Untangling the Dark Web behind Mirai IOT Botnet DDoS Attacks

Who created the Mirai DDoS Attack Malware?

Last week noted security researcher Brian Krebs wrote a lengthy blog post on how he unraveled the mystery of who launched a massive Mirai botnet distributed denial of service (DDoS) attack on his site back in September of 2016. At the time, that attack was the largest DDoS attack ever, at 635 Gbps. A week after it happened, hacker by the name of “Anna Senpai” released the source code, which led to even larger attacks in the following weeks. Krebs has concluded that the real identity of Anna Senpai is Paras Jha. Ironically, Jha had been owner of a DDoS attack mitigation company, ProTraf Solutions. If Krebs’ allegation is true, then this is a tale of a good programmer who went bad: a white hat turned into a black hat. Jha denies the allegations.

The Full Brian Krebs DDoS Investigation

The Krebs post fleshes out a sordid tale of the seamy “grey” hacker world. I won’t spoil the story for you because frankly, it’s too long and complex to try to sum up here. Even Krebs couldn’t boil it down to a few hundred words, he included a glossary of the lengthy cast of characters in this online underworld. You’ll have to read the Krebs story for yourself.

Krebs is a natural cyber sleuth, so it’s only appropriate that he would be relentless in his quest to find out who launched the DDoS attack and hacked his site. My guess is that few law enforcement detectives would have the patience, skill, time and motivation to solve that mystery. It is a “who-dunit” kind of story that could be made into a film, in my humble opinion. Some Hollywood screenwriter has probably already written a screenplay similar to this one; but in this case, truth is stranger than fiction. Krebs’ account offers many elements of surprise, intrigue, greed, betrayal and competition.

Suffice to say that the story touches on many of the themes that we at Corero have written about and the cyber threats we defend against: DDoS for hire services, online gaming attacks, cyber extortion, ransomware and, of course, the Mirai botnet code.

For information about DDoS defense, contact us.

Leave a Reply