All Work, No Jail: Why Mirai Botnet Hackers Likely Escaped Incarceration
The three developers behind the Mirai Botnet were sentenced to support government cybersecurity investigations. But it's not completely clear how and why they can help.
September 27, 2018 at 10:00 AM
5 minute read
Earlier this month, a district court in Alaska sentenced three college-aged men from Washington state, Pennsylvania and Louisiana in connection with the development and deployment of the Mirai botnet. The botnet was behind an unprecedented October 2016 distributed denial of service (DDoS) attack that crippled a host of popular websites across the United States.
All three defendants, however, received no jail time. Instead, they were sentenced to five years probation, a $127,000 fine and 2,500 hours of community service, which included a requirement that they continue to aid federal cybersecurity investigations.
Such a sentence in a criminal federal trial raised some eyebrows. “I can tell you, based upon my 13 and a half years working in the Department of Justice (DOJ) as a federal prosecutor, that this type of sentence is very unusual,” said Hanley Chew, of counsel at Fenwick & West and former assistant U.S attorney for the Northern District of California.
So what's behind this unusual sentencing? It's difficult to say without prosecutors divulging their exact thinking. But a look at the demands of government cybersecurity operations and the nature of how cybercriminals operate helps shed light on the possible reasoning.
Court filings by government attorneys noted that before the three hackers were sentenced in September 2018, they logged “well over 1,000 hours of work for the U.S. Government,” including working with the FBI office in Anchorage, Alaska, to help identify the perpetrators behind other criminal botnets. Notably, they assisted in taking down a DDoS attack method deemed “Memcache.”
In addition, the cybercriminals wrote code to help FBI investigations, including designing a program to that “allowed law enforcement to examine cryptocurrency private keys in a variety of formats.” What's more, they also offered “to travel to meet with and surreptitiously record the activities of known investigative subjects” for the FBI, potentially acting as undercover informants.
Chew said the sentencing of these three hackers was unique because it took away the incentive for them to cooperate with the government, while still mandating their continued cooperation. “The prosecution has the threat of the sentencing hanging over the [defendants'] heads so that they will be truthful and cooperative… it's very unusual to have post-sentencing cooperation.”
But to be sure, even after sentencing, it is still in the three hackers' best interest to continue their cooperation with federal authorities. After all, sentences can be modified, especially if there are parole violations.
“If those individuals fail to meet the condition of their parole, there would be a reconsidering of what the actual sentence is and there could be stiffer penalties,” said Marcus Christian, a partner at Mayer Brown and a former executive assistant U.S. attorney in the Southern District of Florida.
Still, there are other reasons why sentences generally don't include ongoing cooperation stipulations. “Prior to sentencing, the government can place everything under seal so there is no record of cooperation and that will happen if is the criminal defendant is possibly engaged in covert” activities, Christian said.
The three Mirai botnet hackers however, likely worked as uncovered informants for the government. So why blow their cover?
The answer is simple: In the cyber world, many often operate anonymously through aliases instead of using their real identities. So even though the court disclosed that the hackers are working for the FBI, there is little chance it will compromise some of their online identities.
“You won't necessarily know who is at the other end,” Christian said. “These individuals could be deployed in ways where it wouldn't be possible to determine who they really are.”
But the government's continuous reliance on these hackers does raise questions about why they are needed in the first place. After all, government agencies are likely to have a wide array of in-house cybersecurity expertise to pull from.
Christian, however, noted that while this may be the case, in today's cyberthreat environment, there is always the need for more help. “I don't think anyone would argue with the statement that there is a shortage of qualified people who are employed in government cybersecurity efforts.”
What's more, given the leniency the government showed the three defendants in exchange for their ongoing cooperation, it may be likely that the knowledge and expertise of the hackers also factored into the decision.
“It may very well be that these hackers are really good,” Chew said. “Or that have connections and maybe have other online identities they didn't fully disclose, so they might have specific knowledge that would be particularly helpful in building cases.”
How these three hackers will use their expertise to help the federal government tackle future cyber investigations remains to be seen. But given the furtive nature of such operations, it's likely their work will be kept under wraps.
This content has been archived. It is available through our partners, LexisNexis® and Bloomberg Law.
To view this content, please continue to their sites.
Not a Lexis Subscriber?
