Mirai Authors Escape Jail Time – But Here Are 7 Other Criminal Hackers Who Didn't
Courts are getting tougher on the cybercrooks than some might realize.
September 26, 2018
![](https://eu-images.contentstack.com/v3/assets/blt6d90778a997de1cd/blte48d4e40a68e229f/64f0d67a1f28923735e312ba/01-sentencing.jpg?width=700&auto=webp&quality=80&disable=upscale)
Three individuals who admitted responsibility for creating and operating the highly disruptive Mirai botnet of 2016 have escaped jail time. Instead, they will now assist US law enforcement on cybersecurity matters.
On Sept. 18, a federal judge in Alaska sentenced Paras Jha, 22, of Fanwood, NJ; Josiah White, 21, of Washington, Pa.; and Dalton Norman, 22, of Metairie, La., to five years of probation and 2,500 hours of community service. The three also have to pay $127,000 as restitution for their crime.
Chief US District Judge Timothy Burgess cited the extraordinary cooperation the three individuals had extended to the FBI in several other major and ongoing cybercrime investigations as a reason for his "substantial departure" from sentencing guidelines.
The trio is certainly not the first to get off with what some would consider a light sentence, especially considering how disruptive Mirai was. But for every Jha, White, and Norman are many others who have ended up with substantial jail times. Here are seven criminal hackers who did not fare as well in court.
Between 2005 and 2007, Albert Gonzalez and co-conspirators hacked into payment systems at numerous retailers and stole data on what is estimated to be between 40 million and 90 million payment cards. Victims include TJX Companies, BJ's Wholesale Club, Sports Authority, Barnes & Noble, and Heartland Payment Systems. Gonzalez and his group sold the stolen card data to other criminals, with the resulting fraud impacting some 250 financial institutions.
Early in his criminal career, Gonzalez, now 38 years old, was given an opportunity to work as an informant for the US Secret Service for $75,000 per year. It was while he was in this role that he began pulling off the attacks against the retailers, leading to his arrest in May 2008. Gonzalez, who is reputed to have once thrown himself a $75,000 birthday bash, is currently serving a sentence of 20 years and one day at FCI Yazoo City, in Mississippi. His remains one of the longest sentences handed down in connection with a computer crime in the United States.
The same week that Jha, Norman, and White managed to avoid jail time, Latvian resident Ruslans Bondars was sentenced to 14 years in prison for running a service that helped criminal hackers check whether their malware was detectable by antivirus tools.
For a seven-year period between 2009 and 2016, Bondars' Scan4You service helped thousands of malware writers vet their tools against the latest malware detection products, especially those used by major retailers. Among those that used Scan4You were the operators of Citadel, a banking Trojan that caused financial institutions worldwide some $500 million in losses. The group responsible for the intrusion at Target, which ended up costing the retailer $292 million, was another Scan4You customer.
In May 2018, a federal jury convicted Bondars on charges of violating the Computer Fraud and Abuse Act, conspiracy to commit wire fraud, and computer intrusion with the intent to case damage. On Sept. 21, a federal judge in Richmond, Va., sentenced Bondars to 14 years in prison for his offenses.
Canadian national Karim Baratov, 23, is currently serving a five-year prison term after admitting to his role in the massive September 2016 intrusion at Yahoo that exposed information on a staggering 500 million Yahoo email accounts.
US prosecutors have described Baratov as one of two criminal hackers hired by officers of Russia's Federal Security Service (FSB) to break into and steal passwords and other information from email accounts belonging to thousands of individuals of interest to the Russian government.
Baratov was arrested in Canada in March 2017 and extradited to the US four months later. He pleaded guilty last November to breaking into or attempting to break into at least 80 email accounts on the orders of the FSB officers. Baratov also confessed to breaking into some 11,000 email accounts over a seven-year period starting in 2010 until his arrest last year.
In May 2018, a federal judge in San Francisco sentenced Baratov to 60 months in prison and ordered him to pay a fine encompassing all of his remaining assets.
Between 2015 and early 2016, Russian national Mikhail Malykhin, 36, broke into a system belonging to Polestar Benefits, an Oregon-based company that administers flexible spending accounts (FSAs) and COBRA services for other businesses. Malykhin used his access to essentially reactivate several dozen dormant FSA accounts and establish new dependent care accounts in the names of employees at other firms. He then issued very high-limit debit cards linked to those accounts and had co-conspirators purchase high-ticket items, some of which they then returned in exchange for gift cards or money. Malykhin's capers caused more than $4 million in losses.
Malykhin was living illegally in the Los Angeles area when he was arrested; he later admitted to breaking into the accounts and conspiring to use the debit cards fraudulently. The FBI seized $1.3 million, $22,000 in gift cards, and several gold bars from Malykhin following his arrest.
In July, U.S. District Court Judge Dolly Gee sentenced Malykhin to 70 months in prison and ordered him to pay over $4.1 million in restitution. In handing down the sentence, Judge Gee described Malykhin's actions as "reprehensible" and ruining the lives of many victims.
Three individuals who admitted responsibility for creating and operating the highly disruptive Mirai botnet of 2016 have escaped jail time. Instead, they will now assist US law enforcement on cybersecurity matters.
On Sept. 18, a federal judge in Alaska sentenced Paras Jha, 22, of Fanwood, NJ; Josiah White, 21, of Washington, Pa.; and Dalton Norman, 22, of Metairie, La., to five years of probation and 2,500 hours of community service. The three also have to pay $127,000 as restitution for their crime.
Chief US District Judge Timothy Burgess cited the extraordinary cooperation the three individuals had extended to the FBI in several other major and ongoing cybercrime investigations as a reason for his "substantial departure" from sentencing guidelines.
The trio is certainly not the first to get off with what some would consider a light sentence, especially considering how disruptive Mirai was. But for every Jha, White, and Norman are many others who have ended up with substantial jail times. Here are seven criminal hackers who did not fare as well in court.
About the Author(s)
You May Also Like
CISO Perspectives: How to make AI an Accelerator, Not a Blocker
August 20, 2024Securing Your Cloud Assets
August 27, 2024