The three college-age defendants behind the the Mirai botnet—an online tool that wreaked destruction across the internet in the fall of 2016 with powerful distributed denial of service attacks—will stand in an Alaska courtroom Tuesday and ask for a novel ruling from a federal judge: They hope to be sentenced to work for the FBI.

Josiah White, Paras Jha, and Dalton Norman, who were all between 18 and 20 years old when they built and launched Mirai, pleaded guilty last December to creating the malware. Mirai, which hijacked hundreds of thousands of internet-of-things devices and united them as a digital army, began as a way to attack rival Minecraft videogame hosts, but it evolved into an online tsunami of nefarious traffic that knocked entire web-hosting companies offline. At the time, the attacks raised fears amid a presidential election targeted online by Russia that an unknown adversary was preparing to lay waste to the internet.

The creators, panicking as they realized their invention was far more powerful than they had imagined, released the code—a common tactic by hackers to ensure that if and when authorities catch up to them, they don’t possess any code that isn’t publicly known, which would help finger them as the inventors. That release in turn led to attacks by others throughout the fall, including one that made much of the internet unusable on the East Coast on an October Friday.

According to court documents filed in advance of Tuesday’s appearance, the US government is recommending that each of the trio be sentenced to five years probation and 2,500 hours of community service.

The twist, though, is precisely how the government hopes the three will serve their time: “Furthermore, the United States asks the Court, upon concurrence from Probation, to define community service to include continued work with the FBI on cyber crime and cybersecurity matters,” the sentencing memorandum says.

The trio have contributed to a dozen or more different law enforcement and security research efforts.

In a separate eight-page document, the government lays out how, over the 18 months since the FBI first made contact with the trio, they have worked extensively behind the scenes with the agency and the broader cybersecurity community to put their advanced computer skills to noncriminal uses. “Prior to even being charged, the defendants have engaged in extensive, exceptional cooperation with the United States Government,” prosecutors wrote, saying that their cooperation was “noteworthy in both its scale and its impact.”

As it turns out, the trio have contributed to a dozen or more different law enforcement and security research efforts around the country and, indeed, around the globe. In one instance, they helped private-sector researchers chase what they believed was an “advanced persistent threat” from a nation-state hacking group; in another, they worked with the FBI in advance of last year’s Christmas holiday to help mitigate an onslaught of DDoS attacks. Court documents also hint that the trio have been engaged in undercover work both online and offline, including traveling to “surreptitiously record the activities of known investigative subjects,” and at one point working with a foreign law enforcement agency to “ensur[e] a given target was actively utilizing a computer during the execution of a physical search.”

The government estimates that the trio have already collectively logged more than 1,000 hours of assistance, the equivalent of half a year of full-time employment.

Earlier this year, the Mirai defendants worked with FBI agents in Alaska to counter a new evolution of DDoS, known as Memcache, which relies on a legitimate internet protocol aimed at speeding up websites to instead overload them with repeated queries. The obscure protocol was vulnerable, in part, because many such servers lacked authentication controls, leaving them open to abuse.

The Mirai court documents outline how Norman, Jha, and White jumped into action in March as the attacks propagated online, working alongside the FBI and the security industry to identify vulnerable servers. The FBI then contacted affected companies and vendors to help mitigate the attacks. “Due to the rapid work of the defendants, the size and frequency of Memcache DDoS attacks were quickly reduced such that within a matter of weeks, attacks utilizing Memcache were functionally useless and delivering attack volumes that were mere fractions of the original size,” prosecutors report.