A federal court last Friday ordered one of the co-developers of the Mirai IoT botnet to pay $8.6 million in restitution and serve six months of home incarceration as punishment for using the malware to launch DDoS attacks against Rutgers University, where he was studying at the time.
Paras Jha, 22, of Fanwood, N.J., who pleaded guilty in his home state last December, was also sentenced to five years of supervised release and 2,500 hours of community service.
Jha and his co-conspirators Josiah White, 21, and Dalton Norman, 22, had separately pleaded guilty to Computer Fraud & Abuse Act violations in a federal courtroom in Alaska. Last September, the trio was sentenced in that case to five years of probation – a lenient punishment earned through extensive cooperation with FBI on other cyber investigations.
White, Jha, and Norman created the botnet in the summer and fall of 2016, recruiting scores of compromised IoT devices – including wireless cameras, routers, and digital video recorders – and using them to flood targets with DDoS traffic. Jha later released Mirai’s source code to evade identification as an author. This action led to others individuals developing numerous versions of the malware.
One such version is Satori, which infected more than 280,000 IP addresses in 12 hours upon its debut in late 2017. The defendant in that case, 20-year-old Washington State resident Kenneth Schuchman, was ordered last week to appear in a federal Alaskan court on Nov. 8 after allegedly violating the terms of his pre-trial release.