Mirai botnet creators praised for helping FBI, won’t serve prison time

More than nine months ago, three men pleaded guilty to creating and operating the Mirai and Clickfraud botnets.

However, on Tuesday, after prosecutors announced that the men had provided "extensive" and "exceptional" assistance to federal law enforcement, a federal judge in Alaska sentenced each of them to just five years of probation—no prison time.

The men, Paras Jha, 22, of Fanwood, New Jersey; Josiah White, 21, of Washington, Pennsylvania; and Dalton Norman, 22, of Metairie, Louisiana, will continue to cooperate with the FBI.

In particular, prosecutors called out their assistance in the 2017 federal takeover of the Kelihos botnet.

Additionally, the Mirai trio helped thwart online fraud, prevent further DDOS attacks, mitigate an attack that leveraged a weakness in servers using the Memecache object caching system, and even assisted researchers investigating an attack from a possible state actor.

As Ars reported in October 2016, Mirai degraded or completely took down Twitter, GitHub, the PlayStation network, and hundreds of other sites by targeting Dyn, a service that provided domain name services to the affected sites.

Jha admitted to being behind Mirai, according to court documents that were unsealed late last year. The Rutgers University computer science student was originally publicly identified as a likely suspect in January 2017 by Brian Krebs, a well-known independent computer security journalist.

In a sentencing memorandum submitted on September 11, 2018, Adam Alexander, a federal prosecutor, marveled at how the men could be so notorious in the online DDOS community, and yet at the same time, "socially immature young men living with their parents in relative obscurity."

"That gulf between their online personas and the reality of their daily lives offline is mirrored in the gulf between the sophistication and significance of their criminal botnet activities both in terms of the Mirai botnet and the successor Clickfraud scheme," Alexander continued.

"Collectively, the three were much more talented at building a botnet than they were at successfully monetizing their criminal activity, although they demonstrated a marked and unfortunate degree of refinement when they transitioned from Mirai to Clickfraud. It is fortunate to all involved that their activities were disrupted, and it is worthwhile to note that if they hadn’t there is every reason to believe that they would still be engaging in significant cyber crime in the United States and abroad."

Ultimately, he concluded: "All three have significant employment and educational prospects should they choose to take advantage of them rather than continuing to engage in criminal activity."