Former Rutgers student pleads guilty to DDoS attacks


IMG_0501
Photo by Wikimedia |

Paras Jha, a former Rutgers student, is accused of writing the Mirai botnet to hijack internet-connected devices and using them to attack companies, degrading internet access in large regions of the world as well as at Rutgers.


Former School of Arts and Sciences student Paras Jha has pleaded guilty to writing the Mirai botnet, which took down websites and internet services worldwide many times over the past several years. 

According to federal court documents, Jha, along with co-conspirators Dalton Norman and Josiah White, are accused of writing, marketing and using the Mirai botnet to hijack internet-connected devices and using them to attack companies, degrading internet access in large regions of the world as well as at Rutgers specifically.

Jha was first named as a potential writer of the botnet in January 2017 by cybersecurity expert Brian Krebs. The University suffered from a dozen Distributed Denial of Service (DDoS) attacks as well between 2014 and 2016, which Krebs alleged were perpetrated by Jha.

The botnet essentially overloaded companies’ wireless networks, preventing them from accessing the internet at large. A botnet, or a program which takes over Internet of Things devices - smart tools connected to the internet like webcams and routers — can enable a single person to flood a network or website with thousands of hits, limiting their ability to conduct normal operations. 

In the court documents, released Wednesday, prosecutors alleged that Jha wrote and marketed the botnet. Prosecutors continued on to claim that Jha ran the botnet on virtual machines he kept in his family’s home. 

The attacks, which he committed under the usernames Anna-senpai and ogexfocus/exfocus, took down Rutgers’ networks, as well as managed domain name service provider Dyn, Inc., among other groups. 

The University’s networks went down for anywhere from a few hours to almost a week, causing midterm and final exams, as well as class registration to be rescheduled. 

Jha has plead guilty to both of the charges filed against him, and will forfeit 13 bitcoins (about $211,000) he has in his possession as part of the plea. Under sentencing guidelines, he could face 10 years in prison and a fine of at least $250,000

He will be sentenced in March 2018. 

In an emailed statement, Rutgers Chief Information Officer Michele Norin said University officials worked with law enforcement agencies to track down Jha and end the attacks.

“Since the DDoS attacks, we have made substantial improvements to Rutgers’ technology infrastructure, including upgrades of network hardware, the use of DDoS mitigation services, and changes in internet service providers. We recognize the threat posed by cybercriminals, and we will be tireless in working with law enforcement to pursue individuals who attempt to compromise the Rutgers network,” she said.


Nikhilesh De

Comments powered by Disqus

Please note All comments are eligible for publication in The Daily Targum.