An Indian-origin man has been ordered to pay USD 8.6 million in restitution and serve six months of home incarceration for launching a series of cyber-attacks on the computer network of a leading US university.
Paras Jha, 22, of New Jersey, had previously pleaded guilty before US District Judge Michael Shipp to violating the Computer Fraud and Abuse Act.
He also took part in creating click fraud botnets, infecting hundreds of thousands of devices with malicious software.
Shipp, who imposed the sentence last week in Trenton federal court, also sentenced Jha to five years of supervised release and ordered him to perform 2,500 hours of community service.
According to documents filed in this and other cases and statements made in court, between November 2014 and September 2016, Jha executed a series of "distributed denial of service" (DDOS) attacks on the networks of the New Jersey-based Rutgers University - during which multiple computers acting in unison flood the Internet connection of a targeted computer or computers.
Jha's attacks effectively shut down the varsity's central authentication server, which maintained, among other things, the gateway portal through which staff, faculty, and students delivered assignments and assessments.
At times, he succeeded in taking the portal offline for multiple consecutive periods, causing damage to the university, its faculty, and its students.
In December last year, Jha along with Josiah White, 21, of Pennsylvania and Dalton Norman, 22, of Louisiana had pleaded guilty to criminal information in the District of Alaska charging them each with conspiracy to violate the Computer Fraud & Abuse Act in operating the Mirai Botnet.
In the summer and fall of 2016, White, Jha, and Norman created a powerful botnet – a collection of computers infected with malicious software and controlled as a group without the knowledge or permission of the owners of the computers.
The Mirai Botnet targeted Internet of Things devices such as wireless cameras, routers, and digital video recorders.
The defendants attempted to discover both known and previously undisclosed vulnerabilities that allowed them to surreptitiously attain administrative or high-level access to victim devices for the purpose of forcing the devices to participate in the Mirai Botnet.
At its peak, Mirai consisted of hundreds of thousands of compromised devices. The defendants used the botnet to conduct a number of other cyber attacks.
Further, from December 2016 to February 2017, the defendants successfully infected more than 100,000 primarily US-based Internet-connected computing devices, such as home Internet routers, with malicious software.
Last month, all three defendants were separately sentenced in federal court in Alaska to serve a five-year period of probation, 2,500 hours of community service, ordered to pay restitution in the amount of USD127,000, and have voluntarily abandoned significant amounts of cryptocurrency seized during the course of the investigation.
(With inputs from agencies.)