Paras Jha, Mirai botnet's co-author, was sentenced today to six months of home incarceration and ordered today to pay $8.6 million in restitution for the damages caused by his malware-powered Distributed Denial of Service (DDoS) network.
Mirai is a self-propagating malware strain designed by Paras Jha and Dalton Norman which mainly targets Internet of Things (IoT) devices such as routers, digital video recorders, and IP cameras, transforming them into remotely controlled "bots" that can be used to trigger large-scale Denial of Service attacks.
At its peak, Jha's Mirai botnet managed to infect and control hundreds of thousands of compromised devices which made it possible to attack and bring down most websites.
Jha posted the Mirai's source code on a hacking forum in 2016 and, since then, a multitude of other botnets have been created using the code he shared, most of them featuring the same level of sophistication and, at times, bundling even more complex exploitation and attack tools.
"Between November 2014 and September 2016, Jha executed a series of “distributed denial of service” (DDOS) attacks on the networks of Rutgers University; these occur when multiple computers acting in unison flood the Internet connection of a targeted computer or computers," says Department of Justice's press release.
The Mirai co-author used his botnet to attack his alma mater during his freshman and sophomore years
Following Jha's attacks, the university's central authentication server was completely shut down, making it impossible for faculty, staff, and students to deliver assignments and assessments via the gateway portal.
"The defendants then used the compromised devices as a network of proxies through which they routed Internet traffic," also says the press release.
"The victim devices were used primarily in advertising fraud, including “clickfraud,” a type of Internet-based scheme that utilizes “clicks,” or the accessing of URLs and similar web content, for the purpose of artificially generating revenue."
Besides the six months of home confinement and the $8.6 million in restitution, Jha also received an extra five years of supervised release, as well as 2,500 hours of community service.