Krebs Pinpoints the Likely Author of the Mirai Botnet

The Mirai botnet caused serious trouble last fall, first hijacking numerous IoT devices to make a historically massive Distributed Denial-Of-Service (DDoS) attack on KrebsOnSecurity's site in September before taking down a big chunk of the internet a month later. But who's responsible for making the malware? From a report on Engadget: After his site went dark, security researcher Brian Krebs went on a mission to identify its creator, and he thinks he has the answer: Several sources and corroborating evidence point to Paras Jha, a Rutgers University student and owner of DDoS protection provider Protraf Solutions. About a week after attacking the security site, the individual who supposedly launched the attack, going by the username Anna Senpai, released the source code for the Mirai botnet, which spurred other copycat assaults. But it also gave Krebs the first clue in their long road to uncover Anna Senpai's real-life identity -- an investigation so exhaustive, the Krebs made a glossary of cross-referenced names and terms along with an incomplete relational map.

Clearly not Anna-senpai

Anna is a pure good girl who would never break the law like that!

How about the link directly to Krebs?

[Kludge]

https://krebsonsecurity.com/20...

BK rocks BTW.

Re:How about the link directly to Krebs?

[DrXym]

Engadget suck. They digest stories and then bury the original source link amongst many others, most of which point back into their own site. They should be banned as the source of any story they didn't originate themselves.

Re:How about the link directly to Krebs?

[l20502]

Can't load it, Is it being DDoSed again? Here's a link to an archived version

Re:How about the link directly to Krebs?

[kaizendojo]

Thanks - article reads like Stoll's The Cuckoo's Egg!

Re:How about the link directly to Krebs?

Many of which end up here a day later, so...

Re:How about the link directly to Krebs?

Working fine here as of 8:45am PST

Re:How about the link directly to Krebs?

[ole_timer]

I posted krebs directly yesterday, the editors chose this nonsense today instead, go figure.

Re:How about the link directly to Krebs?

[Raenex]

BK rocks BTW.

Yep, he gets it: "The object of Minecraft is to run around and build stuff, block by large pixelated block. That may sound simplistic and boring, but an impressive number of people positively adore this game -- particularly pre-teen males."

Re:How about the link directly to Krebs?

Probably makes em more money from the links

Re:How about the link directly to Krebs?

[ole_timer]

I'd move your response up but I already commented. Thanks for the comment.

Re:How about the link directly to Krebs?

[tlhIngan]

Engadget suck. They digest stories and then bury the original source link amongst many others, most of which point back into their own site. They should be banned as the source of any story they didn't originate themselves.

Usually, but this one was quite easy to find. Hint: Never look in the article for the link - look below and there's usually a "Source" link which links to the sources for the article. It's not buried, but it's not hard to find, though the coloring could be better. That's more of a CSS problem though.

Re:How about the link directly to Krebs?

[xxxJonBoyxxx]

Alleged response from Anna-senpai:
https://www.reddit.com/r/AskReddit/comments/5nqq3c/serious_people_whove_written_malicious_code/dce7rh9/

Re:How about the link directly to Krebs?

[Coren22]

How do you propose moving the ACs comment? This isn't reddit.

Re: How about the link directly to Krebs?

Sheer force of willpower, presumably.

Re:How about the link directly to Krebs?

[DrXym]

That's very true too. I've often seen a news article crawl from its original source through aggregators before it turns up here. But at least this site serves a purpose beyond just being some kind of clickbait ball of aggregated content and inward pointing links.

Engadget used to a lot better site but not these days. Pick any article and if the original source is cited at all it'll be 2, 3, 4, 5 links into the article with all the other links pointing to other Engadget stories, each of which pulls the same shit. The site is deliberately designed to retain visitors (for ad impressions), not for any original content, insight or opinion of their own.

Re:How about the link directly to Krebs?

[ole_timer]

the way i moved up yours - after a while you earn moderator points

Re:How about the link directly to Krebs?

[Coren22]

Moderator points don't move a comment, they just make it more visible. That is why I was asking about the terminology (in a joking manner), no comments move around on the page.

Re:How about the link directly to Krebs?

[gweihir]

BK rocks BTW.

He does. Let's hope he is right and that this person will have to pay for all the damage he did. If not, criminal business practices like this will become more common...

