Mirai Botnet: Three Men Plead Guilty Over Mass DDoS Attack

by: The Knowledge Group

December 18, 2017


In Anchorage, Alaska and New Jersey three men were quietly convicted for significant cyber crimes that affected Internet infrastructure in at least six different countries. Crazily, the entire caper started out with an urge to cheat in an online game, Minecraft, by knocking out another party’s game server.

A little background is in order. Minecraft is a popular Internet game played by at least 122 million accounts. It also provides the ability to create different versions of itself on private-owned servers. Those owners then charge fees to let players onto their version of Minecraft for enhanced experience. Three men and Rutgers University students (Paras Jha, Josiah White and Dalton Norman), conspired to create a way to take down a competing server’s availability. The goal was to then sell their code/skill out as a nuke-for-hire, effectively wiping out a targeted Minecraft server. The result would then drive customers to a surviving alternative server. This was no petty vendetta; FBI estimates found that successful server owners were making $100,000/month in fee revenue from customers.

However, what the three men created was far more deadly in IT. Unlike distributed denial of service (DDoS) attack codes in the past which used desktop computers to flood a server and maybe 10 to 20 gigs of data hits, Jha’s code went further, much further. It harnessed the Internet of Things (IoT) universe and made every Internet-connected device infected a tool in a DDoS attack reaching 1 terabyte of data. The scale of attack when launched was nothing any industry defense system had previously seen. Jha’s code, known as Mirai, infected over 600,000 devices. And when it hit, even the best defense companies threw in the towel. The first victim was a French company hosting a Minecraft server, but ultimately the three men attacked almost 15,200 targets. Worse, their code was shared with other hackers.

While the FBI has succeeded in convicting the three men for their Mirai activities, the cat is out of the bag. New versions of the DDoS attack software are infecting IoT devices now, and the latest one infected 250,000 devices in the first half day of infection.