By Charles Joseph | Cybersecurity Advocate
Paras Jha, a self-taught programmer from New Jersey, made national headlines in 2017 as the creator of Mirai: one of the most successful — and destructive — botnets in history.
The young coder’s quest to make a name for himself in cybersecurity resulted in massive internet outages, an international manhunt, and curiously, a once-in-a-lifetime opportunity for redemption.
Paras Jha at a Glance
- Paras Jha taught himself to code in middle school and developed an affinity for Minecraft in high school.
- After suffering DDoS attacks against his Minecraft server, he began learning how to prevent them — then started using them against others.
- Jha enrolled at Rutgers University in 2014 and put his DDoS skills to work against the school in a series of 12 attacks.
- After dropping out in 2016, Jha teamed up with two online friends to create the world’s most sophisticated DDoS botnet, which they named Mirai.
- Jha used Mirai’s 300,000-strong army to attack Minecraft servers, hosting providers, and ISPs with attacks of over 1 Tbps — 20 times stronger than any DDoS attack in history.
- Jha released Mirai’s source code to the public after the FBI began investigating, which led to numerous internet outages around the world.
- The FBI arrested Jha in 2017, and he immediately pled guilty and began helping the agency investigate other cybercrimes.
- In lieu of a prison sentence, Jha was sentenced to 2,500 hours of community service, to be spent assisting the FBI and other law enforcement agencies around the world.
The Life of Paras Jha
Paras Jha’s Early Life
Paras Jha loved science from an early age. Computers were particularly captivating to him, both for their endless potential uses and for their ease of access: anyone could teach themselves how to use them.
Jha, a self-motivated learner, began using his free time to study programming beginning in seventh grade. Within a few years, he had become an expert in multiple programming languages, including C, Java, and ASM.
In high school, Jha was introduced to the game Minecraft, which he instantly fell in love with. He soon began running his own online multiplayer Minecraft server — and experiencing his first DDoS (distributed denial-of-service) attacks.
In a DDoS attack, the attacker uses an army of computers — typically hijacked with malware — to flood a targeted web server with traffic. Unable to handle so many requests at once, the server slows to a crawl and eventually goes offline altogether.
Minecraft servers were frequent targets of DDoS attacks. A server operator could use a DDoS attack against a rival server to make it seem slow and unreliable, then persuade upset players to switch to the attacker’s server instead.
Jha’s server was often on the receiving end of these attacks, so he began to study them in-depth. At first, he used this knowledge to protect himself, but before long, he was executing his own attacks against rival servers.
In 2014, Jha enrolled at Rutgers University in New Jersey as a computer science major. Around the same time, he started offering DDoS prevention and mitigation services to the public under the name ProTraf Solutions.
The Rutgers Attacks
When Jha arrived at Rutgers, he was excited to take advanced computer science courses and expand his knowledge beyond what he’d taught himself.
But upperclassmen got priority registration for those classes. As a freshman, Jha worried that by the time he got the chance to sign up for them, all the spots would be filled.
So he hatched a plan: he would use his DDoS knowledge to attack the Rutgers servers during the upperclassman registration period. With the servers down, registration might be delayed long enough that he would have a chance to sign up for his desired course.
Jha’s first attack brought down the Rutgers infrastructure so successfully that he repeated it on a regular basis, typically right before midterms and final exams. This bought him extra time to study, but it also amused him: he enjoyed the chaos and outrage that ensued after every attack.
It also provided him with a business opportunity: right after each attack, he anonymously taunted the university on social media, suggesting that the school hire a DDoS mitigation expert.
Between 2014 and 2016, he attacked Rutgers a dozen times, with some attacks crippling the servers for days at a time.
By the time Jha dropped out in 2016, he’d caused over $8.5 million in damages to Rutgers. But now that he was done targeting the school, it was time to move on to something bigger.
The Birth of Mirai
Jha’s interest in Minecraft had never waned, and by 2016, he’d formed close online friendships with two fellow players: Josiah White and Dalton Norman.
White and Norman were also interested in Minecraft DDoS attacks, and the trio began updating the Rutgers botnet in July 2016, this time with a novel new twist.
This botnet would be comprised of thousands of smart lightbulbs, appliances, cameras, and other internet-connected devices — the so-called “Internet of Things” (IoT). These devices were filled with security holes, many both serious and undiscovered, and millions of them were plugged in around the world.
The new botnet named Mirai, after one of Jha’s favorite animes, launched in August 2016. Its first target was an ISP that had previously been a client of ProTraf, but had ended the relationship due to disappointing service.
