Hackers’ Cooperation with FBI Leads to Substantial Assistance in Other Complex Cybercrime Investigations

Defendants Responsible for Creating the “Mirai” and Clickfraud Botnets Continue to Assist FBI as Part of their Sentencing

Anchorage, Alaska – U.S. Attorney Bryan Schroder announced today that three defendants have been sentenced for their roles in creating and operating two botnets, which targeted “Internet of Things” (IoT) devices.  Paras Jha, 22, of Fanwood, New Jersey; Josiah White, 21, of Washington, Pennsylvania; and Dalton Norman, 22, of Metairie, Louisiana, were sentenced today by Chief U.S. District Judge Timothy M. Burgess.  On Dec. 8, 2017, Jha, White, and Norman pleaded guilty to criminal Informations in the District of Alaska charging them each with conspiracy to violate the Computer Fraud & Abuse Act in operating the Mirai Botnet.  Jha and Norman also pleaded guilty to two counts each of the same charge, one in relation to the Mirai botnet and the other in relation to the Clickfraud botnet.

After cooperating extensively with the FBI, Jha, White, and Norman were each sentenced to serve a five-year period of probation, 2,500 hours of community service, ordered to pay restitution in the amount of $127,000, and have voluntarily abandoned significant amounts of cryptocurrency seized during the course of the investigation.  As part of their sentences, Jha, White, and Norman must continue to cooperate with the FBI on cybercrime and cybersecurity matters, as well as continued cooperation with and assistance to law enforcement and the broader research community.  According to court documents, the defendants have provided assistance that substantially contributed to active complex cybercrime investigations as well as the broader defensive effort by law enforcement and the cybersecurity research community.

Jha, White, and Norman became subjects of a federal investigation when, in the summer and fall of 2016, they created a powerful botnet – a collection of computers infected with malicious software and controlled as a group without the knowledge or permission of the computers’ owners.  The Mirai Botnet targeted IoT devices – non-traditional computing devices that were connected to the Internet, including wireless cameras, routers, and digital video recorders.  The defendants attempted to discover both known and previously undisclosed vulnerabilities that allowed them to surreptitiously attain control over the victim devices for the purpose of forcing the devices to participate in the Mirai Botnet.  At its peak, Mirai consisted of hundreds of thousands of compromised devices.  The defendants used the botnet to conduct a number of powerful distributed denial-of-service, or “DDoS” attacks, which occur when multiple computers, acting in unison, flood the Internet connection of a targeted computer or computers.  The defendants’ involvement with the original Mirai variant ended in the fall of 2016, when Jha posted the source code for Mirai on a criminal forum. Since then, other criminal actors have used Mirai variants in a variety of other attacks.

Additionally, from December 2016 to February 2017, the defendants successfully infected over 100,000 primarily U.S.-based computing devices, such as home Internet routers, with malicious software.  That malware caused the hijacked home Internet routers and other devices to form a powerful botnet.  The victim devices were used primarily in advertising fraud, including “clickfraud,” a type of Internet-based scheme that makes it appear that a real user has “clicked” on an advertisement for the purpose of artificially generating revenue.

“Cybercrime is a worldwide epidemic that reaches many Alaskans,” said U.S. Attorney Bryan Schroder.  “The perpetrators count on being technologically one step ahead of law enforcement officials.  The plea agreement with the young offenders in this case was a unique opportunity for law enforcement officers, and will give FBI investigators the knowledge and tools they need to stay ahead of cyber criminals around the world.”

“The sentences announced today would not have been possible without the cooperation of our partners in international law enforcement and the private sector,” said Special Agent in Charge of FBI’s Anchorage Field Office, Jeffery Peterson.  “The FBI is committed to strengthening those relationships and finding innovative ways to counter cybercrime.  Cyber criminals often develop their technical skills at a young age.  This case demonstrates our commitment to hold criminals accountable while encouraging offenders to choose a different path to apply their skills.”

These cases were investigated by the FBI’s Anchorage Field Office.  The Mirai Botnet and Clickfraud Botnet cases were prosecuted by Assistant U.S. Attorney Adam Alexander of the District of Alaska and Trial Attorney C. Alden Pelker of the Computer Crime and Intellectual Property Section of the Justice Department’s Criminal Division.  Additional assistance was provided by the FBI’s Newark, New Orleans and Pittsburgh Field Offices, Homeland Security Investigations (HSI) Atlanta – Greenville South Carolina Office, the U.S. Attorneys’ Offices for the Eastern District of Louisiana and New Jersey, the United Kingdom’s National Crime Agency, the French General Directorate for Internal Security, the Police Service of Northern Ireland, the National Cyber-Forensics & Training Alliance, Palo Alto Networks Unit 42, Google, Cloudflare, Coinbase, Flashpoint, Oath, 360.cn and Akamai.  Former Department of Justice prosecutors Ethan Arenson, Harold Chun, and Yvonne Lamoureux provided invaluable support during their tenure at DOJ.