Clickability tracking pixel

Hackers Behind Mirai Botnet Plead Guilty in Federal Court

The FBI investigation that began in Alaska culminated in the disruption of a global cybercrime enterprise.

by Tegan Hanlon, Alaska Dispatch News / December 15, 2017

(TNS) — Three men pleaded guilty in federal court in Alaska on Friday to creating a powerful computer network used to crash websites last year, the U.S. Attorney's office announced Wednesday.

None of the hackers were from Alaska, Assistant U.S. Attorney Adam Alexander of the District of Alaska said in an interview.

He said the men appeared in federal court here because Anchorage's FBI office spearheaded the investigation into the global cyberattacks. Last year, Anchorage agents were alerted to hijacked internet-connected devices in the state. Alexander said he couldn't say what type of devices were hacked or where specifically they were located, except that they were found across the state.

The Anchorage agents and other investigators, he said, "started tracking back from the infected devices ultimately to the individuals who are responsible for developing the malware and conducting the criminal activity."

Federal prosecutors say those people are 21-year-old Paras Jha of New Jersey, 20-year-old Josiah White of Pennsylvania and 21-year-old Dalton Norman of Louisiana. The men met on the internet.

And in the fall of 2016, they built the "Mirai Botnet" that infected more than 300,000 devices with malicious software, federal prosecutors say. The software spread over the internet, quietly hijacking household devices like DVRs, routers and internet-connected surveillance cameras located in Alaska and other states, according to prosecutors.

Often, device owners don't know their machines have been taken over by hackers, Alexander said.

Prosecutors said the men used the botnet to create an army of machines they could control simultaneously and use to flood websites with traffic.

They used the machines to conduct denial-of-service attacks against business competitors and others against whom they "held grudges," according to the plea agreement. They also used the botnet to extort companies into paying them in order to avoid being targeted by an attack, the agreement said.

The men rented out the botnet to other hackers. Jha eventually posted its source code on an online criminal forum, the agreement said.

The Wall Street Journal reported that the Mirai Botnet was used in October 2016 to bog down the online technology provider Dyn, knocking offline Twitter, Netflix and other websites for a day. Prosecutors do not believe the men are responsible for that attack, since the Mirai code had already spread on the forum, according to The Associated Press.

Jha and Norman also pleaded guilty in Alaska federal court Friday to running another botnet of more than 100,000 hacked devices. They used the network in a "clickfraud" scheme, making it appear that a real user had clicked on an advertisement to artificially generate revenue, according to federal prosecutors.

In a New Jersey federal courthouse Wednesday, Jha separately pleaded guilty to an additional computer fraud charge for repeatedly crashing Rutgers University's internet network between 2014 and 2016. Jha is a former Rutgers student.

Jha's attorney, Robert Stahl, said in a statement that Jha "is a brilliant young man whose intellect and technical skills far exceeded his emotional maturity."

"He is extremely remorseful and accepts full responsibility for his actions," the statement said. "He is fortunate to have loving, supportive parents and a bright future ahead."

Attorneys for White and Norman did not respond to requests for comment Wednesday.

The three men are currently scheduled to be sentenced in Alaska in June 2018.

In their plea agreements, they agreed to surrender revenue generated as part of their scheme. In this case, that meant giving up bitcoins and other cryptocurrency.

How to protect yourself from a botnet

Alexander said the owners of internet-connected devices often don't know if their machines have been taken over by hackers.

The three men who built the Mirai Botnet specifically targeted internet-connected devices most people don't think of as computers and don't run virus protection on, like wireless cameras and routers.

In the case of the Mirai Botnet, he said hackers were not searching to steal people's identities or information, but rather to take over the machines and force them to join the botnet.

Alexander said consumers can help protect themselves from hackers by regularly updating passwords. Also, he said, always change your router password from the default one provided upon purchase.

One way to potentially catch whether you've been hacked, he said, is to monitor your data usage.

"If all of a sudden you see your data usage double or triple or really expand in a way that doesn't correspond to your actual usage, that's an indicator that something might be going on," he said.

Other tips can be found at

©2017 Alaska Dispatch News (Anchorage, Alaska) Distributed by Tribune Content Agency, LLC.

Looking for the latest gov tech news as it happens? Subscribe to GT newsletters.

Platforms & Programs