Jha sent the ISP an email under a pseudonym, demanding $5,000 in bitcoin to prevent a DDoS attack. The company refused and was subsequently hit with 300 Gbps of simultaneous internet traffic — a shockingly vicious attack, considering that most large DDoS attacks topped out at 20 Gbps.
Such a strong attack was made possible by the sheer number of IoT devices that Mirai had compromised. Its army doubled in size every 76 minutes, and within 20 hours of launching, it had infected 65,000 devices.
Mirai Goes Wild
On September 19, 2016, Mirai launched its biggest-ever attack. Its target was French hosting provider OVH, which hosted numerous popular Minecraft servers as well as a powerful Minecraft DDoS prevention service.
OVH was hit with 1.1 Tbps of traffic from over 145,000 devices, a siege that shattered all previous DDoS records. Cybersecurity researcher Brian Krebs reported on it and other DDoS attacks and, days later, was himself hit with a 620 Gbps attack.
These attacks garnered national attention: the US presidential election was about to occur, and the FBI suspected that a foreign entity was executing the attacks as a means of interference.
Jha, White, and Norman were frightened at the prospect of getting caught. Realizing that they were in over their heads, they wiped their computers and, on September 30, released Mirai’s source code to the public — with the code freely available, they reasoned, its origins would be much harder to trace.
By this point, Mirai had over 300,000 devices under its control, and thousands more were being infected every day. Now, with the source code out in the wild, anybody could use it to conduct devastating attacks of their own.
In October, someone did just that: an unknown hacker used Mirai to bring down the DNS provider Dyn, effectively disabling the entire internet for millions of people in North America and Europe. Sites like Netflix, PayPal, Reddit, and Amazon were inaccessible for hours as engineers scrambled to restore service.
More attacks soon followed, including one that brought down 900,000 routers in Germany and that disabled internet access for the entire country of Liberia.
Meanwhile, the trio’s botnet activities hadn’t ceased after they released Mirai’s source code. They continued using Mirai to engage in ad-click fraud, a scheme that passively and discreetly netted them tens of thousands of dollars a month.
Jha Gets Caught
The FBI spent the last quarter of 2016 hunting down Mirai’s creators, following trails through ISP databases, chat logs, code snippets, victim interviews, and network traces. By the end of the year, it had narrowed down its search to three suspects: Jha, White, and Norman.
Meanwhile, DDoS victim Brian Krebs had conducted his own investigation and come to the same conclusion: Paras Jha was Mirai’s creator.
But his low-profile approach didn’t save him. In December 2017, he, White, and Norman were arrested for both their Mirai activities and their click fraud, and all three quickly pled guilty to the charges.
Soon after, Jha was also charged for his Rutgers attacks, which he also pled guilty to.
Jha’s Second Chance
Though the trio faced ten years in prison and $500,000 in fines each, they presented the court with an intriguing proposal: each would accept five years of probation, $127,000 in fines, and 2,500 hours of community service — specifically, helping the FBI solve cybercrimes.
In September 2018, their unorthodox deal was accepted by the judge, who noted that since their arrests, the defendants had been extremely cooperative with the FBI and had already helped international law enforcement agencies with multiple cases.
Shortly after that, Jha’s sentence for his Rutgers attacks was given separately: six months of house arrest, an additional 2,500 hours of community service, and $8.6 million in restitution to Rutgers.
Over the course of their community service terms, Jha, White, and Norman have helped the FBI prevent DDoS attacks, create a cryptocurrency tracing program, and conduct undercover cybercrime investigations. Jha has returned to school and taken a job with an unidentified Silicon Valley tech company.
But while Mirai’s creators have turned over a new leaf, their botnet remains at large. New evolutions of Mirai pop up regularly, and their most common targets stay true to their roots: Minecraft servers.
Join Our Community
Minecraft’s Most Hated Hacker (Video)
Paras Jha: From Black Hat to White Hat
In just a few years, Paras Jha went from programming prodigy to Minecraft master to botnet bigwig.
Now he’s attempting to right his wrongs, helping the FBI track down cybercriminals whose nefarious methods he understands all too well.
Jha’s record-breaking Mirai botnet and his mold-shattering quest for redemption illustrate the duality of cybersecurity: a hacker’s skills can be used for good or evil, and it’s never too late to change the hat you wear.
"Amateurs hack systems, professionals hack people."
-- Bruce Schneier, a renown computer security professional