Slashdot Mirror

← Back to Stories (view on slashdot.org)

Mirai IoT Botnet Co-Authors Plead Guilty (krebsonsecurity.com)

Posted by msmash on from the justice-served dept.

Three hackers responsible for creating the massive Mirai botnet that knocked large swathes of the internet offline last year have pleaded guilty. Brian Krebs reports: The U.S. Justice Department on Tuesday unsealed the guilty pleas of two men (Editor's note: three men) first identified in January 2017 by KrebsOnSecurity as the likely co-authors of Mirai, a malware strain that remotely enslaves so-called "Internet of Things" devices such as security cameras, routers, and digital video recorders for use in large scale attacks designed to knock Web sites and entire networks offline (including multiple major attacks against this site). Entering guilty pleas for their roles in developing and using Mirai are 21-year-old Paras Jha from Fanwood, N.J. and Josiah White, 20, from Washington, Pennsylvania. Jha and White were co-founders of Protraf Solutions LLC, a company that specialized in mitigating large-scale DDoS attacks. Like firemen getting paid to put out the fires they started, Jha and White would target organizations with DDoS attacks and then either extort them for money to call off the attacks, or try to sell those companies services they claimed could uniquely help fend off the attacks. Editor's note: The story was updated to note that three men have pleaded guilty. -- not two as described in some reports.

9 of 33 comments (clear)

  1. The son of window glass installer by whitesea · · Score: 1

    It's an old attack, with a son breaking windows and father repairing them. However, since they did it on Internet, maybe they can patent it and make the rest of the scum pay the licensing fees?

    1. Re:The son of window glass installer by kelemvor4 · · Score: 1

      It's an old attack, with a son breaking windows and father repairing them. However, since they did it on Internet, maybe they can patent it and make the rest of the scum pay the licensing fees?

      A not entirely unreasonable gambit given the state of both patent and copyright law. This time, things didn't pan out - but it has for many many others.

    2. Re:The son of window glass installer by chispito · · Score: 1

      It's an old attack, with a son breaking windows and father repairing them. However, since they did it on Internet, maybe they can patent it and make the rest of the scum pay the licensing fees?

      From reading the Krebs deep-dive a year ago, I think it was a pretty straightforward protection racket:
      Identify a private minecraft server host that is using a competitor's anti-DDOS service. DDOS the competitor so they were ineffective and also couldn't respond to service requests, then DDOS the minecraft host itself. Then, offer your own anti-DDOS service to the Minecraft host at the seemingly most opportune time (obviously stopping your DDOS on the server once they sign up).

      The Minecraft server operators had to know what was going on, but they didn't really care, like most people suffering under a protection racket.

      --
      The Daddy casts sleep on the Baby. The Baby resists!
  2. Not 100% his fault by slashmydots · · Score: 1

    You know, when someone's smart fridge starts popping up messages saying it needs to install Windows 10 platinum version and they need to call the Microsoft support number to help them fix it then maaaaaybe they should have just bought one that makes food cold. Is it really the author's fault completely or is the the fault of consumers buying smart-everything.

    1. Re:Not 100% his fault by Baron_Yam · · Score: 2

      100% his fault for hacking. No excuses.

      You leave your car unlocked and with the keys in the ignition... you're stupid for taking a risk like that, but if it's stolen the car thieve still needs to be skinned alive and hung outside the city limits as a warning to other thieves.

      Having said that... I think there's nothing wrong with a tablet-like system on a fridge door. It's a convenient place in a kitchen. I just don't think the fridge should be doing anything other than providing an appropriate mount point and power.

  3. So shoot them. by argStyopa · · Score: 1

    I'm serious.

    1) human lives aren't precious. There are more than 7 billion of us. 7 billion of anything is usually too much. We can spare some, particularly bad ones.

    2) let's understand and acknowledge how vital and critical the internet is to today's world. They attacked that infrastructure in a way that is hard to refute.

    Let the punishment fit the crime.

    --
    -Styopa
  4. Re:Why are these guys guilty of anything again? by EndlessNameless · · Score: 1

    I understand CFAA runs rampant and is abused everywhere

    These guys deliberately pushed malicious code onto devices that didn't belong to them. Fuck them, they belong in jail. This is one of the few times where the law did exactly what it needs to do.

    at what point does the company who deployed to production a shitty product with a shitty default password assume responsibility?

    Negligence and poor craftsmanship are not usually crimes. Like it or not, that's how it is. But they can get you sued.

    Unsecured devices with no authentication or widely-known default passwords definitely qualify as negligence. There are security principles that address this situation, and they are older than I am.

    --

    ---
    According to the latest ruleset, this post should be modded as Vorpal Flamebait +5.
  5. Re: They are set for life by Brockmire · · Score: 1

    So, Uber?

  6. Re: You 74il it by Brockmire · · Score: 1

    Sometimes the bots fuck up.