Three client defendants, who stood behind the botnet Mirai - an online tool that caused destruction throughout the Internet in the fall of 2016 with the help of powerful distributed denial of service attacks - will be brought to court in Alaska on Thursday and will ask the judge to make a new verdict: they hope that they will be forced to work for the FBI.
 
 
Josiah White, Paras Jah and Dalton Norman, each of whom was 18 to 20 years old at the time of the creation and launch of Mirai, in December pleaded guilty to creating a malicious program. Botnet, who possessed access to hundreds of thousands of devices from the "Internet of things" and integrated them into the digital army, began to exist as a tool for attacking the hostesses of the Minecraft game, but later grew to an online tsunami of malicious traffic that cut down entire hosting providers. At the time of his appearance in the midst of the accusations of "Russian hackers" in the interference in the American elections, many were frightened that an unknown new enemy appeared, about to crash the Internet.
 
DoS attacks . The court documents also mention that the trio worked undercover online and offline, went on trips for "secretly documenting the actions of subjects under investigation," and once even worked with law enforcement officers of another country to "guarantee the use of a suspect computer at the time of the search. "
 
 
The government believes that the trio in total has already worked more than 1000 hours, helping the agency, which is equivalent to a six-year work experience.
 
 
This year, the defendants worked with the FBI in Alaska to stop a new version of DoS, known as Memcache, using a legitimate Internet protocol designed to speed up the loading of websites, to reload sites sending constant requests. This little-known protocol was vulnerable, in part because many servers lacked authorization, which made them unprotected before attacks.
 
 
Judicial documents describe how Norman, Jah and White in March zealously started the case when attacks began to spread on the Internet, worked together with the FBI and the security industry to determine the servers susceptible to attack. The FBI then contacted companies and manufacturers who could suffer from these attacks to help mitigate their blow. "Thanks to the fast work of the accused, the volume and frequency of the Memcache DoS attacks were reduced in a few weeks, the attacks became functionally useless, and their volume represented a small fraction of what was originally", - the prosecutors report says.
 
 
It is interesting that the area of ​​work of the trinity for the government was not limited to preventing DoS attacks. Prosecutors describe the extensive programming work done by the defendants, including the creation of a program to facilitate the tracking of crypto-currencies and related private keys in various currencies. There were no details about the program in the court documents, but according to the report, the program takes on input various data from the blockhouses, crypto currency, and translates them into a graphic form, which helps investigators analyze suspicious online wallets. "This program and its capabilities, created with the help of the accused, can seriously reduce the time that law enforcement officials require to conduct a transaction analysis, because the program automatically determines the path of the chosen wallet," the report says.
 
 
According to sources close to the case, the investigation of Mirai provided a unique opportunity to ask for clients who demonstrated an excellent possession of computers, distracting them from violations of the law and attracted to legitimate activities in the field of computer security.
 
 
The government points to the immaturity of the trinity in its sentencing recommendations, noting "the difference between their online image where they were important, well-known and malicious hackers in the field of criminal DoS attacks, and their relatively boring real lives in which they were unknown , immature young people living with their parents. " None of them had been accused of crimes before, and the government notes the attempts of all three "in positive professional and educational development, which is taking place with varying success." As noted in the report, "it was the lack of progress in the described areas that prompted the accused to engage in criminal activities discussed here."
 
 
In a separate note, the lawyer of Josiah White, in the year of Mirai's inauguration and receiving a diploma from the Pennsylvania cyber school, explains: "He made a mistake, made the wrong decision, but then turned it into very useful actions for the government and the training system for himself ".
 
 
After capturing the creators of Mirai, the government hopes to redirect them to a more productive life path - starting with ?500 hours of work in conjunction with the FBI, security experts and engineers. As the prosecutors wrote: "All three will have good prospects for training and employment, if they decide to use them, instead of continuing to engage in crime." This should result in about a full year of work for the FBI for a full day, which is likely to be broken down into five years of a suspended sentence.
 
 
Interestingly, the court documents describe the current work of the defendants over other cases of using DoS attacks, and it is said that the FBI office in Alaska continues "an investigation into the multitude of groups responsible for large-scale DoS attacks and seeks to continue working with the accused."
 
 
The FBI's small-scale cybercracker in Anchorage has recently appeared, and over the past few years has become the main botnet squad; only last week the head of division William Walton arrived in Washington to receive the award for work on the case of Mirai from the hands of the director of the FBI - one of the highest awards of the agency. In the same week, the botnet creator Kelihos , the Russian hacker Peter Levashov, pleaded guilty in the Connecticut court for another case, also working together with the FBI unit from Anchorage and the cybercracker from New Haven. Judging by the court documents, the defendants in the Mirai case put their hand to this botnet, helping to develop scripts that identified the victims of Kelihos after the agency suddenly seized control of the botnet and arrested Levashov in Spain last April.
 
 
The investigation of the Mirai case, led by agents Elliot Peterson and Doug Klein, responded in an interesting way to another case of Peterson. In 201? the agent directed the issuance of the indictment Evgeny Bogachev , one of the most wanted cybercriminals on the list of the FBI, who allegedly committed numerous financial crimes through the botnet GameOver Zeus. In that case, investigators determined that Bogachev - who lived in Anapa - is behind many versions of malicious software known as Zeus, a favorite means for hacker attacks in the digital underground. Something like Microsoft Office for online scam. The FBI had been hunting Bogachov for years in several cases, while he was developing all new, improved versions of the software. In 201? during the search activities related to GameOver Zeus, the investigators decided that Bogachov was working with Russian intelligence to turn the capabilities of the botnet to intelligence gathering, and to search for infected computers for sensitive information in countries such as Turkey, Ukraine and Georgia.
 
 
The GameOver Zeus case was one of the earliest examples of widespread cases of Russian criminals working with Russian special services. In a similar case, which became known last year, the US government described how well-known Russian hacker Alexei Belan worked with two representatives of Russian special services over Yahoo's hacking. The blurring of the line separating online criminals and special services of Russia became the key factor in turning the country into a state that does not recognize international norms, the most recent example of which was the launch of the extortion virus NotPetya .
 
 
In Alaska in the courtroom, the FBI will offer its version of how the government can approach a similar problem. It is also happy to learn the expertise of hacker-criminals caught within the country. But first it forces them to stop criminal activity, and then turns around their skills to work with a computer to preserve the safety and health of the global Internet.