A Rutgers University computer science student pleaded guilty in federal court Wednesday to launching a cyber attack on the school's computer network, following his admission last week that he participated in one of the Internet's biggest security scares last year.
Paras Jha, 21, of Fanwood "effectively shut down Rutgers University’s central authentication server, which maintained, among other things, the gateway portal through which staff, faculty, and students delivered assignments and assessments," Acting U.S. Attorney William Fitzpatrick said following the guilty plea in Trenton.
"These computer attacks shut down the server used for all communications among faculty, staff and students, including assignment of course work to students, and students’ submission of their work to professors to be graded," Fitzpatrick said.
The attack "paralyzed the system for days at a time and maliciously disrupted the educational process for tens of thousands of Rutgers’ students. he said.
Jha admitted Wednesday that he did so at the most disruptive times —during registration, midterms and finals.
“In fact, you timed your attacks because you wanted to overload the central authentication server when it would be the most devastating to Rutgers, right?”Assistant U.S. Attorney Shana Chen asked him in U.S. District Court in Trenton.
“Yes,” Jha said.
Last Friday, Jha admitted in an Alaska federal courtroom that he and two other men -- one from near New Orleans, the other near Pittsburgh -- created a powerful botnet that connected cheap wireless cameras, routers, and digital video recorders with poor security to attack Internet services worldwide.
"The defendants used the botnet to conduct a number of powerful distributed denial of service (DDOS) attacks, which occur when multiple computers acting in unison flood the Internet connection of a targeted computer or computers," the U.S. attorney said.
One occurred in October of last year, when the Internet slowed or stopped for nearly the entire eastern United States, authorities said.
The self-replicating botnet, dubbed Mirai, reportedly infected nearly 65,000 devices in its first 20 hours, doubling in size every 76 minutes, before eventually infecting reaching 600,000 devices worldwide.
It also raised fears that the upcoming presidential election could be hacked.
The FBI cracked the case, however, after Jha -- who authorities believe was the hacker behind the name Anna-Senpai -- posted the source code for Mirai on a criminal forum.
Although it turned out that Jha and his accomplices were merely trying to gain an advantage in Microsoft's popular computer game Minecraft -- which can be played from any device and on any internet connection -- they weren't through.
Jha and the others admitted that they went on to infect more than 100,000 primarily U.S.-based Internet-connected computing devices with malicious software, leading to an unprecedented online attack
"The victim devices were used primarily in advertising fraud, including 'clickfraud,' a type of Internet-based scheme that utilizes “clicks,” or the accessing of URLs and similar web content, for the purpose of artificially generating revenue."
All three cases were investigated by the FBI, which dubbed the defendants the "Cub Scout Pack" because of their ages.
Click here to sign up for Daily Voice's free daily emails and news alerts.