Paras Jha and Josiah White have pleaded guilty to federal cybercrime charges in an Alaska court for creating the Mirai botnet and launching attacks including the one that took down Dyn in October of last year, ZDNet reports.
Jha, who was unmasked by cybersecurity researcher Brian Krebs in January, was indicted along with White in early December, court documents unsealed Wednesday said.
"Jha conspired to conduct DDOS attacks against websites and web hosting companies located in the United States and Abroad," according to his plea agreement. The document also says Jha managed to infect more than 300,000 devices.
See also: Andromeda Botnet Brought Down by Law Enforcement Agencies, Private Sector
He also admitted to releasing the source code in order to create "plausible deniability" in case he was caught in possession of it. Having done so, Jha has allowed the threat to be reused and repurposed by other hackers, as Akamai detailed in a report earlier this year.
A justice department spokesperson indicated to ZDNet that further indictments in the case will be unsealed soon.
As was suggested by Krebs when he identified Jha, Dyn appears to have been collateral damage in a DDoS attack on game servers, as Jha and his co-conspirators, presumably meaning White, and possibly others, attempted to extort the companies hosting them.
Fast-growing botnet "IoT_reaper" was discovered to be using some of the Mirai code in October.
Is Offshore Hosting For You?
Find out why you too should be hosting offshore. Click here now!