An unfortunate reason to see a former university classmate of mine in the news. It always feels strange to see this story come up every so often.
I was never a friend of Jha's, nor was I every really close to him, but I remember him exactly as his attorney described him: "Paras Jha is a brilliant young man whose intellect and technical skills far exceeded his emotional maturity." Jha was not the only former classmate of mine whom I felt lacked emotional maturity, and it is harrowing to imagine how a command of technology can give anyone the power to do something like this if he chose.
Jha intentionally used his skills to inconvenience those around him and he was able to do a great deal of harm to the world at large. While technology makes us better suited to solve problems and help those less fortunate, it also amplifies an individual's ability to do harm.
Intentional malice aside, all of us have the ability to greatly effect the world around us. It is imperative that we consider the impact of our actions. While I was a student at Rutgers, there was no mandatory ethics class for computer science, nor do I remember a class on ethics for computer scientists being offered.
I've been told the administration at my university plans to move the compsci department out of the engineering department and in to the business school. I really haven't heard any pro to that yet other than "it makes the business people happy and there are more of them."
I don't buy your insinuation that he was just a brilliant mind who was immature enough to inconvenience others. I'm reading through https://krebsonsecurity.com/2017/01/who-is-anna-senpai-the-m... and Jha's actions sound like a real criminal. Yes criminal: he was using his technical prowess to bring down minecraft servers and steal customers, effectively running an online protection racket.
I know this sounds harsh but: I'm glad he has been charged with this law and I really really want this guy to be behind bars and think for a long time about what he did. Hopefully it will seriously discourage others from doing the same stuff he did.
On a slightly related note: I can't help but think how this dude could have had a highly successful career in computer security. But he chose to be a criminal. Why?
I read op's commentary more along the lines of emotional immaturity being present, he wasn't really surprised at the nature of the crimes. A lot of these emotionally immature individuals often times are part of the "do things for lulz" mindset. The fact that this started as Minecraft DDOS attacks, re-iterates the immaturity of the individual based on initial targets. I'm not defending these criminals by any means, but I would agree with OP that people whom fit the mental profile of potential asshat hackers are way more common than we'd like to admit. If every crazed rick and morty fan had the technical prowess to pull this stuff off... just imagine the chaos.
Interestingly, in addition to Paras Jha and Josiah White, the justice department's announcment mentions a guilty plea from Dalton Norman, who isn't mentioned in Krebs's article. I wonder what the story there is?
Obviously "anyone else" is hyperbolic, but whatever shade you want to throw at Krebs, he is serious about the job of investigative journalism for information security in a way literally nobody else in the industry seems to be.
Why do you think I'm trying to throw shade at Krebs? His journalism is excellent.
I just know that the FBI isn't so incompetent that they didn't already know who these guys were before Krebs wrote his article, enough people surrounding Mirai were already very familiar to them.
Last few lines state how assistance was provided by various regional and international agencies, and then goes on to list google, coinbase, cloudflare, etc. Interesting.
Coinbase is the surprising one to me, since it is the only one on the list that operates at the application rather than network level. And there's no mention of bitcoin theft anywhere in the report, just DDOS.
Bitcoin payments in DDOS for hire, or extortion (as in we'll stop if you pay us). If they cashed out via coinbase, the authorities can find out who profited via the paper trail created.
It said he got fined $250k for damages his hack caused...Ive always been curious how these fines work. Will he be paying that back after he’s out of jail and employed? Does he have a monthly payment depending on his income? Or can the equivalent be worked out in some type of community service or more jail time?
I ask because the guy is only 21 and now a felon...
They can garnish his wages after a small livable wage is achieved. Basically it will be almost impossible to ever get out of subsistence living. With his skill he may actually have a chance after a decade or two.
Wow, the implications of that are quite interesting. The effects of his sentencing can technically last for decades after he is out of jail. Funny how you never hear much about that in these trials...
But agreed being a convicted hacker won’t prevent him from being employed. Even by the government...
After an incident in my teens in the 90s, I've thought about this at length. The only conclusion I ever seem to draw is one of more criminal activity. Yes, I can hear the inbound downvotes, but I'm just being intellectually honest. How can we expect this kid to reform if we ensure he'll be living without any kind of reward for decades to come? Seems like some jail time would be much more productive. A $250k fine is a 10-20 year sentence of subsistence living. That's probably the worst way to try and give someone the "right" moral compass. The chances we'll reform someone are slim, compared to getting someone jaded by the sentence and incentivized to commit more crime just to get ahead. We won't be rehabilitating this guy with a fine like that.
