Dec 20, 2017 3 min read

A Washington man pleaded guilty this month to his role in creating a massive network of hijacked, internet-connected devices to go after rivals and shake down other internet users before one of the botnet’s other architects left its source code online for other hackers.

Josiah White, 20, pleaded guilty Dec. 8 to conspiracy to violate the Computer Fraud and Abuse Act in creating the Mirai Botnet last year with two accomplices – Paras Jha, Fanwod, N.J., and Dalton Norman, of Metairie, La., both 21 – who also pleaded guilty the same day in the U.S. District Court in Anchorage, Alaska.

Court documents state that starting in August 2016, White worked with the other two men to build the botnet “to create a weapon capable of initiating powerful denial of service attacks against business competitors and others against whom White and his co-conspirators held grudges against (sic)” and make money by renting the weapon out or by extorting “hosting companies and others into paying protection money” to avoid becoming targets of the botnet.

White’s attorney, F. Richard Curtner, declined comment when he was reached Tuesday.

White is free on his own recognizance, according to court records. Federal court documents don’t include an order setting a date for sentencing. White agreed to surrender 33 bitcoin – an internet currency amount purportedly worth $592,000 today but that would have been more valued at about $20,000 in September 2016 – that authorities identified as the proceeds of criminal activity.

White, according to court records, created a “scanner,” part of the Mirai code, to ferret out weaknesses in internet-connected computing devices – including wireless cameras, routers and digital video recorders – that allowed them to surreptitiously gain control of the devices.

Federal authorities said the Mirai network included as many as hundreds of thousands of compromised devices which White and his co-conspirators used to conduct “a number of powerful distributed denial of service, or ‘DDOS’ attacks,” which involve multiple computers inundating the internet connection of a targeted computer or computers.

“The defendants’ involvement with the original Mirai variant ended in the fall of 2016, when Jha posted the source code for Mirai on a criminal forum,” the Department of Justice said in a statement. “Since then, other criminal actors have used Mirai variants in a variety of other attacks.”

In one of those, Mirai helped in an October 2016 DDOS attack on internet-technology provider Dyn, which knocked out many users’ access to dozens of popular websites for a day.

According to federal prosecutors, Jha and Norman also pleaded guilty Dec. 8 to conspiracy to violate the Computer Fraud and Abuse Act in connection with allegations they infected more than 100,000 devices with malware between December 2016 and February, mainly to use in advertising fraud.

Five days later, Jha, a former Rutgers University student, separately pleaded guilty in the U.S. District Court in New Jersey to violating the Computer Fraud and Abuse Act stemming from a series of attacks from November 2014 to September 2016 against Rutgers’ computer networks. Prosecutors said Jha succeeded in knocking down the portal used by faculty, staff and students, sometimes for multiday periods.