lolloj - Fotolia
Mirai botnet creators avoid jail time after helping the FBI
News roundup: The Mirai botnet creators will not serve time in prison after they worked with the FBI. Plus, the Department of Defense updated its cyber strategy, and more.
The Mirai botnet creators will not be sent to prison, because they helped the FBI in "exceptional" ways.
On Dec. 8, 2017, the three Mirai botnet creators -- Paras Jha, Josiah White and Dalton Norman -- pleaded guilty to violating the Computer Fraud and Abuse Act. This week, Bryan Schroder, the U.S. attorney for the District of Alaska, announced that the Mirai botnet creators would serve five years of probation, do 2,500 hours of community service and pay restitution, but would serve no jail time.
"As part of their sentences, Jha, White, and Norman must continue to cooperate with the FBI on cybercrime and cybersecurity matters, as well as continued cooperation with and assistance to law enforcement and the broader research community," Schroder wrote in the announcement. "According to court documents, the defendants have provided assistance that substantially contributed to active complex cybercrime investigations as well as the broader defensive effort by law enforcement and the cybersecurity research community."
The sentencing took place on Sept. 11, 2018. "Prior to even being charged, the defendants have engaged in extensive, exceptional cooperation with the United States Government," Schroder said in the documentation. He also said the assistance was "noteworthy in both its scale and its impact."
Jha, White and Norman assisted the FBI in a multitude of ways, including limiting the threat landscape for attacks around the 2017 holiday season and by identifying servers vulnerable to the distributed denial-of-service (DDoS) amplification attack known as Memcache earlier in 2018.
Cybersecurity journalist Brian Krebs identified Jha and White as likely suspects behind Mirai in January 2017, before they were officially identified.
"The plea agreement with the young offenders in this case was a unique opportunity for law enforcement officers, and will give FBI investigators the knowledge and tools they need to stay ahead of cyber criminals around the world," Schroder said. "This case demonstrates our commitment to hold criminals accountable while encouraging offenders to choose a different path to apply their skills."
Jha, White and Norman created the Mirai botnet in 2016, which targeted IoT devices and launched DDoS attacks. The Mirai botnet compromised hundreds of thousands of devices. Since its birth, Mirai has been used by many other hackers to develop variants of the original that led to even more attacks.
In other news:
- The U.S. Department of Defense recently released its 2018 cyber strategy detailing the country's plans for national cybersecurity. This new version supersedes the previous strategy from 2015 and specifically calls out adversaries in China and Russia, as well as North Korea and Iran. The strategy involves focusing on those countries and any others who "pose strategist threats to U.S. prosperity and security" and collecting intelligence for military operations in the event of a crisis or conflict. "We will defend forward to disrupt or halt malicious cyber activity at its source, including activity that falls below the level of armed conflict," the strategy reads. "We will strengthen the security and resilience of networks and systems that contribute to current and future U.S. military advantages. We will collaborate with our interagency, industry, and international partners to advance our mutual interests." The strategy also calls for closer partnerships with the private sector and international allies.
- The spyware known as Pegasus or Trident was found targeting victims in 45 countries, according to researchers at The Citizen Lab. Pegasus is a type of smartphone spyware sold by the Israel-based NSO Group to governments. "Our findings paint a bleak picture of the human rights risks of NSO's global proliferation," Citizen Lab researchers wrote. "At least six countries with significant Pegasus operations have previously been linked to abusive use of spyware to target civil society, including Bahrain, Kazakhstan, Mexico, Morocco, Saudi Arabia, and the United Arab Emirates." The Citizen Lab also reported "indications of possible political themes." There are only 36 known Pegasus operators, so the findings suggest use of the spyware is spreading. Pegasus is known to be used by oppressive government regimes to spy on human rights activists, journalists, political opposition teams and lawyers. However, The Citizen Lab found the U.S., Canada, France, U.K. and Switzerland are all included in the 45 countries using the spyware.
- A security flaw called Peekaboo has been found on internet-connected CCTV cameras, according to researchers at Tenable. The vulnerability is in NUUO Inc.'s NVRmini2 system, which enables users to view and manage up to 16 CCTV cameras at once. NUUO systems have been installed more than 100,000 times worldwide, so the number of exposed dives could be in the hundreds of thousands, according to Tenable. Beyond that, Tenable said Peekaboo could affect 100 CCTV brands and 2,500 camera models. Peekaboo is a remote code execution flaw that could enable hackers to remote view and interfere with feeds and recordings. Tenable notified NUUO in early June, and the company will issue a new version of the system this week.