This story is over 5 years old.


The Hackers Behind Some of the Biggest DDoS Attacks in History Plead Guilty

Three men plead guilty to being the creators and operators of the Mirai botnet.

Two hackers have plead guilty to creating and operating the massive army of tens of thousands of zombie internet-connected devices better known as the “Mirai” botnet, which caused widespread internet disruptions last year.

Paras Jha and Josiah White plead guilty to hacking charges last week. Their plea agreements were unsealed on Wednesday. Cybersecurity reporter Brian Krebs, as well as independent security researchers, had already identified the two as potentially being behind the Mirai botnet, earlier this year.


Read more: The Looming Disaster of the Internet of (Hackable) Things

Jha plead guilty to writing and implementing the Mirai code in July of 2016, before the botnet garnered worldwide media attention, mostly when it was used to attack Krebs’ website and the internet infrastructure company Dyn with record-breaking distributed denial of service (DDoS) cyberattacks. The attack on Dyn caused widespread internet slowdowns on the US east coast for a few hours.

Jha also plead guilty to releasing the Mirai code online under the pseudonym of “Anna Senpai.” The move, according to court documents was designed “to create plausible deniability if law enforcement found the code on computers controlled by Jha” or his partners in crime. In a separate case, Jha plead guilty to hacking charges in New Jersey for launching a series of DDoS attacks against Rutgers University between November 2014 and September 2016, according to the Department of Justice.

White, who went by the nicknames “lightspeed” and “thegenius,” plead guilty to working and operating the Mirai botnet, as well as writing the code that was designed to scan the internet for vulnerable devices to enlist in the botnet.

Got a tip? You can contact this reporter securely on Signal at +1 917 257 1382, OTR chat at, or email

Both Jha and White operated the Mirai botnet, which amassed more than 300,000 devices, according to the court documents, with the goal of making money by renting the botnet out to other hackers, and extorting the victims of their cyberattacks. The two, along with other co-conspirators, also used it to attack competitors in the shady DDoS-for-hire business, an internet turf war that we reported on last year.


The two hackers face a maximum prison sentence of five years.

Initially, a spokesperson for the Department of Justice declined to comment until "everything is unsealed," and told me in an email that it will hold a press conference later on Wednesday. Later on, the Department of Justice announced the guilty pleas in a press release.

Marshal Webb, the chief technology officer of anti-DDoS firm BackConnect told me that there’s another person who has been nabbed in connection to these botnet attacks: Dalton Norman, who was known in hacker circles as “Drake.”

“Glad to hear these guys are finally being held accountable for what they did,” Webb, who said his firm has been providing technical assistance with the FBI in the investigation, told me in an online chat.

Norman plead guilty to helping carry out DDoS attacks last week, according to another court document unsealed last week. He also faces a maximum sentence of five years.

Jha’s lawyer declined to comment saying he would comment “later today.” White’s lawyer did not immediately respond to a request for comment. Norma’s lawyer also did not immediately respond to a request for comment.

Update: This story has been updated to include a link to the Department of Justice press release, and to include information from the release.

Below are the three plea agreements.

Get six of our favorite Motherboard stories every day by signing up for our newsletter.