Former Rutgers student’s hacking may have cost university $9.5 million
A 21-year-old from Fanwood has pleaded guilty to a series of attacks against the university's servers that may have cost the institution close to $10 million.
Days after admitting his role in two separate cybercrime cases that compromised hundreds of thousands of internet-connected devices and paved the way for one of the worst-ever internet outages, Paras Jha, 21, on Wednesday admitted violating the Computer Fraud & Abuse Act when he effectively paralyzed Rutgers' central authentication server that acts as a portal for staff, faculty and students.
The cyber attacks on Rutgers occurred between November 2014 and September 2016, according to the U.S. Justice Department.
"The defendant timed his hacks to have the greatest impact possible on the Rutgers community," Bill Fitzpatrick, acting U.S. attorney for the District of New Jersey, told reporters during a teleconference. "These hacks were committed primarily during times when students were completing their midterm examinations, their final examinations and were trying to register for classes."
Jha would also "taunt" Rutgers officials and the Rutgers community during this time, Fitzpatrick said.
Jha was attending Rutgers at the time, Fitzpatrick noted. He was a student of the New Brunswick institution for about two years. His motivation to disrupt the university's servers — whether it was anger with the school, an attempt to avoid handing in work, or just a way to show off his skills — is unknown, he said.
During the plea hearing, Jha acknowledged his conduct resulted in losses between $3.5 million and $9.5 million for the university. The specific loss amount will be determined at sentencing, which is scheduled for March.
"We are pleased the investigation of the criminal attacks on the university’s computer network, known as distributed denial-of-service attacks, has concluded and that the individual responsible has been identified and admitted guilt. We thank the FBI, the U.S. Attorney’s Office and other law enforcement agencies for their diligence in pursuing this case," Rutgers said in an emailed statement.
On Dec. 8, Jha was among three defendants to plead guilty in federal court in Alaska for their role in crafting a powerful botnet that targeted internet-connected computing devices such as wireless cameras, routers and digital recorders. On numerous occasions, the Justice Department said, the defendants used the botnet to flood the Internet connection of a targeted computer or network and deny service for routine users.
Jha posted the botnet's source code on a criminal forum in September 2016. The following month, other hackers used the code to commit server attacks that brought down Twitter, CNN, Netflix, Reddit and many other sites in the U.S. and Europe.
More from New Jersey 101.5:
Contact reporter Dino Flammia at firstname.lastname@example.org.