Researcher claims to expose identity of Mirai Botnet Author

Brian Krebs, the famous Infosec journalist whose website KrebsOnSecurity was targeted with a massive amalgamation of Mirai botnets to launch a notorious DDoS attack in October 2016, has managed to identify the perpetrator of the crime. It seems Brian Krebs has been working hard to unmask the creator of Mirai botnet that has been creating havoc in the world of online security by compromising a huge number of Internet of Things (IoT) devices to create a series of infected botnets.

After his website had gone down for four consecutive days due to a massive attack ranging up to 665 Gbps data traffic, Krebs started investigating to ascertain the identity of the person who was responsible for the attack and much more such attacks on high-profile organizations including DynDNS. According to Krebs, his analysis is a result of “hundreds of hours of research” as he was “desperately seeking the missing link between seemingly unrelated people and events.”

Krebs stated that a majority of DDoS attacks are launched to make quick cash. For instance, a company that offers DDoS protection would want to launch DDoS attacks on certain targeted clients so that they get convinced about the dangers of not obtaining their service and give into hiring them for DDoS protection.

In Krebs opinion, the same happened to his website and many other websites such as French hosting service provider OVH and Deutsche Telekom that were attacked with Mirai malware using hundreds and thousands of botnets in 2016.

Now the most important revelation; Who was behind the attack on Krebs website?

As per Krebs research, Protraf Solutions owner Paras Jha is responsible for recent attacks involving Mirai botnets, including the attack on his website krebsOnSecurity. Protraf Solutions is a DDoS protection service provider firm.

Initially, it was believed that a hacker who uses the name Anna-senpai was behind Mirai botnet. However, Krebs careful investigation has revealed that this assumption was not wrong at all since Anna-senpai is one of the many aliases of Paras Jha.

Anna Senpai putting Mirai botnet’s source code online

In response to how he can claim that Jha is behind the DDoS attacks launched through Mirai botnets, Krebs stated that his first clue was that Mirai was linked with a botnet code family known as either Bashlite, Q-bot and Torlus. This particular group infects systems using infected IoT devices and then it searches the web for other vulnerable IoT so that the botnet army could become stronger.

The second clue was the involvement of Lelddos, a criminal gang that has launched massive attacks on the server industry that supported Microsoft’s Internet game platform Minecraft. This group attacked server providers including ProxyPipe for not availing Minecraft fix through a certain online server protection service. So basically, Krebs is stating that Jha was the one behind the attacks on servers that supported Minecraft and didn’t use his DDoS protection service.

Krebs also noted that DataWagon’s owner Christopher CJ Sculti is an accomplice of Jha. DataWagon is another DDoS protection providing firm. So, Krebs claims that Lelddos gang comprises of Sculti and ProTraf owners. Krebs also revealed that apart from many other leads, a former co-worker at ProTraf admitted that Jha was responsible for Mirai. As expected, Jha has totally denied that he is Anna-senpai or that he is involved in the Mirai-based attacks.

Source: KrebsOnSecurity

Related Posts