Link to Krebs

This is a technical community. Why link to a pre-digested Engadget re-telling of a really great piece by Krebs?

Re:Link to Krebs

So people can post the links in comments section and get free mod ups!

jesus christ.

[nimbius]

pinpointed the botnets original author? Are we sure Brian Krebs isnt some character out of the Marvel universe??

Re:jesus christ.

The thing about hackers is that they want to be caught. Or more precisely, they want the credit for their work.

Re:jesus christ.

[sinij]

If you aren't into this for ego reasons, then you are likely end up as a white hat. Almost every time these people get caught is because of bragging and/or social angle. However, you always see them getting over-paranoid on technical issue. Considering that some of them even good at social engineering, you'd think they get OPSEC.

Geez

Wow, what if it wasn't this Paras Jha guy? Defamation/slander/whatever!

Re:Geez

RTFA much?

Didn't think so...

Re:There are Times When...

[sinij]

Don't write and use DDoS bots if you don't want to end up on the front page of the Internet is fairly simple, but you got caught and now sour grapes about it. Maybe try bragging less next time?

Why engadget?

Why link to a 4-paragraph crappy article when Krebs just posted a masterpiece in infosec reporting? PS: Is it me or Engadget has just given up on reporting altogether and are posting ONLY 2-3 paragraph stories now with 30 ads around them?

Re:There are Times When...

Did you even read TFA? Moron.

My guess was wrong

I had theorized a frustrated biochem student who mistakenly attributed the creator of the Krebs Cycle.

Re:My guess was wrong

[TechyImmigrant]

I had theorized a frustrated biochem student who mistakenly attributed the creator of the Krebs Cycle.

Yes, but it doesn't really work like that if you're on statins.

What a stud

Brian Krebs rules.

Indictments?

[davidwr]

Indictments in 3...2...1...

The only question is will that be days, weeks, months, or years?

Re:Indictments?

Indictments in 3...2...1...

The only question is will that be days, weeks, months, or years?

This little dunecoon better hope the Feds get to him before someone else who has similar morals as him does. He'd better be watching the rear view mirror real carefully these days.

Re:Indictments?

This little dunecoon

On behalf of dunecoons everywhere, I consider this an insult of the highest order. After all, we dunecoons do have SOME standards. Not many, but some.

sounds like a foreigner

a southeast asian, there's a surprise. Those guys have no morals.

Re: sounds like a foreigner

As compared
To
One gov who supports the Saudi government in all its fundamentalist terrorist supporting glory.

Torch that little fuck

Given the level of investigative effort from Krebs, I hope this little shitstain gets the friggen' chair.

Re:Torch that little fuck

Calm down there, even if Krebs is right and this individual was the author of the botnet it still remains to be seen if it was an intentional release. A DDOS protection service would by its very nature need to study botnets. Its possible that it was some kind of test case that got out of control. On the other hand if they intentionally released it to drum up business they most definitely deserve a harsh punishment (though probably not that harsh).

Re:Torch that little fuck

I don't care if the release of the code was intentional or not. My first problem is that he WROTE AND USED his own code to infect devices and DDOS people who refused to pay protection money (sign up for his Protraf shit). The fact that the code ALSO went out means a ton of other faggot kids can do the same even after this asshole is long gone.

Whether his "DDOS mitigation service" is actually even able to stop other attacks, or is (unbeknownst to the mark) just a promissory note that he won't perform his own DDOS attacks, remains to be seen. I absolutely wouldn't be surprised if it's the latter.

Confiscate everything he owns and return it to the affected, shove a sword up his ass. Then slow fry him for providing little faggots with a DDOS-for-hire service and lop off extremities while he's sizzling for letting the code out there. God damn kids need to learn that there are serious consequences when their bullshit affects the real world. I've seen very clearly, thanks to the failed experiment that is the participation badge generation reaching (physical) adulthood, that positive reinforcement and mollycoddling clearly doesn't help kids reach mental adulthood. Bring back harsh negative reinforcement for a generation and let's see how they stack up against the millennials. My money is on BETTER IN ABSOLUTELY EVERY WAY. More respectful, respectable, well adjusted and capable of existing in reality.

