31 Oct 2018
Indian sentenced for cyberattacks on US university, to pay $8.6mn
Written byGarima Bora
An Indian-origin man has been ordered to pay $8.6 million in restitution and serve six months of home incarceration for launching a series of cyber attacks including creating click fraud botnets, infecting hundreds of thousands of devices with malicious software on the computer network of a leading US university.
New Jersey-based Paras Jha previously pleaded guilty for violating the Computer Fraud and Abuse Act.
Jha launched Distributed Denial of Service attacks on Rutgers University
According to documents filed in this and other cases and statements made in the Federal Court of Trenton, between November 2014 and September 2016, Jha executed a series of "Distributed Denial of Service" (DDOS) attacks on the networks of New Jersey-based Rutgers University.
During these attacks, multiple computers, acting in unison, flooded the Internet connection of a targeted computer or computers.
Attacks caused shutdown of university's central authentication server
The cyberattacks launched by the 22-year-old effectively shut down the New Jersey-based university's central authentication server, which maintained, among other things, the gateway portal through which staff, faculty, and students delivered their assignments and assessments.
At times, he succeeded in taking the portal offline for multiple consecutive periods.
This caused damage to the university, its faculty, and its students, according to the documents.
Jha, accompanied by two accomplices, created a powerful botnet
Jha was, however, not alone in his crime.
He was accompanied by Josiah White, 21, of Pennsylvania and Dalton Norman, 22, of Louisiana, and the trio created a powerful botnet in the summer and fall of 2016.
Named The Mirai Botnet, it was a collection of computers infected with malicious software and controlled as a group without the knowledge of the computers' owners.
Mirai targeted wireless cameras, routers, and digital video recorders
Through Mirai, which targeted devices such as wireless cameras, routers, and digital video recorders, the trio attempted to discover both known and previously undisclosed vulnerabilities.
The snooping allowed them to surreptitiously attain administrative or high-level access to victim devices for the purpose of forcing the devices to participate in the Mirai Botnet.
At its peak, Mirai consisted of hundreds and thousands of compromised devices.
The trio pleaded guilty last year of computer fraud
Further, between December 2016 and February 2017, the three successfully infected over 100,000 primarily US-based Internet-connected computing devices, such as home Internet routers, with malicious software.
Last December, Jha, White, and Norman had pleaded guilty to criminal information in the District of Alaska charging them each with conspiracy to violate the Computer Fraud & Abuse Act in operating the Mirai Botnet.
Trio to serve 5-year probation period, 2,500hrs of community service
Last month, all three defendants were separately sentenced in federal court in Alaska to serve a five-year period of probation, 2,500 hours of community service, ordered to pay restitution of $127,000, and voluntarily abandon significant amounts of cryptocurrency seized during the investigation.