Updated: Oct 27, 2018
Jha, White, and Norman avoid prison after assisting the FBI in cybersecurity related tasks. They were fined Crypto currency, $127K, plus have to remain helping the FBI or in the cybersecurity field. The government wonders why people go from White Hats to Black Hats. This is why. You fine someone a small amount that was making $100K/month with one of the worlds largest botnets? FAIL... You take everything they have and make them start over. You have to set the stage by making an example out of someone at some point. No Quarter. #FullMetalFreedom
Mirai botnet authors go from black hats to white hats.
The three men who created and ran the original Mirai botnet back in 2016 have avoided prison sentences after cooperating with the FBI and providing "substantial assistance in other complex cybercrime investigations," the US Department of Justice (DOJ) said on Tuesday.
The three --Paras Jha, 22, of Fanwood, New Jersey; Josiah White, 21, of Washington, Pennsylvania; and Dalton Norman, 22, of Metairie, Louisiana-- previously pleaded guilty in December 2017.
The trio admitted to creating a malware strain --later known as Mirai-- that was configured to infect routers and smart devices running Linux-based operating systems.
The malware would assemble infected systems into a giant botnet, which the trio used to launch DDoS attacks or rent the botnet to other users for the same purpose. Investigators also said the three used the botnet for clickfraud, by using the routers to "click" on ads on websites that earned them revenue.
The botnet went undetected from late 2014 to mid-2016, carrying out attacks on a multitude of targets. Things came crashing down after the Mirai botnet had been used to attack the blog of infosec journalist Brian Krebs, French hosting provider OVH, and managed DNS provider Dyn.
At the time, the attacks were some of the largest ISPs and DDoS mitigation providers had seen to date, bringing a lot of media attention to the Mirai malware and its botnet, estimated at around 300,000 bots, at the time.
Even if the trio released the source code of the original Mirai malware online in an attempt to muddle their tracks, authorities were eventually successful in tracking down the three suspects.
The FBI questioned Jha in January 2017 and filed charges a few months later in May 2017.
But in a sentencing memorandum filed last week before yesterday's DOJ announcement, US authorities say the three had been collaborating with the FBI since their guilty plea last December.
The DOJ says Jha, White, and Norman had helped the FBI in several cybersecurity matters. The court documents don't give out specific names and dates for the incidents during which the three helped authorities, but any cybersecurity expert reading the document can spot investigations around the wave of Memcached-based DDoS attacks, the DDoS attacks that usually happen on Christmas, and the VPNFilter botnet, which the DOJ mentioned as the work of a foreign nation-state advanced persistent threat (APT) --FBI previously attributed the VPNFilter botnet to Russian intelligence.
For their extensive work with authorities, the DOJ rewarded the three with sentences that don't include any prison time. Jha, White, and Norman were each sentenced to serve a five-year period of probation, 2,500 hours of community service, ordered to pay restitution in the amount of $127,000, and forfeited "significant amounts" of cryptocurrency seized during the investigation.
As part of the lighter sentence, the three must also continue their work with the FBI and the cyber-security industry