Newspaper article The Record (Bergen County, NJ)

Ex-Student Admits to Rutgers Cyber Attack

Newspaper article The Record (Bergen County, NJ)

Ex-Student Admits to Rutgers Cyber Attack

Article excerpt

A Union County man pleaded guilty Wednesday to orchestrating a series of cyber attacks on computer networks at Rutgers University that crippled its campuses for days at a time, knocking out Internet service, blocking access to online classes and assignments, and causing scheduling chaos during final exams.

Paras Jha, 21, of Fanwood, also admitted in a separate case to being one of the masterminds behind a "botnet," or a network of infected computers, that was used to crash websites around the world in October 2016.

Jha pleaded guilty in U.S. District Court in Trenton to charges to launching cyberattacks on the Rutgers University computer network, according to the Justice Department. The attacks happened between November 2014 and September 2016.

"These computer attacks shut down the server used for all communications among faculty, staff and students, including assignment of course work to students, and students' submission of their work to professors to be graded," the Justice Department said in a statement.

"The defendant's actions effectively paralyzed the system for days at a time and maliciously disrupted the educational process for tens of thousands of Rutgers' students."

Jha employed a type of cyber attack known as "DDoS," or distributed denial of service, which happens when an outside source bombards an online service with traffic or requests, making the network unavailable to intended users.

The former Rutgers University student and two other men admitted in a guilty plea Friday that they created a powerful botnet called "Mirai." They admitted using the network to remotely control a collection of computers using malicious software, or "malware" — without the knowledge or permission of the computers' owners — to carry out attacks on websites.

Jha wrote the code that allowed him to infect and control devices with Mirai, according to the Justice Department. The plea agreement says Jha and his co-conspirators built the botnet to attack business competitors and others against whom they held grudges. They also sought to make money, leasing the malicious network out for payment.

More than 300,000 devices ultimately became part of the Mirai botnet and were used by Jha and others to participate in denial-of-service attacks and other criminal activities.

The Mirai botnet was used in a massive cyberattack against Dyn, an Internet company that directs traffic on the web, in October 2016. The attack disrupted access to dozens of websites across the United States and Europe, including Twitter, PayPal, Amazon and Netflix. Experts say it was one of the largest and most powerful denial-of-service attacks in history.

Jha ran the operation on virtual machines that he operated on computer hardware that he kept at his family's suburban home. With law enforcement on his tail, he posted Mirai's code online in an effort to create plausible deniability in case investigators found the code on the computers that he and his co-defendants controlled. …

Search by... Author
Show... All Results Primary Sources Peer-reviewed

Oops!

An unknown error has occurred. Please click the button below to reload the page. If the problem persists, please try again in a little while.