21-year-old Paras Jha, from Fanwood, has pleaded guilty to launching malware attack on the Rutgers University computers. He implanted the malware in an IoT device which gave him access to hold all university data under captive.
He was a former student of the Rutgers University, and his knowledge of the data system of the school was the secret weapon behind the attack.
With two other co-conspirators, Jha created the Mirai software which has been used to hijack several devices across the United States of America. He, therefore, pleaded guilty to that count.
His co-conspirators were Josiah White, 20 and Dalton Norman, 21, from Washington, Pa., and La Metairie respectively.
The 21-year-old has a history of launching cyber attacks on networks in the United State of America with his created software. The same software was used in launching an attack causing several websites inaccessible on Friday, though a later report said that the problem has been restored.
Jha is believed to have made a lot of money from his cyber attacks in different ways. The information as released to reporters’ hints that he used distributed denial of service (DDoS) to bring a lot of internet service providers and websites under his control. Once he was able to control the network, he agreed to release the data on the condition that 2 Bitcoin be paid as ransom. The Mirai was also used to infect millions of Reuters users in 2016.
Jha was smart enough to release the Mirai code for the access of the general public when he realized that the dawn of hiding behind the internet was over and persecutors were closing in.
A former assistant U.S. attorney, Ed McAndrew explained the act of releasing the code to the public: “Doing that was the equivalent of releasing nukes into general society.”
Brian Krebs, the owner of KrebsOnSecurity website and a former Washington Post reporter said that “He (Jha) was like a fireman starting the fire so he could get paid for putting it out.”
Kreb’s website was one of the first sites that faced the terror of his attack. Kreb undertook an investigation into the attack having a lot of experience launching an investigation into the Darknet. He was able to reveal the identity of Jha four months ago as the prime suspect of the brain behind that attack.
To validate his story, Kreb contacted Jha about how true the story was. Jha attacked the writer and said that “Whoever is responsible for this is a sociopath.”
The federal prosecutor said that the Mirai software was created to have an advantage of an online game called Minecraft. After realizing the potential power of the software, he and his co-conspirators decided to use it against people on the list of his rivals and to take a revenge on people.
He was able to turn this hacking software into money making machine stripping people off their money and exposing private data on the Darknet for sale.
Ed McAndrew, a now co-leader of the cyber security group at Ballard Spahr in Philadelphia said that: “This was a groundbreaking case.” He added that: “It’s the first conviction relating to the creation, coding, and dissemination of an IoT botnet.”
An investigation by Kreb hints that the Mirai software is still available online and it is being used by people in worst cases than how it was being used in the Jha’s era. An attack was launched on Friday morning against some of the popular websites including Reddit and Twitter.
The malware and the nature of the attack are suspected to have something to do with Jha’s creation. The inaccessibility of these various websites is in line with the inaccessibility of the Rutger University computers engineered by Jha.
McAndrews believes that Jha will face at least 5 years in prison. “I suspect he’ll get in excess of five years in prison on the Jersey charges. “It boggles the mind, because he’s obviously a very gifted computer scientist who had a bright future. And he’s just thrown it all away,” he said.
In Anchorage, Alaska, on the 8th of December 2017, Jha and his co-conspirators admitted to all charges against them. On a special case related to Jha launching an attack on his former school, Rutgers University, he pleaded guilty to damaging computers in the school. Jha will be sentenced on March 13, 2018.
The FBI has advised businesses to report all DDoS attacks to prevent further damages and the manipulation of sensitive data.