The three architects of the Mirai botnet just wanted to devise a scheme to make some money in the competitive business of hosting Minecraft servers. The weapon they built ended up showing the world how dangerous DDoS attacks can be. Now their lives have taken another unexpected turn, as the US Justice Department has given them a pass and some work to do.
On Tuesday, Josiah White, Paras Jha and Dalton Norman were sentenced by a federal judge in Alaska to serve five years of probation. The three men, who are all 20-21 years old, pleaded guilty to participating in various ways in the creation and dissemination of the Mirai botnet.
The decision came after a recommendation from the US Justice Department that they be given a reduced sentence in return for their “extensive and exceptional” cooperation with authorities. In addition to keeping their noses clean for five years, they’ll also have to serve 2500 hours of community service.
That doesn’t necessarily mean that they’ll be picking up garbage. Instead, the community service is being defined “to include continued work with the FBI on cybercrime and cybersecurity matters,” as the DOJ requested.
In 2016, the three men were all underachievers who wanted to make a buck hosting players of the popular video game Minecraft. Players flock to various servers that host the game and offer different perks and play styles. For example, one server might stipulate that players building together in a shared world can’t destroy one another’s creations.
Wired reported on the origins of Mirai last year and spoke with Elliott Peterson, the FBI special agent who took the lead on the case. Peterson told the publication that it’s common to see a successful Minecraft host pull in $US100,000 ($137,982) worth of fees in a month.
With so much money on the line, sometimes hosts will engage in cyberattacks such as distributed denial-of-service attacks (DDoS) that take control of a huge number of machines and direct them to a competitor’s server. The attack overwhelms the servers bandwidth and slows it to a crawl or renders it unusable.
“We see so many attacks on Minecraft,” Peterson told Wired. “I’d be more surprised sometimes if I didn’t see a Minecraft connection in a DDoS case.”
Josiah White was identified as the author of the source code that became Mirai in his plea deal last year. He and his co-conspirators wanted to undermine a tool that protects many Minecraft servers from DDoS attacks, but they found that Mirai was way more powerful than they thought.
They used the botnet for their own criminal activities and leased it to others. But as things heated up, they released it into the wild on a hacker forum — the idea being that the more people had the code, the less likely it would be for authorities to pin it on them.
That didn’t work out. But it did ensure that the botnet made it into the hands of other cybercriminals who’ve used it for many devastating attacks in the last two years, including the incident that took down the DNS service Dyn in October of 2016. Reddit, Twitter, the PlayStation Network and many other major sites went down.
The East Coast of the US experienced widespread outages, as did other regions around the world as hundreds of thousands of bots swarmed and overwhelmed Dyn’s defences. According to the FBI, cybercriminals are still adapting Mirai as security professionals scramble to keep up.
In its sentencing recommendation, the DOJ said that the men began cooperating with law enforcement before they were even charged. It gave vague outlines of the help they’ve provided for around a dozen cases.
According to the document, they’ve logged about 1000 hours working to prevent other DDoS attacks as well as participating in other activities. They’ve built a program to help the FBI track the private keys for cryptocurrencies, and it appears they’ve been doing undercover work online and travelling abroad.
It’s unclear how skilled the Mirai guys are in reality. “These kids are super smart, but they didn’t do anything high level — they just had a good idea,” one FBI agent told Wired last year.
Marcus Hutchins, a security expert who is currently on bail after being charged with hacking-related crimes last year, wrote on Twitter that he was unsure what to think of the Mirai creator’s sentencing. “It’s definitely the right move,” he wrote, “but the idea that the FBI uses people for their skills rather than as informants seems like PR fluff.”