Re:Torch that little fuck

It's a protection racket. Buy his DDOS mitigation services or get DDOS'd. This kid just doesn't have the muscle most professional NJ extortionists have at the ready. I'm sure some Tony's and Paulie's can be hired for less than he charges for protection. The only reason he still has functional knees is the mob apparently doesn't run Minecraft servers. - igotsyourddosmitigationrighthere

Re: Torch that little fuck

What are you implying, that this little test case botnet became sentient and started attacking Krebs' site and publishing its source code all of its own? The singularity!

Re:There are Times When...

[JustAnotherOldGuy]

"...an investigation so exhaustive," Really? How exhaustive was it? Are we talking 2 searches on Google Exhaustive? Or what?

It's almost like you didn't read the article.

Danger to Anna now?

So if Anna hurt a lot of folks who have a demonstrated willingness to break the law, and they find out the details on who anna is, will anna get hurt in some economic, reputation, or bodily harm way?

My guess is that Anna knows the community they worked within, and their abilities, and can determine the threat level.

It might be a good time for law enforcement of some sort to keep an eye on Anna so that they can use her as a honeypot, and put not only the Mirai author in prison, but the folks who would likely pay to have Anna harmed, in prison too.

Re:Danger to Anna now?

Did you even read the article on Kreb's site? Sometimes I can't help but smh at the comments on /.

Re:Danger to Anna now?

[UberVegeta]

For once, AC didn't even need to read the article - it's in the summary. Anna is claimed to be a man.

Re:I'm not kidding

[TFlan91]

Meh, sounds more like the anger I harbor.

Which is more "Fuck you for getting there first" than just "Fuck you".

I would argue that no one on this site would be against controlling botnets of this size and capability. Half of you already site behind networks ranging in the thousands of devices.

Re:I'm not kidding

[gtall]

Yep, and it is easy to figure out who did what and when. All you need do is ask them.

Re:I'm not kidding

[lactose99]

Nah, some people, even here, have an actual conscience.

Get Doxed

[Luthair]

Criminals

Re:There are Times When...

[LifesABeach]

RTFA?! Why? If one casually notices the quotes, it's those two little marks placed together, it's used to 'quote' a source. The quoted source implies that the reader doesn't comprehend what is being explained. In other words, the writer is insulting your intelligence. You can accept it, I do not.

Why go public instead of notifying the FBI?

[MobyDisk]

Surely the FBI is trying to find out the identity of the criminal who created this botnet. Why would Krebs go public with it, instead of going to the authorities? At the bottom of the article, it says "The FBI officials could not be immediately reached for comment." What does that mean? "could not be immediately reached?" Why was he doing this investigation alone? And why did the author of the botnet release the source code?

Re:Why go public instead of notifying the FBI?

[houstonbofh]

Why was he doing this investigation alone?

Vengeance. Jha messed with Krebs, and Krebs messed back. Hard. And by going public, Jha can not attack him since he is too busy trying to burn the evidence. It is also a message to others...

Re:Why go public instead of notifying the FBI?

Krebs is an investigative journalist.

Why did they release the code?? To brag.

Re:Why go public instead of notifying the FBI?

[geek]

Krebs better be right or Jha will have one hell of a defamation case against him

Re:Why go public instead of notifying the FBI?

[klui]

Seems like Brian connected the dots.

Correct Article

[Luthair]

https://krebsonsecurity.com/2017/01/who-is-anna-senpai-the-mirai-worm-author/

We do we link to some shitty gadget blog instead of the original author with real credibility?

Re:Correct Article

Because this website is slowly, but surely, turning into a complete farce.

Re:There are Times When...

[LifesABeach]

I'm commenting on the post; see the quotes, they have a use. Google it?

Re:I'm not kidding

A few applications of my patented "shotgun to the face" treatment and most if not all of these shitbags would reconsider the value of running botnets and DDOS ops.

No, they wouldn't. Punishment must be applied consistently in order to have a deterrent effect.

Example: Speeding Tickets

Lots of people exceed the posted speed limit.
Few instances of speeding are actually ticketed by police.
Driver's reaction: "That cop just got lucky that time." And they keep speeding.

Increasing the inconsistently applied punishment will only up the stakes.
The operators would choose higher value targets and do more damage.
And when cornered, they will fight harder and do worse in order to avoid being caught.
It doesn't make sense to surrender peacefully to prolonged torture and certain death.

Nonsense. We already know who the author is.

Putin.

Now...

