Brian Krebs published a lengthy post on Wednesday, claiming the author of the Mirai botnet was a computer engineering student at Rutgers University named Paras Jha, also known by his online alias, Anna-Senpai.
According to the investigation carried by Krebs on Security, Mirai may have spawned from years of rivalry between rival DDoS mitigation companies specializing in protecting Minecraft servers.
It took four months for the journalist to trace Jha’s identity since his site was attacked last September. Jha has since denied all claims made by Krebs.
Anna-Senpai runs a Minecraft DDoS protection firm
Similar to a movie plot, the story of how Mirai came to be is a perfect good-turned-evil kind of tale. As a teenager, Paras Jha A.K.A Anna-Senpai was busy running Minecraft servers instead of taking them down with cyber-attacks.
Early bios posted under the online alias dreadiscool show the alleged Mirai author was once a computer enthusiast eager to work on his favorite games, particularly the popular sandbox title Minecraft.
As it turns out, Paras Jha would eventually go on to work maintaining a popular Minecraft servers for a couple of years before defecting to the dark side to pursue more ambitious goals.
After dealing with several DDoS attacks, Anna-Senpai founded ProTraf Solutions, a company that offers cybersecurity and specializes in DDoS threats.
Why do people target Minecraft servers?
Popular Minecraft servers can make up to $50,000 a month and host hundreds of thousands of players at a time every day. As such, they are attractive targets both for guardians and wrongdoers who seek to try out their hacking skills.
When ProTraf Solutions opened for business they did not have any clients, so the easiest way to go was to take down the mightiest servers protected by competing companies and then lure them in with their services.
Krebs started connecting the dots from this point on, noticing fishy details as he and others kept digging to discover who was behind one of the most harmful pieces of code released in recent years.
The evidence indicates ProTraf uses the Mirai Botnet to lure clients away from rival companies
Multiple parties confirmed the modus operandi of the Anna-Senpai-led ProTraf Solutions, including Robert Coelho, president of the rival ProxyPipe Inc. and one of Krebs main sources.
The journalist managed to get ahold of Josiah White, one of ProTraf’s two employees under Paras Jha’s leadership. He admitted writing parts of early IoT botnets that eventually turned into Mirai.
Another ProTraf worker, Ammar Zuberi, further compromised Jha’s identity as Mirai’s author, linking the 20-year-old student directly to the code and confirming he has even met the man in person and stayed in his house in New Jersey.
“I DON’T THINK THERE ARE ENOUGH FACTS TO DEFINITELY POINT THE FINGER AT ME. NOTHING THAT POINTS TO ANY KIND OF SOCIOPATHIC BEHAVIOR. WHICH IS WHAT THE AUTHOR IS, A SOCIOPATH,” replied Paras Jha.
Source: Krebs on Security