Paras Jha, a 22-year-old former computer science student at Rutgers and co-author of the Mirai Botnet, was sentenced last week by a judge. Here is his punishment for hacking the IoT:
- 6 months of home confinement
- 2,500 hours of community service
- $8.6 million fine to pay Rutgers back for estimated DDoS attack costs
The judge agreed with agreed with prosecutors that Jha has turned his life around and even helped solve other cybercrimes for the government.
Is this punishment enough for a hacker and cybercriminal?
Brian Krebs, whose website was hit by one of Jha's DDoS attacks, isn't sure. You can hear it in his writing:
"It is likely that Jha’s creation will outlive his probation and community service. After the Sept. 2016 attack on KrebsOnSecurity and several other targets, Jha and his cohorts released the source code for Mirai in a bid to throw investigators off their trail. That action has since spawned legions of copycat Mirai botnets and Mirai malware variants that persist to this day."
And Krebs' readers cannot agree on this either. We suggest reading Krebs' article simply for the comments afterward. What is reasonable punishment for hackers and cybercriminals? Here are some views that will make you think:
His co-conspirators in the case were sentenced earlier, with lighter punishment.
"On Sept. 18, 2018, all three defendants were sentenced in federal court in Alaska to serve a five-year period of probation, 2,500 hours of community service, ordered to pay restitution in the amount of $127,000, and have voluntarily abandoned significant amounts of cryptocurrency seized during the course of the investigation."
It will be interesting to see what types of hacking and cybercrime sentencing trends emerge as cybersecurity and physical security become more connected than ever before.
