Last October three college students used a horde of infected IoT devices to perpetrate one of the largest scale cyber attacks on record. On December 12, two of them plead guilty.
To launch their 2016 attack, the hackers utilized a zombie horde of over 300,000 unsecured Internet of Things devices. This army of compromised baby monitors, refrigerators, house lights and other internet connected devices became what is known as the Mirai Botnet. Once infected, the hackers weaponized the bots in a massive Distributed Denial of Service attack against internet infastrue firm Dyn.
The hack brought down large swaths of the internet across the United States and Europe, and impacted major services like Verizon, Amazon and Spotify.
A document released Wednesday by the United States Justice Department named Paras Jha, 21, Josiah White, 20, and Dalton Normal, 21, as co-conspirators. The three were charged in Alaska with conspiracy to violate the Computer Fraud and Abuse Act.
Several men admitted that they hijacked an army of home devices capable of taking down big parts of the internet—and all because of a grudge. https://t.co/eH6oqZYyCg
— The Daily Beast (@thedailybeast) December 14, 2017
While Jha and White both plead guilty to hacking charges, in his plea agreement Jha also admitted to creating the Mirai botnet and releasing it online for other hackers to use.
According to the document, “Jha and his co-conspirators would scan the internet for vulnerable devices and, without authorization, attempt to gain administrative access to those devices through the use of credentials that they were not authorized to employ.”
From September to October, Jha, under the pseudonyms “Ogmemes” and “Anna Senpai,” would log onto online forums frequented by known cyber criminals and advertise the botnet. According to the plea agreement Jha would then lease out the Botnet to these hackers for a price.
The total number of attacks and financial damage resulting from the Mirai Botnet remain unknown. Despite its creators facing the prospect of up to five years in prison, their botnet child lives on and continues to infect devices in new forms.
The Dyn attack and the emergence of Mirai forced security analysts to reassess the threats posed by insecure IoT devices. This year the U.S. Senate passed the Internet of Things Cyber Security Improvement Act of 2017, which sets security guidelines for all IoT devices used by federal government employees.
Introduced a bill today creating #Cybersecurity standards for federal #IoT purchases. It's time to raise the bar for federal #IoTSecurity pic.twitter.com/GpgRm5OHQC
— Mark Warner (@MarkWarner) August 1, 2017
LIMA CHARLIE NEWS, with Mack DeGeurin
Lima Charlie provides global news, insight & analysis by military veterans and service members Worldwide.
For up-to-date news, please follow us on twitter at @LimaCharlieNews
In case you missed it: