Click to Skip Ad
Closing in...

If you buy through a BGR link, we may earn an affiliate commission, helping support our expert product labs.

Hack attack that took internet offline was about extortion and revenge

Published Dec 13th, 2017 6:42PM EST
Mirai botnet guilty plea and explanation
Image: Cultura/REX/Shutterstock

Last year, hackers used a network of hundreds of thousands of hijacked devices to take major portions of the internet offline for hours. The Mirai botnet, as it’s called, conscripted routers, smart fridges, and CCTV cameras to take down vital services that power companies like PayPal and Netflix.

New Jersey man Paras Jha pleaded guilty today to computer crimes charges, court filings show. The guilty plea also reveals Jha’s motivation for the attack, and it’s less exotic than you might think.

According to the guilty plea, Jha’s attack was all about two things: revenge, and money. Jha and his two co-conspirators, Dalton Norman and Josiah White, ran a firm called Protraf Solutions LLC, which offered protection against the kind of DDOS attack that the Mirai botnet caused. It was a classic extortion scam: Cause a DDOS attack against the company, and then make it all go away when they pay up.

One of the targets of the Mirai botnet was Dyn, an internet infrastructure company that provides services to companies like Netflix and PayPal. When Dyn was hit with an attack, it caused the massive internet outage that affected millions worldwide.

But the crimes didn’t just stop at extortion. The group also used their botnet to conduct “click fraud,” registering fake pageviews on website that advertisers pay for. The plea claims that the group made $180,000 from the fraud.

But Jha’s DDOS attacks weren’t just limited to extortion. The complaint also details how he used the Mirai botnet to attack criminal competitors:

In August 2016, defendant PARAS JHA engaged in a feud with rival DDOS botnet operators, during which period JHA generated and sent fraudulent abuse complaints to hosting providers associated with the rival group. JHA also conspired to conduct DDOS attacks against Internet architecture associated with this group. JHA further participated in a Border Gateway Protocol (BGP) hijacking scheme in which JHA and co-conspirators fraudulently gained control over IP addresses that were in legitimate use by third parties. JHA conducted these activities to consolidate and maximize the power of the Mirai botnet.

So next time you blame a massive internet outage on technical screw-ups or North Korea, just remember: Normally, it’s three guys in a basement with a bone to pick.