Ex-Rutgers student pleads to cyberattacks, creating IoT botnet that brought down Internet

A former Rutgers University computer-science student has pleaded guilty to launching cyberattacks that laid siege to Rutgers' computer network and remotely enslaved millions of Internet of Things (IoT) devices throughout the United States.

The malware implanted on the IoT devices was later used to cause one of worst outages in the history of the internet when it was unleashed Oct. 21, 2016.

Paras Jha, 21, of Fanwood, N.J., admitted he and two coconspirators created the Mirai software that was designed to hijack poorly secured routers, security cameras, and baby monitors. Under Jha's control, the malware on the devices launched distributed denial of service (DDoS) attacks on internet service providers and websites. If the targets didn't pay a two-Bitcoin ransom, Jha reportedly would knock them offline, federal prosecutors said.

Jha also ran a company, ProTraf Solutions, that could be hired to prevent similar attacks.

The Mirai malware,  named after an obscure anime film character, was initially designed to create an advantage in the online game Minecraft, federal prosecutors said. But Jha and his coconspirators soon recognized the botnet's power, weaponized it, and used it to disrupt Jha's rivals and anyone else he held a grudge against, federal prosecutors said.

Jha allegedly monetized the botnet by "renting it out" so it could be used like an army of zombie computers that could be used for any nefarious purpose.

Cybercrime experts praised the government's win.

"This was a groundbreaking case," said Ed McAndrew, a former assistant U.S. attorney who is now co-leader of the cybersecurity group at Ballard Spahr in Philadelphia.  "It's the first conviction relating to the creation, coding and dissemination of an IoT botnet."

When federal investigators began to close in on Jha, he released the Mirai source code "into the wild for anyone to use" to cover his tracks, McAndrew said.  "Doing that was the equivalent of releasing nukes into general society."

When the Mirai malware struck in October 2016, it crippled internet service throughout the East Coast and a large swath of Western Europe. Experts feared it had been deployed by a state-sponsored organization to cripple communications before the U.S. presidential election.

One of the first targets of the Mirai botnet was KrebsOnSecurity.com, a website owned by former Washington Post reporter Brian Krebs.

"He was like a fireman starting the fire so he could get paid for putting it out," said Krebs, an expert on cybersecurity issues with deep contacts on the darkweb. Krebs was the first to smoke out Jha's identity after a four-month investigation published on his site in January. "When you attack journalists, they tend to write about it."

Krebs interviewed Jha for his story. Jha denied he was an architect behind Mirai. Jha told Krebs: "Whoever is responsible for this is a sociopath."

During Mirai's  reign of terror, Rutgers' computer network was paralyzed for days at a time. "They got really hammered," Krebs said. The Mirai malware is still circulating online, "and there's some evidence that it's worse than ever," he said.

Jha — along with Josiah White, 20 of Washington, Pa., and Dalton Norman, 21, of Metairie, La. — pleaded guilty Dec. 8 in Anchorage, Alaska, to conspiracy counts for creating the botnet. Jha pleaded to additional charges in New Jersey for damaging computers during the attacks on Rutgers. Federal prosecutors released information about the pleas Wednesday, and Jha is scheduled to be sentenced March 13.

"I suspect he'll get in excess of five years in prison on the Jersey charges," McAndrew said. "It boggles the mind, because he's obviously a very gifted computer scientist who had a bright future. And he's just thrown it all away."