Mirai botnet developers collaborate with the FBI

In exchange for less severe penalties, the three hackers are collaborating with the federal authorities

Three young hackers, who had been sentenced last year to help create and spread the well-known Mirai botnet, are now helping the FBI to investigate other “complex” cybercrime cases in exchange for less severe penalties, as reported by specialists in ethical hacking.

Paras Jha, (21 years old) from New Jersey, Josiah White, (20 years old) from Washington and Dalton Norman, (21 years old) from Louisiana, pleaded guilty in late December 2017 of multiple charges for their role in the creation and hijacking of hundreds of thousands of Internet of Things (IoT) devices to make them part of a notorious botnet known as Mirai.

The Mirai malware performed scans for routers, cameras, digital video recorders and other unsecured IoT devices that used their default passwords (or had no password) and then made them part of a botnet.

The three young men developed the Mirai botnet to attack the Minecraft video game servers, but after realizing that their invention was powerful enough to launch denial-of-service (DoS) attacks in record time, they decided to publish Mirai’s source code.

The publication of the source code generated more cyber attacks by several criminal gangs against websites and Internet infrastructure, one of which was the popular DNS provider Dyn, an incident that unused much of the Internet on the east coast in October 2016.

After an investigation into the attacks of the botnet Mirai, the hackers were identified and sentenced in December 2017.

Serving part of the sentence

After US prosecutors recently announced that the three hackers had provided “extensive and exceptional” assistance in more than a dozen cases, a federal judge in Alaska sentenced each of the hackers to a five years parole, instead of going to prison.

The trio was also sentenced to pay $127k USD in damage repair, comply with 2.5k hours of community service and voluntarily deliver significant cryptocurrency amounts derived from their illicit activities.

According to recently filed judicial documents, Jha, White and Norman have been working with ethical hacking teams from government agencies for over a year, and will continue to cooperate.

For example, prosecutors asked for the advice of the trio to disrupt the activities of the botnet Kelihos, a global network of more than 100k infected computers that were used to send spam, steal access passwords and infect other computers with ransomware and other types of malware.

According to specialists in ethical hacking from the International Institute of Cyber Security, the three hackers also helped law enforcement agencies to stop the DoS attack based on Memcached, a tool that helped its operators launch attacks thousands of times more efficient than a common attack.