Three young men have pleaded guilty in Alaska to writing malicious computer software that infected and took control of hundreds of thousands of internet-connected devices, including common household routers.
That created a botnet the men named Mirai that federal authorities say was used in what are called distributed denial of service, or “DDOS, attacks. Once the men learned the FBI was onto them, they released the code to other criminals on the internet, and components of it have been seen in subsequent security breaches.
In some cases, the Mirai Botnet attacks shut down websites and either slowed or temporarily shut down the upstream internet service providers, Assistant U.S. Attorney Adam Alexander said.
“Those were some of the biggest botnet-based, DDOS attacks that the internet had seen to date, and resulted in pretty serious disruption and damage both here in the United States and abroad,” Alexander said.
In a separate case, two of the conspirators committed “click fraud,” a scam that makes it appear as if thousands of people are clicking on specific online ads. Since the cost of online advertising is often tied to the number of times people click on the ads, the scheme caused advertisers to pay more than they should have to website owners.
Charged in the case were New Jersey resident Paras Jha, 21, Pennsylvania resident Josiah White, 20, and Louisiana resident Dalton Norman, 21, all of whom pleaded guilty to one count each of conspiracy to violate the Computer Fraud and Abuse Act. Jha and Norman also pleaded guilty to an additional count in the click fraud case. And Jha pleaded guilty in a third case in New Jersey for an attack on Rutgers University’s computer systems.
The conspiracy started in summer of 2016 and continued to spring of 2017.
Alexander, the federal prosecutor, said the case spanned the U.S. and even reached other countries, but he says they were prosecuted in Alaska because FBI agents discovered that some of the compromised devices were in Alaska. The FBI also has agents in the state who are trained to investigate cybercrime, Alexander said. They worked with other FBI agents around the country and investigators in other countries, as well as with outside internet security experts, he said.
“It’s a combination of traditional investigative methods, you know, shoe leather policing on the part of the FBI agents, in combination with sophisticated and specialized training and experience,” Alexander said. “It’s also critical that law enforcement’s able to work hand in hand with private partners, who may be victims or other significant actors on the internet, to be able to identify threats and be able to address them appropriately.”
Alexander said it’s important to change the default settings on internet-connected devices like routers and to monitor whether there are significant, unexpected increases in the data usage by such devices in a short amount of time. A drastic increase in usage can be an indicator that a device has been captured by a botnet.