Slashdot Mirror

← Back to Stories (view on slashdot.org)

Mirai IoT Botnet Co-Authors Plead Guilty (krebsonsecurity.com)

Posted by msmash on from the justice-served dept.

Three hackers responsible for creating the massive Mirai botnet that knocked large swathes of the internet offline last year have pleaded guilty. Brian Krebs reports: The U.S. Justice Department on Tuesday unsealed the guilty pleas of two men (Editor's note: three men) first identified in January 2017 by KrebsOnSecurity as the likely co-authors of Mirai, a malware strain that remotely enslaves so-called "Internet of Things" devices such as security cameras, routers, and digital video recorders for use in large scale attacks designed to knock Web sites and entire networks offline (including multiple major attacks against this site). Entering guilty pleas for their roles in developing and using Mirai are 21-year-old Paras Jha from Fanwood, N.J. and Josiah White, 20, from Washington, Pennsylvania. Jha and White were co-founders of Protraf Solutions LLC, a company that specialized in mitigating large-scale DDoS attacks. Like firemen getting paid to put out the fires they started, Jha and White would target organizations with DDoS attacks and then either extort them for money to call off the attacks, or try to sell those companies services they claimed could uniquely help fend off the attacks. Editor's note: The story was updated to note that three men have pleaded guilty. -- not two as described in some reports.

33 comments

  1. The son of window glass installer by whitesea · · Score: 1

    It's an old attack, with a son breaking windows and father repairing them. However, since they did it on Internet, maybe they can patent it and make the rest of the scum pay the licensing fees?

    1. Re:The son of window glass installer by kelemvor4 · · Score: 1

      It's an old attack, with a son breaking windows and father repairing them. However, since they did it on Internet, maybe they can patent it and make the rest of the scum pay the licensing fees?

      A not entirely unreasonable gambit given the state of both patent and copyright law. This time, things didn't pan out - but it has for many many others.

    2. Re:The son of window glass installer by chispito · · Score: 1

      It's an old attack, with a son breaking windows and father repairing them. However, since they did it on Internet, maybe they can patent it and make the rest of the scum pay the licensing fees?

      From reading the Krebs deep-dive a year ago, I think it was a pretty straightforward protection racket:
      Identify a private minecraft server host that is using a competitor's anti-DDOS service. DDOS the competitor so they were ineffective and also couldn't respond to service requests, then DDOS the minecraft host itself. Then, offer your own anti-DDOS service to the Minecraft host at the seemingly most opportune time (obviously stopping your DDOS on the server once they sign up).

      The Minecraft server operators had to know what was going on, but they didn't really care, like most people suffering under a protection racket.

      --
      The Daddy casts sleep on the Baby. The Baby resists!
    3. Re: The son of window glass installer by Anonymous Coward · · Score: 0

      I don't understand this. Can you break it down as car analogy or somehow invoke Nazis?

    4. Re: The son of window glass installer by Anonymous Coward · · Score: 0

      >>> Can you break it down as car analogy?

      It's like a glass repair guy who uses a BB gun to shoot out car windows as a way to generate business. :-p

    5. Re: The son of window glass installer by Anonymous Coward · · Score: 0

      what he said. gay video gayme analogies are so lame.

  2. Not 100% his fault by slashmydots · · Score: 1

    You know, when someone's smart fridge starts popping up messages saying it needs to install Windows 10 platinum version and they need to call the Microsoft support number to help them fix it then maaaaaybe they should have just bought one that makes food cold. Is it really the author's fault completely or is the the fault of consumers buying smart-everything.

    1. Re:Not 100% his fault by Baron_Yam · · Score: 2

      100% his fault for hacking. No excuses.

      You leave your car unlocked and with the keys in the ignition... you're stupid for taking a risk like that, but if it's stolen the car thieve still needs to be skinned alive and hung outside the city limits as a warning to other thieves.

      Having said that... I think there's nothing wrong with a tablet-like system on a fridge door. It's a convenient place in a kitchen. I just don't think the fridge should be doing anything other than providing an appropriate mount point and power.

    2. Re:Not 100% his fault by Anonymous Coward · · Score: 0

      >Is it really the author's fault completely or is the the fault of consumers buying smart-everything.
      Yes you dunderhead. They still did it. Society and corporations didn't "make" them extort others. This is still true even though IoT connectivity is a terrible fucking idea and it's still true if IoT developers were incompetent.

    3. Re:Not 100% his fault by Anonymous Coward · · Score: 0

      I polled 5000 people and EVERYONE including my grandmother knew this was an obvious scam. All responded, "Windows 10 installs itself without warning and definitely without a need to call MS support." That shows how smart you are!

  3. Oldest trick in the book. by Anonymous Coward · · Score: 0

    This sounds like the car glass repair guy driving around the neighborhood shooting car windows with his BB gun as a way to generate business. Or the tire store that slashes tires.

    EXCEPT IT'S ON THE INTERNET!!!! BRILLIANT!!!!

  4. They are set for life by 140Mandak262Jamuna · · Score: 0

    They will have some plea deal and will be actively recruited by hedge funds, high frequency traders and banks. This level of criminal thinking is a highly sought after in those circles. They will properly trained on how to do it under the protection of these firms with big team of lawyers and lobbyists.

    --
    sed -e 's/Chuck Norris/Rajnikant/g' joke > fact
    1. Re:They are set for life by Anonymous Coward · · Score: 0

      Nah, felons are persona non grata on Wall Street.

