The Mirai botnet caused serious trouble last fall, first hijacking numerous IoT devices to make a historically massive Distributed Denial-Of-Service (DDoS) attack on KrebsOnSecurity's site in September before taking down a big chunk of the internet a month later. But who's responsible for making the malware? After his site went dark, security researcher Brian Krebs went on a mission to identify its creator, and he thinks he has the answer: Several sources and corroborating evidence point to Paras Jha, a Rutgers University student and owner of DDoS protection provider Protraf Solutions.
About a week after attacking the security site, the individual who supposedly launched the attack, going by the username Anna Senpai, released the source code for the Mirai botnet, which spurred other copycat assaults. But it also gave Krebs the first clue in their long road to uncover Anna Senpai's real-life identity -- an investigation so exhaustive, the Krebs made a glossary of cross-referenced names and terms along with an incomplete relational map.
The full story is admittedly lengthy, clocking in at over 8000 words, but worth the time to understand how botnet wranglers make money siccing their zombie device armies on unsuspecting targets. The sources that pointed Krebs to Anna Senpai's identity were involved in using botnets on behalf of shadowy clients, unleashing them on security companies protecting lucrative Minecraft servers that host thousands of players. When their online gaming is obstructed -- say, by repeated and annoying DDoS attacks -- players leave, giving servers an incentive to jump ship to whichever security provider can ensure protection...in this case, providers that arranged for the botnet attacks in the first place.
According to Krebs' source, his security site was looped into the botnet war after it revealed information in early September leading to the arrest of the two hackers behind the Israeli 'vDos' attack service. Anna Senpai was allegedly paid to unleash Mirai on the KrebsOnSecurity site by vengeful clients who'd used the now-defunct vDos, cementing the security firm's interest.