Mirai Botnet Creator Ordered To Pay $8.6M for Rutgers DDoS Attacks

Mirai botnetA federal court has ordered Mirai botnet creator Paras Jha to pay $8.6 million to Rutgers University for distributed denial of service (DDoS) attacks on the university’s networks.

Jha also must serve six months of home detention for the DDoS campaign carried out between November 2014 and September 2016, which shutdown the university’s central authentication server.

The server maintained the gateway portal through which staff, faculty, and students exchanged assignments and assessments. The DDoS attacks took the portal offline on a number of occasions.

Jha, along with Josiah White and Dalton Norman, plead guilty in December last year to creating and operating the Mirai botnet, which recruited Internet of Things devices to launch DDoS attacks.

The defendants uncovered vulnerabilities that allowed them to surreptitiously attain administrative or high-level access to victim devices for the Mirai botnet.

The Mirai botnet at its peak enslaved hundreds of thousands of compromised IoT devices. Jha subsequently posted the source code online in the fall of 2016.

On Sept. 18, 2018, a federal court sentenced all three defendants to five year’s probation and 2,500 hours of community service. They were ordered to pay restitution in the amount of $127,000 and to abandon cryptocurrency seized during the course of the investigation.

Jha, Norman Plead Guilty to More Charges

Jha and Norman also plead guilty to successfully infecting more than 100,000 U.S.-based Internet-connected computing devices with malware between December 2016 and February 2017.

The two then used the compromised devices as a network of proxies through which they routed Internet traffic. The victim devices were used primarily in “clickfraud,” a type of Internet-based scheme that utilizes “clicks,” or the accessing of URLs and similar web content, for the purpose of artificially generating revenue.

Last month, European law enforcement agency Europol warned that DDoS attackers were targeting critical infrastructure. Europol said that DDoS attacks were becoming more accessible and involved low cost and low risk for attackers.

DDoS Attacks Targeting Critical Infrastructure, Europol Warns

ddos attacksDDoS attacks are being used to target critical infrastructure, warned European law enforcement agency Europol in its 2018 Internet Organised Crime Threat Assessment report.

Last year, a DDoS attack crippled train networks in Sweden by targeting internet service providers. Another attack shut down communications on the Finnish Aland Island after a telecom provider was targeted.

Europol noted that DDoS attacks are becoming more accessible and involve low cost and low risk for attackers.

DDoS attackers are increasingly using botnets of infected IoT devices to carry out their attacks. The Mirai botnet in 2016 is just one example.

This week, the Department of Justice said the creators of the Mirai botnet cooperated with the FBI and were given five years’ probation.

Close to two-thirds of EU law enforcement reported cases of DDoS attacks last year. And one-third of those emphasized the growing number of cases.

More than one-third of organizations faced a DDoS attack last year, compared to 17 percent in 2016, according to ENISA. Other reports cited by Europol indicated that DDoS attacks accounted for around 70 percent of incidents that compromised network integrity.

DDoS-for-Hire Services on the Rise

One of the reasons for the increase in DDoS attacks is the use of booters or stressers. These are DDoS-for-hire services that provide access to botnets for a small fee. The use of these services is making it much easier for unskilled attackers to launch major DDoS attacks.

In April of this year, the operators of the DDoS marketplace webstresser.org were arrested as result of Operation Power Off. This was an investigation led by Dutch Police and the British National Crime Agency with support from Europol and a dozen law enforcement agencies.

Webstresser.org was the largest DDoS marketplace with more than 136,000 registered users and 4 million attacks. When it was shut down, there was a 60 percent decrease in DDoS attack across Europe, the report noted.