    2. Re:They are set for life by Anonymous Coward · · Score: 0

      But they attacked this site! I say burn them after quartering!

    3. Re: They are set for life by Anonymous Coward · · Score: 0

      So they'll be working out of the Stamford office?

    4. Re: They are set for life by Brockmire · · Score: 1

      So, Uber?

  5. Re:Why are these guys guilty of anything again? by Anonymous Coward · · Score: 0

    I would agree that the CFAA is massively abused, but this is probably one of the few cases where its use was warranted. Sure the manufactures were using woefully lax security, but these guys still (presumably) knowingly entered someone elses property for the purposes of misusing it. If you forgot to lock your door you'd still expect a stranger who made themselves at home (using your computer for ID theft, raiding the fridge, etc) after you left for work to be prosecuted right? Of course in this case the manufacturers should also be held to some kind of account, perhaps via lawsuit from all of the effected websites/data centers and governmental regulation.

  6. Re:K-Y Jelly by Anonymous Coward · · Score: 0

    Where theire going...

    Did you just combine "their" and "there" trying to arrive at "they're"? You didn't get theire.

  7. Re:You 74il it by Anonymous Coward · · Score: 0

    at my frrelance Learn what mistakes into a sling unless use the sling.

    In Soviet Russia, grammar parses you.

  8. Talk desperate, greedy & stupid! apk by Anonymous Coward · · Score: 0

    What they did would like me making botnets with host/domain name based C&C's to spur use of APK Hosts File Engine 10++ 32/64-bit https://www.google.com/search?hl=en&source=hp&biw=&bih=&q=%22APK+Hosts+File+Engine%22+and+%22start64%22&btnG=Google+Search&gbv=1/ so more people would use it (I never would in the 1st place, I am not out to make "$" from it but rather to live up to Charlie Chaplin's great speech's idea https://www.youtube.com/watch?v=w8HdOHrc3OQ/ which I found VERY inspiring ala the "++" I use that came from there pretty much)...

    * That's the PRICE PAID for being greedy - you WILL be caught & busted for it, inevitably (unless you're a BIG NAME politician or extremely wealthy already that is)...

    APK

    P.S.=> Some people... apk

  9. So shoot them. by argStyopa · · Score: 1

    I'm serious.

    1) human lives aren't precious. There are more than 7 billion of us. 7 billion of anything is usually too much. We can spare some, particularly bad ones.

    2) let's understand and acknowledge how vital and critical the internet is to today's world. They attacked that infrastructure in a way that is hard to refute.

    Let the punishment fit the crime.

    --
    -Styopa
    1. Re:So shoot them. by Anonymous Coward · · Score: 0

      I'm serious.

      1) human lives aren't precious. There are more than 7 billion of us. 7 billion of anything is usually too much. We can spare some, particularly bad ones.

      2) let's understand and acknowledge how vital and critical the internet is to today's world. They attacked that infrastructure in a way that is hard to refute.

      Let the punishment fit the crime.

      Some could argue that you're a bad one for suggesting such nonsense. It's easy to judge until it's your head on the chopping block.

  10. Talk desperate, greedy & stupid! apk by Anonymous Coward · · Score: 0

    What they did would be like me making botnets with host/domain name based C&C's to spur use of APK Hosts File Engine 10++ 32/64-bit https://www.google.com/search?hl=en&source=hp&biw=&bih=&q=%22APK+Hosts+File+Engine%22+and+%22start64%22&btnG=Google+Search&gbv=1/ so folks'd use it (I never would in the 1st place, I am not out to make "$" from it but rather to live up to Charlie Chaplin's great speech's idea https://www.youtube.com/watch?v=w8HdOHrc3OQ/ which I found VERY inspiring ala the "++" I use that came from there pretty much)...

    * That's the PRICE PAID for being greedy - you WILL be caught & busted for it, inevitably (unless you're a BIG NAME politician or extremely wealthy already that is)...

    APK

    P.S.=> Some people... apk

  11. Re: You 74il it by Anonymous Coward · · Score: 0

    What the fuck did you just type?

  12. Re:Why are these guys guilty of anything again? by EndlessNameless · · Score: 1

    I understand CFAA runs rampant and is abused everywhere

    These guys deliberately pushed malicious code onto devices that didn't belong to them. Fuck them, they belong in jail. This is one of the few times where the law did exactly what it needs to do.

    at what point does the company who deployed to production a shitty product with a shitty default password assume responsibility?

    Negligence and poor craftsmanship are not usually crimes. Like it or not, that's how it is. But they can get you sued.

    Unsecured devices with no authentication or widely-known default passwords definitely qualify as negligence. There are security principles that address this situation, and they are older than I am.

    --

    ---
    According to the latest ruleset, this post should be modded as Vorpal Flamebait +5.
  13. Re:You 74il it by Anonymous Coward · · Score: 0

    Correct, and we saw the result above.

  14. Re: The son of window glass installer .. armed rob by Anonymous Coward · · Score: 0

    Someone convicted of armed robbery is not allowed to own a gun again. These ass hats should be prohibited from EVER having a computer! Maybe making a living with a shovel would be a warning to others. Now sue them for loss of productivity.

  15. Re: The son of window glass installer .. armed ro by Anonymous Coward · · Score: 0

    And spit on their shoes too!!!11!

  16. 'plea bargain' by Reverend+Green · · Score: 0

    Yay for state sponsored anal rape! Yay for coerced false confession! Three cheers for the American Gulag!

  17. Re: You 74il it by Brockmire · · Score: 1

    Sometimes the bots fuck up.