Advertisement

Suspect in case of Mirai botnet, which knocked major sites offline in 2016, pleads guilty

Sentencing is scheduled for January 2021.
The Robert F. Kennedy Department of Justice Building in Washington, D.C., headquarters of the United States Department of Justice.

The U.S. Department of Justice on Wednesday announced that an unnamed defendant has pleaded guilty in connection with a cyberattack that rocked the internet in 2016.

The October 2016 distributed denial-of-service attack affected Dyn, an internet infrastructure company, before rippling out to cause outages for sites including Twitter, Netflix, Spotify, AirBnb and Reddit, among others. DDoS attacks typically occur when attackers access a network of hacked computers, then direct those connections to a single point on the web, overwhelming the target with traffic and knocking it offline.

In this case, the defendant in question conspired with others in September and October 2016 to leverage an offshoot of an army of hackers computers known as the Mirai botnet, the Justice Department said Wednesday. The malicious tool relied on connected video cameras, recorders and other devices to carry out the incident.

Authorities withheld the name of the defendant because they were a juvenile at the time of the offense. The guilty plea took place in a closed hearing the the District of New Hampshire. The presiding judge scheduled sentencing for Jan. 7, 2021.

Advertisement

They pleaded guilty to conspiring to commit computer fraud and abuse by operating a botnet and by intentionally damaging a computer.

The Dyn attack had a resounding effect on the cybersecurity community when it occurred just weeks before the 2016 presidential election. While the Department of Homeland Security launched an initial investigation into the incident, journalists reported that the code for the Mirai botnet has been publicly available prior to the incident, complicating the probe.

Three suspects previously pleaded guilty in connection with the creation of the Mirai botnet.

Attackers have used DDoS attacks as the digital equivalent of a blunt object for a generation. Video game services like Xbox Live and PlayStation often are the target of such techniques, as gamers aim to silence rivals or harass companies. Better-resourced groups, such as Chinese government-sponsored outfits and the Syrian Electronic Army, an internet group sympathetic to Syrian President Bashar al-Assad, have used the same tactics to further their political goals.

Latest Podcasts