Three American hackers were sentenced this month to include five-year probations, 2,500 hours of community service, an order to pay restitution of $127,000 and the voluntary abandonment of cryptocurrency seized during the investigation.
Cryptocurrency is a digital or virtual currency that uses cryptography for security. Cryptography is the method of storing and transmitting data in a particular form so only those who it is intended for can read and process it. Therefore cryptocurrency is difficult to counterfeit because of this security feature. Cryptocurrency isn’t issued by a central authority rendering it immune to government interference. You can read more on cryptocurrency here.
Paras Jas, 22, of New Jersey, Josiah White, 21, of Pennsylvania and Dalton Norman, 22, of Louisiana pled guilty to charges of conspiracy to violate the Computer Fraud & Abuse Act in the creation and operation of malware that infected users’ computers and made them remotely controllable.
The three defendants were responsible for creating the Mirai botnet and were convicted of infecting more than 100,000 computing devices. As part of their sentence they are required to assist the FBI in other cybercrime investigations. You can read the entire press release here.
The Mirai botnet targeted Internet of things (IoT) devices, which is a blanket term for devices (the “bot”) that most people don’t think of as computers, but that still have processing power and an internet connection. These devices can range from home routers to security cameras to baby monitors.
By 2017 there were 8.4 billion of these devices out there on the internet. Mirai took over these devices by finding an open internet connection and then attempted to log into the device by using 61 username/password combinations that are frequently used as a factory default and never changed. This botnet had taken over 100,000 devices. Once Mirai took over a device it looked for other malware on that device and wiped it out so it could claim it. They launched Distributed Denial of Service (DDoS) attacks using these bots. A DDoS attack is when the perpetrator attempts to make a network unavailable to its users by flooding the targeted service with too many requests for the service to handle all at once. You can read more on the Mirai botnet here.
Jas, White and Norman have already provided assistance “that substantially contributed to active complex cybercrime investigations,” according to court documents. They will be required to continue to assist in defensive efforts and cooperate in research studies.