FANWOOD, NJ — A 21-year-old from Fanwood has pleaded guilty to knocking out the Rutgers computer system several times during a two-year period and also conspiring with two others to create computer code that in 2016 brought down dozens websites around the world, from Amazon to Twitter.
Although not charged for the so-called “Dyn cyberattack” in October 2016, Paras Jha admitted to writing the source code for the Mirai malware, a computer program that was used to create a “botnet” — or remotely controlled network of internet connected computers — that caused the massive computer disruption.
Jha admitted in federal court in Anchorage, Alaska, on Dec. 8 to conspiring with Josiah White, 20, of Washington, Pa., and Dalton Norman, 21, of Metairie, La., to create the original Mirai botnet in fall and summer 2016. That botnet infected more than 100,000 internet-connected devices, such as home routers, and was used in dedicated denial of service — or DDoS — attacks against numerous websites.
Jha then posted the code in a computer forum to have deniability that he created the software, Deputy Assistant Attorney General Richard Downing told reporters in a conference call Dec. 13. The code was subsequently used by others to execute the Dyn cyberattack, Downing said.
“Their motivations, once built, were to get money from people in various ways,” Downing said. “They rented out the botnet, extorted hosting providers, demanded protection money.”
The original Mirai botnet was used for what Downing described as a “click fraud” scheme in which computers are used to access web content for the purpose of artificially generating revenue.
Additionally, Jha pleaded guilty Dec. 13 in federal court in Trenton to using similar methods to shut down the Rutgers University computer system numerous times between November 2014 and September 2016. The system is used for communications by the school for communications between staff, faculty and students, for to faculty to assign coursework, and for students to submit assignments and receive grades.
Jha was a Rutgers student at the time and coordinated his attacks to cause the maximum disruption during midterm and finals, acting U.S. District Attorney for New Jersey William Fitzpatrick said Dec. 13.
“He attended Rutgers for two years,” Fitzpatrick said. “Whether he was angry at the school, didn’t want to turn in an exam, or show off his skills, all are reasonable inferences.”
Fitzpatrick said the attacks are estimated to have cost Rutgers between $3.5 million and $9.5 million. An exact accounting will be presented at Jha’s sentencing hearing March 13.
“Paras Jha is a brilliant young man whose intellect and technical skills far exceeded his emotional maturity,” Jha’s attorneys, Robert G. Stahl and Laura K. Gasiorowski of Westfield, said via email when asked to reply to Fitzpatrick’s comments.
Starting at just 19 years old, Jha made a series of mistakes with significant consequences that he only now fully appreciates, they said, adding, “He is extremely remorseful and accepts full responsibility for his actions. He is fortunate to have loving, supportive parents and a bright future ahead. He has pled to charges here in the District of New Jersey, and in the District of Alaska, as the first step in his evolution into adulthood and responsibility.”
Assistant U.S. Attorney Adam Alexander of the District of Alaska told reporters that his region initiated the investigation when devices with the Mirai software first appeared there.
The notorious malware takes its name from the TV anime series “Mirai Nikki,” of which all three conspirators were fans, an official from the Alaska district attorney’s office said. Mirai means “the future” in Japanese.