Three young hackers who were sentenced late last year for creating and spreading the notorious Mirai botnet are now helping the FBI to investigate other “complex” cybercrime cases in return to avoid their lengthy prison terms.
Paras Jha, 21 from New Jersey, Josiah White, 20 from Washington, and Dalton Norman, 21 from Louisiana, plead guilty in December 2017 to multiple charges for their role in creating and hijacking hundreds of thousands IoT devices to make them part of a notorious botnet network dubbed Mirai.
Mirai malware scanned for insecure routers, cameras, DVRs, and other Internet of Things (IoT) devices which were using their default passwords and then made them part of a botnet network.
The trio developed the Mirai botnet to attack rival Minecraft video gaming hosts, but after realizing that their invention was powerful enough to launch record-breaking DDoS attacks against targets like OVH hosting website, they released the source code of Mirai.
The release of source code eventually led to more cyber attacks conducted by various criminals against websites and Internet infrastructure, one of which was the popular DNS provider Dyn which made much of the Internet unusable on the East Coast in October 2016.
The Mirai botnet attacks were then investigated by the FBI in 2017, and the cybercriminals were sentenced by the Chief U.S. District Judge in Alaska in December 2017.
Hackers Assisting FBI As Part Of Their Sentencing
However, after U.S. prosecutors announced Tuesday that the men had provided “extensive” and “exceptional” assistance to a dozen or more different law enforcement, a federal judge in Alaska sentenced each of the three men to just five years of probation—no prison sentence.
The trio has also been ordered to pay $127,000 in restitution, serve 2,500 hours of community service, and has voluntarily handed over significant amounts of cryptocurrency seized during the investigation into their activities.
According to court documents filed last week, Jha, White, and Norman have been working with the FBI for more than a year and will continue to cooperate with the agency.
In one instance, prosecutors called out the trio’s assistance in the 2017 takedown of the Kelihos botnet—a global network of more than 100,000 infected computers used to deliver spam, steal login passwords, and infect other computers with ransomware and various malware.
In March, the three hackers also helped law enforcement stop the Memcached-based DDoS attack, a tool that helped criminals launch over 51,000 times powerful DDoS attack than its original strength against their targets.
“Cybercrime is a worldwide epidemic that reaches many Alaskans. The perpetrators count on being technologically one step ahead of law enforcement officials,” said U.S. Attorney Bryan Schroder.
“The plea agreement with the young offenders, in this case, was a unique opportunity for law enforcement officers, and will give FBI investigators the knowledge and tools they need to stay ahead of cybercriminals around the world.”
Schroder concluded that cybercriminals often develop their technical skills at a young age, and this case demonstrates the government’s commitment to “hold criminals accountable while encouraging offenders to choose a different path to apply their skills.”