Categories: Security

Journalist Brian Krebs ‘Unmasks’ Mirai Botnet Developer

The Mirai botnet, most famously used in an attack that brought down Twitter, Reddit, Netflix and other high-profile sites last year, was allegedly written by a young developer who started off in the business of protecting servers from denial-of-service attacks, according to a report.

The report by computer security journalist Brian Krebs, whose website was one of Mirai’s targets, uncovered a number of details indicating that “Anna-Senpai”, the pseudonymous creator of Mirai, is a young man named Paras Jha, founder of distributed denial-of-service (DDoS) attack protection firm ProTraf Solutions.

Minecraft protection

From operating high-profile Minecraft servers Jha went on to create ProTraf with a focus on protecting those servers from downtime, a highly competitive market, according to Krebs.

Minecraft, the second best-selling computer game of all time after Tetris, is offered on servers that allow players to interact in a single virtual world.

He then allegedly joined in the business ProTraf had been set up to combat, offering targeted denial-of-service attacks for $100 (£81) in Bitcoin for each five minutes of downtime.

He was paid by Minecraft server operators to launch attacks against rival servers and also used his botnet resources against competing DDoS protection firms, according to Krebs.

Open source

Krebs said Anna-Senpai – a reference to a popular Japanese cartoon – appears to be only one of dozens of online pseudonyms for Jha. “Mirai” is likewise a reference to the anime series Mirai Nikki, according to Krebs’ research.

ProTraf offered no comment except to tell Krebs it is “in the process of restructuring and refocusing what we are doing”, while Jha has not yet responded to requests for comment, Krebs said.

While Mirai – which draws on attack power from unprotected Internet-connected devices such as TalkTalk routers, cameras and set-top boxes – was initially for Anna-Senpai’s personal use, the developer later made the code public.

That public code was used in October of last year as part of an attack on Oracle-owned DNS provider Dyn which disrupted a number of high-profile websites.

Do you know all about security? Try our quiz!

Matthew Broersma

Matt Broersma is a long standing tech freelance, who has worked for Ziff-Davis, ZDnet and other leading publications

Recent Posts

Hackers Target Australia’s Largest Pension Funds

Multiple pension funds in Australia have been hit in co-ordinated hacking attacks, and unfortunately customers…

21 hours ago

Pentagon Confirms Investigation Of Signal Use By Pete Hegseth

Inspector General at the Pentagon confirms investigation into the use of Signal app by US…

22 hours ago

Amazon Resumes Drone Deliveries In US

After a two month hiatus following crashes of a new drone model, Amazon has resumed…

1 day ago

Amazon Joins Bidders To Acquire TikTok In US

But will Beijing or ByteDance allow sale? Amazon joins potential bidders for TikTok in US,…

2 days ago

Elon Musk Dismisses Reports Of Imminent Departure From DOGE

Elon Musk dismisses report that Trump told cabinet that he expects Musk to leave his…

2 days ago