A large portion of Internet users was not able to reach most important web services, many websites like including Twitter, GitHub, PayPal, Amazon, Reddit, Netflix, and Spotify were down for netizens in the US.
The same IoT botnet was used to launch a massive Distributed Denial of Service (DDoS) attack against the website of the popular cyber security investigator Brian Krebs who decided to investigate about the author of the dangerous malware.
In October a hacker released the source code of the Mirai malware, a reference to the malicious code was spotted by Brian Krebs on the popular criminal hacker forum Hackforum. The Hackforum user with moniker “Anna-senpai” shared the link to the source code of the malware “Mirai.”
“The leak of the source code was announced Friday on the English-language hacking community Hackforums. The malware, dubbed ‘Mirai’ spreads to vulnerable devices by continuously scanning the Internet for IoT systems protected by factory default or hard-coded usernames and passwords.” reported Krebs.
The Mirai malware was specifically designed to infect Internet of Things (IoT) devices using the credential factory settings, a circumstance that is quite common in the wild.
Brian Krebs believes to have discovered the real identity of the mysterious Anna-senpai, his name is Paras Jha, the owner of a distributed denial-of-service (DDoS) attack mitigation company ProTraf Solutions.
“After months of gathering information about the apparent authors of Mirai, I heard from Ammar Zuberi, once a co-worker of ProTraf President Paras Jha.
Zuberi told KrebsOnSecurity that Jha admitted he was responsible for both Mirai and the Rutgers DDoS attacks. Zuberi said when he visited Jha at his Rutgers University dorm in October 2015, Paras bragged to him about launching the DDoS attacks against Rutgers.” wrote Krebs.
“He was laughing and bragging about how he was going to get a security guy at the school fired, and how they raised school fees because of him,” Zuberi recalled. “He didn’t really say why he did it, but I think he was just sort of experimenting with how far he could go with these attacks.””
The man alleged created the Mirai botnet and spread it to recruit the largest number of IoT devices.
Krebs reported that in 2014, an earlier variant of the Mirai botnet was used to launch DDoS attacks against Minecraft servers which can generate up to US$50,000 a month.
Krebs discovered that Jha along with other players developed the Mirai bot and used it to power an attack against the Minecraft servers to lure disgruntled customers. The providers that ignored Jha’s requests were hit by massive DDoS attacks.
Krebs explained that Jha contacted upstream providers to request the shutdown of rival IoT firms, then he developed the Mirai bot to attack rival Qbot botnets.
Krebs cited a Webinar presented on December 16, by the experts at the firm Digital Shadows that exposed the findings on the investigation about the Mirai author’s real life identity. According to Digital Shadows, the person behind the Anna-Senpai moniker also used the nickname “Ogmemes123123” and the email address firstname.lastname@example.org. He also discovered that the Mirai author has used another nickname, “OG_Richard_Stallman,” a clear reference to the founder of the Free Software Foundation. The email@example.com account was also used to register a Facebook account in the name of OG_Richard Stallman.
That Facebook account reports that OG_Richard_Stallman began studying computer engineering at New Brunswick, NJ-based Rutgers University in 2015., the same University attended by Paras Jha. The Rutgers University suffered a series of DDoS attacks on its systems since 2015, the attacker suggested the school purchase a DDoS mitigation service.
Krebs also highlighted that the skills listed on Jha’s LinkedIn page are the same of the Mirai author Anna-senpai ‘s HackForums.
The Krebs’s analysis is very intriguing and full of details … enjoy it!
(Security Affairs – Anna-senpai, Mirai Author)