The plea agreement for the creator of the Mirai botnet reads like a mystery novel.
Each page takes you deeper into the exploits and motivations of a single botnet that creator Paras Jha, and his co-conspirators, used to take revenge and to make money.
Crimes you can commit with a botnetRemember the days when kids would egg someone's house if they didn't like them? Believe it or not, a motivation similar to that was how some of the targets for Mirai attacks were chosen.
In the plea agreement, Paras Jha—a 21-year-old former Rutgers
University computer science major—admits to building the botnet to "initiate
Competitors, in this case, means competing DDoS botnet operators.
Here is the laundry list of criminal activities from this single Mirai botnet, which controlled more than 300,000 devices:
- DDoS attacks against those that Mirai botnet operators didn't like
- They "rented" the botnet to other bad actors to make money
- Used "the botnet to extort hosting companies and others into paying protection money in order to avoid being targeted" (Sounds like a modern version of the mob, doesn't it? Legitimate businesses often paid mobsters to "protect" them from trouble.)
- Botnet operators preferred utilizing undisclosed vulnerabilities because it was a competitive advantage over other botnet developers
- Generated fraudulent abuse complaints (to hosting providers) against rival DDoS botnet operators
- Participated in a Border Gateway Protocol (BGP) scheme where they hi-jacked legitimate third-party IP addresses
- Advertised the botnet on discussion boards frequented by
cyber criminals
In the end, with investigators closing in, Jha posted the Mirai code online, "in order to create plausible deniability if law enforcement found the code on computers controlled by Jha or his co-conspirators."
That seems ironic
And in his admission, we all learned more about botnet operators, their motivations, and the variety of criminal acts they are capable of with a single army of IoT devices at their beck and call.
It will be interesting to see where this type of cyber threat and the corresponding developments in cybersecurity head in 2018. SecureWorld will be watching.