Subscribe Now
Not a Bloomberg Law Subscriber?
Subscribe Now
NOT FOR REPRINT
© 2024 ALM Global, LLC, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to [email protected]. For more information visit Asset & Logo Licensing.
You Might Like
View All
'Effective Remedy'?: DOJ Unveils Corrective Action Plan in Google Search Monopoly Case
3 minute read
FTC Goes After AI Tool That Has Capability to Mass Produce Fake Reviews
6 minute read
Agency Leaders Accept They Must Use Existing Law to Regulate Artificial Intelligence
4 minute readTrending Stories
Who Got The Work
Clark Hill members Vincent Roskovensky and Kevin B. Watson have entered appearances for Architectural Steel and Associated Products in a pending environmental lawsuit. The complaint, filed Aug. 27 in Pennsylvania Eastern District Court by Brodsky & Smith on behalf of Hung Trinh, accuses the defendant of discharging polluted stormwater from its steel facility without a permit in violation of the Clean Water Act. The case, assigned to U.S. District Judge Gerald J. Pappert, is 2:24-cv-04490, Trinh v. Architectural Steel And Associated Products, Inc.
Who Got The Work
Michael R. Yellin of Cole Schotz has entered an appearance for S2 d/b/a the Shoe Surgeon, Dominic Chambrone a/k/a Dominic Ciambrone and other defendants in a pending trademark infringement lawsuit. The case, filed July 15 in New York Southern District Court by DLA Piper on behalf of Nike, seeks to enjoin Ciambrone and the other defendants in their attempts to build an 'entire multifaceted' retail empire through their unauthorized use of Nike’s trademark rights. The case, assigned to U.S. District Judge Naomi Reice Buchwald, is 1:24-cv-05307, Nike Inc. v. S2, Inc. et al.
Who Got The Work
Sullivan & Cromwell partner Adam S. Paris has entered an appearance for Orthofix Medical in a pending securities class action arising from a proposed acquisition of SeaSpine by Orthofix. The suit, filed Sept. 6 in California Southern District Court, by Girard Sharp and the Hall Firm, contends that the offering materials and related oral communications contained untrue statements of material fact. According to the complaint, the defendants made a series of misrepresentations about Orthofix’s disclosure controls and internal controls over financial reporting and ethical compliance. The case, assigned to U.S. District Judge Linda Lopez, is 3:24-cv-01593, O'Hara v. Orthofix Medical Inc. et al.
Who Got The Work
Attorneys from Cadwalader, Wickersham & Taft and Pryor Cashman have entered appearances for Diageo Americas Supply d/b/a Ciroc Distilling Co. and Sony Songs, a division of Sony Music Publishing, respectively, in a pending lawsuit. The case was filed Sept. 10 in New York Southern District Court by the Bloom Firm and IP Legal Studio on behalf of Dawn Angelique Richard. The plaintiff, who performed as a member of producer Sean 'Diddy' Combs girl group Danity Kane and later his band, Diddy - Dirty Money, claims that she was financially exploited by Combs and subjected to inhumane working conditions. Among other violations, Richard claims that Combs required group members to remain at his residences and studios, deprived them of adequate food and sleep and forced them to rehearse for 36 to 48 hours without breaks. The case, assigned to U.S. District Judge Katherine Polk Failla, is 1:24-cv-06848, Richard v. Combs et al.
Who Got The Work
Mathilda McGee-Tubb and Kevin M. McGinty of Mintz, Levin, Cohn, Ferris, Glovsky and Popeo, as well as Jesse W. Belcher-Timme of Doherty, Wallace, Pillsbury & Murphy, have stepped in to defend Peter Pan Bus Lines in a pending consumer class action. The suit, filed Sept. 4 in Massachusetts District Court by Hackett Feinberg PC and KalielGold PLLC, accuses the defendant of charging undisclosed 'junk fees' on top of ticket prices during checkout. The case, assigned to U.S. District Judge Mark G. Mastroianni, is 3:24-cv-12277, Mulani et al v. Peter Pan Bus Lines, Inc.
Featured Firms
Law Offices of Gary Martin Hays & Associates, P.C.
(470) 294-1674
Law Offices of Mark E. Salomone
(857) 444-6468
Smith & Hassler
(713) 739-1250
