Mirai Botnet Attackers Plead Guilty for Roles in IoT Cyber-Attacks | eWeek

Mirai IoT Botnet Creators Plead Guilty for Roles in Cyber-Attacks

MiraiBotnet
Dec 13, 2017
3 minute read
eWeek content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More

Three of the individuals who were behind the Mirai internet of things botnet attack have pleaded guilty for their roles in the attacks that crippled parts of the internet in late 2016.  

On Dec. 5, Paras Jha, Josiah White and Dalton Norman pleaded guilty for their roles in the Mirai IoT botnet cyber-attacks, according to Department of Justice documents unsealed on Dec. 12. Mirai comprised 300,000 IoT devices infected with malicious code that enabled the botnet to launch distributed denial-of-service (DDoS) attacks.

“In or about July 2016, defendant Paras Jha wrote and implemented computer code with his co-conspirators that enabled them to control and direct devices infected with the Mirai malware,” the plea agreement with Jha states.


The Mirai botnet became publicly known in September 2016, when it was used to attack security blogger Brian Krebs and internet service provider OVH. The attack against Kreb’s site came in at 665G bps of attack traffic while the OVH attack had 799G bps. Mirai was also behind a massive DDoS attack against DynDNS in October 2016 that caused outages across the internet.

The plea agreement with Jha provides insight into the operations of Mirai. The court document notes that one feature of Mirai was the ability to conduct attacks against entire ranges of IP addresses. As such, a victim’s entire network would be affected by an attack. 

“This feature, in conjunction with the very large size of the Mirai botnet, rendered useless many methods that are used to mitigate DDOS attacks,” the plea agreement states. “Meaning that the attacks were capable of causing more network disruption than would be experienced in attacks by other DDOS services.”

How Mirai Infected Devices

The plea agreement also provides insight into how IoT devices were infected with Mirai in the first place. Jha and his co-conspirators were able to discover both known and unknown vulnerabilities that allowed them to gain administrator access to victims’ devices. With that access, the attackers were able to force the vulnerable devices to participate in the Mirai botnet. 

“Utilizing undisclosed vulnerabilities meant that Jha and co-conspirators would not have to compete with other criminal actors seeking to develop illicit botnets for access to these devices,” the court documents state.

The plea agreement also reveals that in August 2016, Mirai was used to attack an un-named U.S. company. According to the court documents, Jha contacted the company and demanded payment in exchange for halting the attack.

While Mirai infected IoT devices around the world, Jha set up the technical infrastructure for it on a virtual machine that he ran on his own computer at his home in New Jersey. 

The court documents also revealed the competitive nature of the botnet space. Jha engaged in a feud with rival botnet operators in August 2016, sending fraudulent abuse complaints to hosting providers associated with the rival group, according to the documents. 

The unsealed court documents do not detail how law enforcement found Jha, but they do note that he tried to evade detection. Not only did Jha erase the virtual machine he was using to control Mirai, but he also posted the Mirai source code online to further evade law enforcement actions.

“In or about September and October 2017, defendant Paras Jha took steps to destroy or conceal evidence from law enforcement,” the plea agreement stated. “JHA posted the Mirai code online, in order to create plausible deniability if law enforcement found the code on computers controlled by JHA or his co-conspirators.”

Sean Michael Kerner is a senior editor at eWEEK and InternetNews.com. Follow him on Twitter @TechJournalist.

eWeek Logo

eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site's focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

Property of TechnologyAdvice. © 2026 TechnologyAdvice. All Rights Reserved

Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.