Mirai has been known as one of the most powerful botnets comprised of millions of hacked Internet of Things (IoT) devices including routers, digital video recorders (DVRs) and security cameras. Mirai was also used by hackers to carry out one of the largest DDoS attacks on the servers of DynDNS which ultimately disrupted high profile websites like Reddit, Amazon and Twitter etc.
However, last year; culprits behind Mirai botnet Paras Jha, Josiah White, and Dalton Norman pleaded guilty to their role in the campaign in which Mirai was used for criminal activities. Based on their cyber crimes it was expected that all three hackers will do major time in US prison but it turns out that all three were sentenced to 5 years of probation along with $127,000 fine in damages and 2,500 hours of community service in addition to the continued assistance of security researchers and law enforcement agencies.
Based on the history of lengthy prison sentences in cybercrime-related cases, for instance, John Kelsey Gammell, a 46-year-old from New Mexico who has been sentenced to 15 years in prison for conducting sustained DDoS attacks against his ex-employer; 5 years of probation for Mirai culprits was not only unusual but shocking.
But now, it has been revealed that Jha, White, and Norman have been given clean slates since they have been assisting the FBI for over a year to combat cybercrime including taking down of a couple of dangerous botnets.
“By working with the FBI, the defendants assisted in thwarting potentially devastating cyber attacks and developed concrete strategies for mitigating new attack methods,” said [PDF] US attorneys in a motion filed September 11th. “The information provided by the defendants has been used by members of the cybersecurity community to safeguard US systems and the Internet as a whole.”
“Collectively, the three were much more talented at building a botnet than they were at successfully monetizing their criminal activity, although they demonstrated a marked and unfortunate degree of refinement when they transitioned from Mirai to Clickfraud. It is fortunate to all involved that their activities were disrupted, and it is worthwhile to note that if they hadn’t there is every reason to believe that they would still be engaging in significant cybercrime in the United States and abroad,” said Adam Alexander, a federal prosecutor in the court document [PDF].
“All three have significant employment and educational prospects should they choose to take advantage of them rather than continuing to engage in criminal activity,” he concluded.
This is not the first time when cybercriminals have been given a pass. Previously, Hector Xavier Monsegur (Sabu), an Anonymous hacker and leader of LulzSec group was given a clean slate after he assisted FBI to trace down other LulzSec hackers.