A security researcher has claimed to have found the identity of a hacker behind the Mirai botnet that used thousands of IoT devices to launch DDoS attacks against the internet.
According to Brian Krebs, the hacker, known as “Anna Senpai”, is in fact a student studying at Rutgers University in the US, he alleged.
Krebs made the claim after an extensive investigation. He found out that far from suddenly emerging last year, the malware has been developed and deployed over the last three years.
The botnet enlisted 145,000 IoT devices as well as CCTV cameras to attack, among others, French hosting provider OVH and customers of Deutsche Telekom.
Krebs’ website was also forced offline in October by a 620Gbps data avalanche.
He said that the Mirai IoT botnet has been used many times in conjunction with an online protection racket. In one such incident, owners of servers running popular building game Minecraft were offered distributed denial of service (DDoS) protection prior to becoming victims of a DDoS attack.
“These so-called DDoS attacks are digital sieges in which an attacker causes thousands of hacked systems to hit a target with so much junk traffic that it falls over and remains unreachable by legitimate visitors. While DDoS attacks typically target a single website or internet host, they often result in widespread collateral internet disruption,” Krebs said.
Krebs alleged that Anna Senpai was an alias of a person called Paras Jha, founder of DDoS protection service ProTraf. The investigation has led to the FBI interviewing the person over the allegations.
Krebs said that there were strong similarities between code used in Mirai and other code connected to Jha and his firm. Krebs added that Jha’s combination of computer language skills found on Jha’s LinkedIn page were “remarkably similar to the skills listed on Hackforums by none other than Mirai’s author — Anna-Senpai.”
Jha has denied any connection with Anna Senpai or wrongdoing.
Krebs said that so few cyber criminals are ever bought to justice. “I can tell you that the sheer amount of persistence and investigative resources required to piece together who’s done what to whom (and why) in the online era is tremendous,” he said.
Myles Bray, vice president, EMEA at ForeScout Technologies, told Internet of Business that it is incumbent on all organizations to ensure they both protect themselves from attack, but to ensure that their network resources aren’t being co-opted into attacks too, as seen with the recent Mirai attacks.
“Organizations need the ability to see all devices, including non-traditional IoT devices, the instant they connect to the network. They must enforce policy-based control of these devices – to limit the impact of a potential hack through dynamic segmentation, orchestrate information sharing and automate workflows among disparate security and IT management tools automatically when devices are compromised, as threats move too fast for employees and the security staff to deal with in real-time,” he said.