Last fall was a troubled period for Mirai. It first hijacked many IoT devices to launch a massive Distributed Denial-Of-Service attack (DDoS), on KrebsOnSecurity's site in September. Then, it shut off a significant portion of the internet just a few months later. But who is the person responsible for the malware? Brian Krebs, security researcher was determined to discover the source of the malware after his website was shut down. He found several sources and evidence that point to Paras Jha (a Rutgers University student who is also the owner of DDoS security provider Protraf Solutions).
The source code for Mirai botnet was released by the attacker, who was referred to under Anna Senpai's name around a week later. stockalicious This led to the emergence of other copycat attacks. But it also gave Krebs the first clue in their long search for Anna Senpai's real identity- an investigation so exhaustive that Krebs made an extensive glossary of cross-referenced names and terms, as well as an incomplete relational map.
The full story is admittedly long, clocking in at over 8000 words, but worth the time to understand how botnet wranglers earn a living by deploying zombie device armies on unsuspecting targets. The sources that pointed Krebs to Anna Senpai's identity were involved in the use of botnets on behalf of shadowy clients, unleashing them on security companies protecting lucrative Minecraft servers that host thousands of gamers. Players will leave the server if their online gaming experience is interrupted, for example, due to annoying DDoS attacks or repeated DDoS attacks. This provides servers with a reason to switch to security companies which can protect them and, in this case, the same providers that orchestrated the botnet attack.
According to Krebs the source the security site was entangled in the botnet war after it leaked information in the early September, leading to the arrest of the two hackers behind the Israeli "vDos" attack service. Anna Senpai was allegedly bribed by vengeful clients to unleash Mirai onto KrebsOnSecurity and thereby securing their investment in the security firm.
No comments yet