It's pretty standard fare when it comes to the career ambitions of prosecutors. One of the "better" cases is that of Stephen Watt, who was hit with such insane restitution and fines ($170MM) that he will never escape poverty.
For writing code. Not hacking, not exploiting systems or keylogging (someone else did that), not even intending his code to be used for these purposes. Just writing the code.
Federal prosecutors and judges are horrible, unfathomably evil people.
> For writing code. Not hacking, not exploiting systems or keylogging (someone else did that), not even intending his code to be used for these purposes. Just writing the code.
> Stephen Watt, a 25-year-old former Morgan Stanley software engineer, pleaded guilty last December to creating a custom sniffing program dubbed “blabla” that Gonzalez and other hackers used to siphon millions of credit and debit card numbers from TJX's network. The breach cost TJX $200 million, according to its 2009 SEC filing.
> Prosecutors never alleged that Watt received money for the software he wrote, or directly profited from the hacks. But they brandished more than 300 pages of chats the two friends exchanged that belied Watt's stated ignorance.
> As Gonzalez and his accomplices hacked target after target, he sent Watt links to news stories describing a tidal wave of debit fraud spreading around the world.
It's like saying "oh, I just made a timer circuit for my friend who I knew was blowing up buildings." Note: the $170 million isn't a "fine." It's restitution. Those are two different things. A fine is used to punish bad conduct. Restitution is used to make a victim whole. Conduct that isn't that "bad" can nonetheless result in huge restitution if it resulted in large damages to the victim. Don't do stuff that can result in huge damages if you don't want to be on the hook for them.
I don't know... There's a lot that's not being said in that article... As is the case in all articles about court cases... Or court cases, in general. I feel a very real, "burn the witch" attitude when it comes to hackers and coders mixing with the justice system...
It seems more like hackers tend to be a less aware of the seriousness of certain actions. There is much praise and awe for someone capable of getting past the security systems of big corporations, and some programmers want to prove themselves by doing that. What seems to be lost in the conversation is that it’s not just a technical feat, it might be a crime.
The law may be a little outdated, and yes more awareness is necessary. Until it’s changed though it is prudent to be careful about such things.
I personally know Paras. Brilliant guy, really fun to hang out with, and learned a lot of technical knowledge from him. He was my go-to guy (like a lot of other people in the class) to help me fix the programming problems that I can't fix quickly.
I think he hacked the school for the lolz.I dont think he even thought it would be this serious when he did it, with feds and possibly jail time. He probably just wanted to see what he could do.
Even finding out about his involvement in Mirai today, it still doesnt change what I think about his character, or his ethics. Knowing this now, I think he'll become very successful very soon.
That's horribly disappointing. The man hacked thousands of devices and used them to launch DDoSes. He attacked competing minecraft services to steal customers and generate a profit. His botnet was also used to attack Brian Krebs (security researcher) and Dyn.
This isn't up for despute- although Paras originally denied involvement in the botnet this plea agreement and his confession prove that he is both a liar and a criminal.
He may end up being a successful person in the long wrong, but that doesn't make him an ethical person.
Yeah he hacked minecraft services to generate a profit when he was 19 or 20, I wish I could do that when I was 19. I dont think I would have known better at the time either.
He's as responsible of taking down Dyn as Mikhail Kalashnikov is responsible for all the people killed by the ak-47. He simply open sourced a tool for other people to use however they like.
He took the plea to reduce the sentence and the legal expense.
They literally founded a company, "Protraf Solutions LLC", that would DDoS people for profit.
Your AK-47 claim also shows that you really don't know anything about this case and are just trying to justify why you still like your friend. They open sourced their botnet four days after they DDoSed Dyn and Krebs- it wasn't random people who used this software for the attack, it was their company that did so.
Anyone with a brain would know it's illegal, just like anyone would know selling weed is illegal unless you own a dispensary, and can get a really harsh sentence.
Sure, but selling weed generally doesn't harm anyone, while sabotaging and extorting a company directly causes harm to its owners, employees, shareholders, and customers. Not to mention the harm caused by infecting millions of people's devices to create the botnet in the first place.
English grammar and orthography are weird and funky, but given that the title is summarized anyway, can we change “has plead” to “has pleaded” or “pleads”
Jha intentionally used his skills to inconvenience those around him and he was able to do a great deal of harm to the world at large. While technology makes us better suited to solve problems and help those less fortunate, it also amplifies an individual's ability to do harm.
Intentional malice aside, all of us have the ability to greatly effect the world around us. It is imperative that we consider the impact of our actions. While I was a student at Rutgers, there was no mandatory ethics class for computer science, nor do I remember a class on ethics for computer scientists being offered.