Categories: Security

Journalist Brian Krebs ‘Unmasks’ Mirai Botnet Developer

The Mirai botnet, most famously used in an attack that brought down Twitter, Reddit, Netflix and other high-profile sites last year, was allegedly written by a young developer who started off in the business of protecting servers from denial-of-service attacks, according to a report.

The report by computer security journalist Brian Krebs, whose website was one of Mirai’s targets, uncovered a number of details indicating that “Anna-Senpai”, the pseudonymous creator of Mirai, is a young man named Paras Jha, founder of distributed denial-of-service (DDoS) attack protection firm ProTraf Solutions.

Minecraft protection

From operating high-profile Minecraft servers Jha went on to create ProTraf with a focus on protecting those servers from downtime, a highly competitive market, according to Krebs.

Minecraft, the second best-selling computer game of all time after Tetris, is offered on servers that allow players to interact in a single virtual world.

He then allegedly joined in the business ProTraf had been set up to combat, offering targeted denial-of-service attacks for $100 (£81) in Bitcoin for each five minutes of downtime.

He was paid by Minecraft server operators to launch attacks against rival servers and also used his botnet resources against competing DDoS protection firms, according to Krebs.

Open source

Krebs said Anna-Senpai – a reference to a popular Japanese cartoon – appears to be only one of dozens of online pseudonyms for Jha. “Mirai” is likewise a reference to the anime series Mirai Nikki, according to Krebs’ research.

ProTraf offered no comment except to tell Krebs it is “in the process of restructuring and refocusing what we are doing”, while Jha has not yet responded to requests for comment, Krebs said.

While Mirai – which draws on attack power from unprotected Internet-connected devices such as TalkTalk routers, cameras and set-top boxes – was initially for Anna-Senpai’s personal use, the developer later made the code public.

That public code was used in October of last year as part of an attack on Oracle-owned DNS provider Dyn which disrupted a number of high-profile websites.

Do you know all about security? Try our quiz!

Matthew Broersma

Matt Broersma is a long standing tech freelance, who has worked for Ziff-Davis, ZDnet and other leading publications

Recent Posts

TikTok ‘Halts E-Commerce Expansion Plans’

TikTok reportedly scraps plans to expand TikTok Shop livestream commerce in Europe and US after…

9 hours ago

European Parliament Passes Landmark Tech Regulations

European Parliament votes to adopt Digital Markets Act and Digital Services Act, but campaigners warn…

9 hours ago

Indian Economic Police Raid Offices Of Smartphone Maker Vivo

Indian economic crime agency Enforcement Directorate raids dozens of locations across India belonging to China's…

11 hours ago

French Music Service Deezer Slumps On Market Debut

Spotify and Apple Music competitor Deezer falls below opening price after long-delayed IPO in Paris…

12 hours ago

Foxconn Expects Stronger Sales In Spite Of Economic Gloom

iPhone manufacturer Foxconn revises full-year expectations upward amidst strong consumer and data centre demand, bucking…

13 hours ago

Samsung ‘To See Profits Jump’ On Data Centre Demand

Industry analysts expect Samsung's profits to jump 15 percent for the second quarter as strong…

14 hours ago