Suspects plead guilty to developing Mirai malware
Two suspects have confessed to being involved in the development of the malware behind the Mirai botnet. The men were previously identified in an investigation by journalist Brian Krebs.
It concerns at least two suspects, Paras Jha and Josiah White, according to two court documents published by ZDNet. According to the so-called plea agreement, the first man wrote code together with others in 2016 with which he could infect and take over Internet-of-things devices. About 300,000 devices eventually became part of the Mirai botnet. Jha then used the botnet to launch and extort DDoS attacks against US and foreign companies.
In addition, Jha has maintained the infrastructure to manage the botnet. It ran in several VMs on its own hardware at his family’s home, the document said. He promoted his malware on various forums under different names such as ‘ogmemes’ and ‘Anna Senpai’. The latter name is known from the release of the Mirai source code in October 2016 by a HackForums user of the same name. The court document shows that Jha released the code in order to deny involvement if investigative services found the code on his computer.
The second man, White, was responsible for writing the Mirai malware scanner. With that, the malicious software scanned the internet to identify and infect more vulnerable devices. In addition, White was involved in moving the botnet’s command-and-control server and breaking into a computer in France to use it as a proxy.
The names of both men appear in an extensive investigation that journalist Brian Krebs published in January. In it, he already identified Paras Jha as the creator of the Mirai malware. Krebs first experienced the power of the botnet when his site was targeted by a ddos in September last year and became inaccessible as a result. Mirai was also used for other attacks, such as on DNS provider Dyn. Recent Google research concluded that that attack was actually targeting game servers.
The maximum penalty for the offense of, among other things, ‘deliberately causing damage to a protected computer’ is five years in prison. The final penalty has yet to be determined.