Indian student and Fanwood, NJ resident Paras Jha (21) pleaded guilty December 13, 2017 to three computer crimes involving cyber attacks on Rutgers University, creation of malicious software and Botnets.
Rutgers Univeristy Hack
According to the court documents:
Between November 2014 and September 2016, Jha executed a series of attacks on the networks of Rutgers University. Jha’s attacks effectively shut down Rutgers University’s central authentication server, which maintained, among other things, the gateway portal through which staff, faculty, and students delivered assignments and assessments. At times, Jha succeeded in taking the portal offline for multiple consecutive periods, causing damage to Rutgers University, its faculty, and its students.
Mirai & Clickfraud Botnets
Besides Rutgers University hack, Paras Jha, along with Josiah White (20) of Washington, PA, and Dalton Norman (21) of Metairie, Louisiana created Mirai and clickfraud Botnets.
According to the court documents:
In the summer and fall of 2016, White, Jha, and Norman created a powerful botnet – a collection of computers infected with malicious software and controlled as a group without the knowledge or permission of the computers’ owners. The Mirai Botnet, targeted IoT devices – non-traditional computing devices that have been connected to the Internet, including wireless cameras, routers, and digital video recorders. The defendants attempted to discover both known and previously undisclosed vulnerabilities that allowed them to surreptitiously attain administrative or high-level access to victim devices for the purpose of forcing the devices to participate in the Mirai Botnet. At its peak, Mirai consisted of hundreds of thousands of compromised devices. The defendants used the botnet to conduct a number of powerful “distributed denial of service” (DDOS) attacks, which occur when multiple computers acting in unison flood the Internet connection of a targeted computer or computers. The defendants’ involvement with the original Mirai variant ended in the fall of 2016, when Jha posted the source code for Mirai on a criminal forum. Since then, other criminal actors have used Mirai variants in a variety of other attacks.
…From December 2016 to February 2017, the defendants successfully infected more than 100,000 primarily U.S.-based Internet-connected computing devices, such as home Internet routers, with malicious software. That malware caused the hijacked home Internet routers and other devices to form a powerful botnet. The defendants then used the compromised devices as a network of proxies through which they routed Internet traffic. The victim devices were used primarily in advertising fraud, including “clickfraud,” a type of Internet-based scheme that utilizes “clicks,” or the accessing of URLs and similar web content, for the purpose of artificially generating revenue.
Paras Jha admitted in Trenton, NJ federal court that he was involved in multiple hacks of the Rutgers University computer system and other computer crimes related to Mirai and Clickfraud Botnets.
Jha (21) of Fanwood, New Jersey faces a maximum potential penalty of ten years in prison and a fine of $250,000 or twice the gross amount of any pecuniary gain or loss derived from the offense, whichever is greater.
A former Rutgers University Computer Science student, Paras Jha is also the President of IT company ProTraf Solutions offering DDoS mitigation services for remote networks.
Paras Jha’s sentencing is scheduled for March 13, 2018.