Categories: Security

Journalist Brian Krebs ‘Unmasks’ Mirai Botnet Developer

The Mirai botnet, most famously used in an attack that brought down Twitter, Reddit, Netflix and other high-profile sites last year, was allegedly written by a young developer who started off in the business of protecting servers from denial-of-service attacks, according to a report.

The report by computer security journalist Brian Krebs, whose website was one of Mirai’s targets, uncovered a number of details indicating that “Anna-Senpai”, the pseudonymous creator of Mirai, is a young man named Paras Jha, founder of distributed denial-of-service (DDoS) attack protection firm ProTraf Solutions.

Minecraft protection

From operating high-profile Minecraft servers Jha went on to create ProTraf with a focus on protecting those servers from downtime, a highly competitive market, according to Krebs.

Minecraft, the second best-selling computer game of all time after Tetris, is offered on servers that allow players to interact in a single virtual world.

He then allegedly joined in the business ProTraf had been set up to combat, offering targeted denial-of-service attacks for $100 (£81) in Bitcoin for each five minutes of downtime.

He was paid by Minecraft server operators to launch attacks against rival servers and also used his botnet resources against competing DDoS protection firms, according to Krebs.

Open source

Krebs said Anna-Senpai – a reference to a popular Japanese cartoon – appears to be only one of dozens of online pseudonyms for Jha. “Mirai” is likewise a reference to the anime series Mirai Nikki, according to Krebs’ research.

ProTraf offered no comment except to tell Krebs it is “in the process of restructuring and refocusing what we are doing”, while Jha has not yet responded to requests for comment, Krebs said.

While Mirai – which draws on attack power from unprotected Internet-connected devices such as TalkTalk routers, cameras and set-top boxes – was initially for Anna-Senpai’s personal use, the developer later made the code public.

That public code was used in October of last year as part of an attack on Oracle-owned DNS provider Dyn which disrupted a number of high-profile websites.

Do you know all about security? Try our quiz!

Matthew Broersma

Matt Broersma is a long standing tech freelance, who has worked for Ziff-Davis, ZDnet and other leading publications

Recent Posts

Google Goes On Trial In US Over Ad Tech Dominance

US trial of Google over ad tech market power begins, with forced divestiture of ad…

2 hours ago

US DOJ To Propose Google Penalties By End Of Year

US judge gives Justice Department until end of year to formulate plan for Google punishment…

9 hours ago

Trump ‘To Appoint Musk’ To Gov’t Efficiency Role If Elected

Donald Trump says he would appoint Elon Musk to lead government efficiency commission if elected,…

10 hours ago

Australian Official Received Death Threats After Musk Criticism

Australian eSafety commissioner says she received death threats after Musk criticised her for trying to…

10 hours ago

Man Arrested After ‘Earning Millions’ From AI Music Tracks

US man allegedly earned more than $10m in royalties streaming hundreds of thousands of fake…

11 hours ago

NCSC Calls Out Cyber-Attacks From Russia’s GRU

UK's NCSC and allies outline campaign of attacks from unit of Russia's military intelligence service…

11 hours ago