In response to the news that the authors of the Mirai botnet have avoided prison sentences after cooperating with the FBI and providing substantial assistance in other complex cybercrime investigations, IT security experts commented below.
Nadav Avital, Threat Analytics Manager at Imperva:
“Assuming that the justice system in cases of cybercrimes works in the same way as in other type of crimes, it is a common practice to cut a deal with the state to get a reduced sentence.
I trust that the justice system carefully weighed the consequences in this case and can only guess that the benefits from the defendant’s assistance was substantial.
The silver lining here, in my opinion, is that the Mirai authors were brought to justice. Unfortunately, the attribution problem, in the cybercrime world, is very difficult and consequently not enough criminals are apprehended.”
Jake Moore, Security Specialist at ESET:
“The idea of the FBI employing convicted criminal hackers sounds like a perfect tagline for a movie yet it’s not too farfetched when it comes as a way of injecting young hacker knowledge and enthusiasm into an arguably behind the times law enforcement body. Putting hackers inside the government seems at first a wildly unorthodox idea but when it is broken down, it could be argued as a far cheaper option on public money. Although law enforcement lacks money and young blood, it does need updating with ethical hacking techniques that could be time consuming to train the older generations, not to mention it is a far more inviting and romanticized option than jail time for the criminals.
There is always a threat that fresh faced hackers would desire being placed on the payroll after an attack but this can’t be the majority. Being vetted to work in highly confidential areas of law enforcement is a serious procedure and can be highly intrusive. In my previous role investigating highly confidential computer forensics for the police even put me and my loved ones in interviews to talk aspects such as finances in fear of corruption. So when hiring potentially unknowns purely down to their skills, there will always be a risk attached – but like anything in cyber security, it’s about weighing up that risk.”
Sean Newman, Director Product Management at Corero Network Security:
“It’s interesting to hear reports of the Mirai botnet authors now helping law enforcement agencies. However, with their original code in the public domain for almost two years now, and so many derivative botnets created since, it’s hard to see that this is going to make too much of an impact on the level of IoT device abuse that is now occurring and, hence, result in any reduction in the damaging DDoS attacks they have been the source of.”
Ben Herzberg, Director of Threat Research at Imperva:
“By being involved in Mirai and such activities, these people may have been exposed to more details of other criminal cyber activity. If by cutting a deal with them, the law enforcement agencies got concrete evidence about more severe criminals, they got my ‘like’.”