Former Rutgers student to pay $8.6 M. for DDoS attack against U.
Former Rutgers student Paras Jha has been sentenced by a federal judge in Trenton to six months of home confinement and payment of $8.6 million in restitution for his role in a computer attack on the University.
Two years ago, Jha conspired with Josiah White of Washington, Pa. and Dalton Norman of Metairie, La. to create the “Mirai botnet,” which shut down websites and internet services around the world between 2014 and 2016, according to an article from
Jha also used his coding skills to specifically target Rutgers University. Under the screen name “exfocus,” Jha taunted the University’s computer security system with tweets such as “where internet go?? 3m dollar gone?” and “The Rutgers infrastructure crumpled like a tin can under the heel of my boot,” according to the article.
The University suffered from disrupted access to web services such as Sakai, internet access and overall network infrastructure at the school due to the DDoS attacks, as by The Daily Targum. This caused the University’s networks to be down for hours or even days, which further led to midterms, final exams and class registration being rescheduled, according to the article.
Jha later published his code on hacker websites, where others used it in a massive DDoS attack that crashed websites such as Twitter and Netflix in October 2016.
In January 2017, he was identified as the perpetrator of these attacks by cybersecurity reporter Brian Krebs, who spent several months investigating Jha’s identity after his own site was attacked, as by the Targum. While not charged for that specific attack, Jha did plead guilty to the charges of both writing and marketing the botnet in December 2017.
A botnet is a group of infected computers, or “bots” (short for robots), that are controlled by malicious software without the knowledge of the computers’ owners. The Mirai botnet is one of the most forms of malware and can be used by programmers to enslave thousands of devices for use in a Distributed Denial of Service (DDoS) attack.
Last month, Jha and his co-conspirators were sentenced to probation in Anchorage, Alaska, after agreeing to assist the FBI with cybercrime in connection with their creation of the Mirai botnet, according to the article. They were also ordered to pay $127,000 in restitution and give up a significant amount of their cryptocurrency.
Jha alone pleaded guilty to violating the Computer Fraud and Abuse Act with the Rutgers attack. In addition to home confinement and the $8.6 million in restitution, he was also sentenced by U.S. District Judge Michael Shipp to five years of supervised release and 2,500 hours of community service.