybercriminals around the world," said Bryan Schroder, U.S. Attorney for the District of Alaska.
The case was prosecuted in Alaska because the lead federal investigator is stationed there, said Brian Krebs, a cybercrimes expert and journalist who publishes KrebsOnSecurity.com.
The Mirai malware, named after an anime film character, initially was designed to create an advantage for players of the online game Minecraft. Mirai hijacked and enslaved poorly secured Internet of Things devices to create a botnet that included computer routers, security cameras, and baby monitors. The botnet then could be deployed to hobble their Minecraft competitors. Jha and his buddies, however, soon discovered the Mirai botnet also could be used to launch widespread distributed denial of service attacks (DDoS) for criminal purposes that throttled internet service providers and websites.
Jha unleashed the first major attacks using Mirai in 2015 on the computer network at Rutgers, where he was enrolled as a student. During the intermittent attacks that caused significant disruptions on campus, Jha taunted the school's IT department.
"The Rutgers infrastructure crumpled like a tin can under the heel of my boot," he wrote.
Jha, who described himself as "the untouchable hacker god," then conspired with White to hire out the Mirai botnet to other criminal actors for $2,000 and $3,000 per attack. After building out the botnet to encompass hundreds of thousands of devices, Jha tried to monetize the botnet by sending out extortion notices to internet service providers (ISPs). When the ISPs didn't pay up in bitcoin, Jha unleashed a sustained DDoS attack on the companies.
The men also turned the enslaved Internet of Things devices into a tool that was used for "clickfraud," a scheme to make it appear that real users have clicked on advertisements to artificially generate revenue, prosecutors said.
When Krebs, the cybersecurity journalist, wrote about the attacks and smoked out the wrongdoers, Jha trained the malicious software on KrebsOnSecurity.com.
The men's involvement with Mirai ended in the fall of 2016, when Jha, wary of the FBI closing in, posted the source code online for anyone to use. Since then, Mirai variants have been employed in dozens of other cyberattacks, prosecutors said.