Mirai botnet authors: From criminals to FBI agents. Mirai is a Linux exploiting malware that specializes in “Internet of Things” (IoT) attacks. It’s designed to exploit poorly secured security cameras, video recorders and routers. It accomplishes these attacks by turning networked Linux devices into bots that can be controlled remotely, which can then be used in large scale network attacks.
Since the malware’s creation it has been involved in large scale and disruptive distributed denial of service attacks (DDoS), the biggest of which being the September attack on security Journalist Brian Kreb’s website, and also the October 2016 Dyn cyberattack.
The Dyn cyberattack made headlines because of the sheer amount of services that were affected, and the high-profile names whose security you’d expect to be tighter. Services affected by the attack included Amazon, Ancestry.com, Comcast, Fox News, GitHub, CNN, Twitter, Visa, Starbucks, Reddit, and many more huge names. In total it’s estimated that the damages exceeded $100m.
Now while taking down those huge websites garnered them negative attention that would have likely put finding the authors under a spotlight, it was attacking Brian Kreb’s website that cost them their privacy. After the attack on his website, Brian made it his personal mission to track down the perpetrators and bring them to justice.
Brian Kreb outed the three men, Paras Jha (22), Dalton Norman (21) and Josian White (20). Jha and his co-conspirators had begun creating the malware in 2016 and at a later date monetized it by renting it out to other criminals. So Brian had succeeded in outing the hackers, but what about justice?
This is where the case takes a surprising turn. The 3 men plead guilty to the charges, and it was expected that they would receive the maximum sentence of a $250,000 fine and 5 years prison time. However, the FBI asked for an 85% reduction in their sentence. This lead to them receiving 5 years of probation and 2500 hours of community service. They were also ordered to pay $127,000 in damages and volunteer cryptocurrency they made through the endeavour.