[argStyopa]

...the point would be that this person be punished fully to the degree appropriate to the economic damage they wrought.

I like execution for any crime where the costs exceed $1 million, whether they're a hacker or Goldman Sachs.

Re:Now...

[Guybrush_T]

It depends if you stole $1 million from a crook or from many people who didn't have much money in the first place.

If you want to make the punishment fair, at least make it proportional to that actual harm done to people. Money means nothing.

Re:Now...

and i like post birth abortion for anyone dumb enough to make a statement like yours. let's do mine first...

Re:Now...

[MrL0G1C]

Like hacking into one pc and saying 'hi' causing their firm to have to spend 2 million upgrading all their pcs security.... or sharing 20 tunes.

HAHAHAHAHAHA

[l0n3s0m3phr34k]

IMHO, this is the best part of this story: "Digital Shadows noted that the Mirai author appears to have used another nickname: “OG_Richard_Stallman,”"

Re:HAHAHAHAHAHA

Probably some fa/g/ on 4chan. It was heavily discussed on there in /g/.

Rodrigo Duterte

[swb]

Would agree with your crime fighting methods.

I can't say that I don't like it in theory, but in practice it seems to have some side effects.

Re:Rodrigo Duterte

[JustAnotherOldGuy]

I can't say that I don't like it in theory, but in practice it seems to have some side effects.

I know, there always seems to be some collateral damage, but what can you do? It's not a perfect world, amirite?

If you want we could just give them a super-expedited trial and then life imprisonment but the follow-on costs of doing that concern me.

WRONG! Totally false.

[mmell]

LifesABeach is all talk, talk, talk. Takes more than Google search, you can't tell who did it unless you catch him in the act. Sad.

Re:There are Times When...

[Daetrin]

Given your use of grammar i'm guessing that maybe English isn't your first language? If someone says "X was so Y" followed by a comma and then a statement, it is generally accepted that the statement following the comma is in support of "X was so Y".

So your original question "Really? How exhaustive was it?" was answered immediately after the bit you quoted, which is why everyone else who is more fluent in English was confused by you asking the question in the first place. To them the answer was right there in plain sight.

In full: "an investigation so exhaustive, the Krebs made a glossary of cross-referenced names and terms along with an incomplete relational map." In other words it was so exhaustive that he had to produce multiple kinds of reference material just to make the sum total of the data understandable.

Admittedly that doesn't provide a great deal of detail, implying the "exhaustiveness" of the investigation by the amount of data produced, but providing an answer that is light in details is not the same as not providing an answer at all. Also, referring to Brian Krebs as "the Krebs" is a little weird, but it's not entirely uncommon for people to refer to a notable individual in such a manner.

Same Kludge who used to run a MUSH?

Just curious ^.^

wow awesome!

[citylivin]

I actually read through the whole article and its great detective work. I get the feeling people were bragging to krebby because of how famous he is and they, being anonymous hackers, can never shut up and stop bragging. I love how the reddit account mentioned has recent postings (last one 3 days ago), hasn't been scrubbed, and links together many aspects of the guys life (his love for anime, the dorm he lives in at ruttegers, discussion of botnets and networking).

A life lived online is not very anonymous it seems! especially when you re-use handles and are young and really really like to brag.

Hopefully he made enough to buy a plane ticket away from the USA before the shoe drops on him. I'd be at the airport right now if i was him. Love how Jha says at the end "I don't think there are enough facts to definitively point the finger at me," Jha said. âoeBesides this article, I was pretty much a nobody. "

Well so were all the serial killers and other sociopaths of history... obviously! Someone did the detective work and now they are notorious, like you.

My advice? Run! The FBI surely has enough resources to get IP address for skype users, and reddit gives up their users at the drop of a hat. The FBI can easily take possession of his computer equipment with this kind of evidence. I doubt he was that careful and everything is tight and anonymous at the layer 3 level.

Expecting to see him arrested within days! FBI doesn't like to be made a fool of!

Re:I'm not kidding

[JustAnotherOldGuy]

Which is more "Fuck you for getting there first" than just "Fuck you".

Nope, not me. I genuinely hate the idea that one or two fuckheads with a botnet can wreck the internet for tens of thousands or even millions of people, or destroy the livelihood of people who are just trying to do something like providing a legitimate service such as a Minecraft server.

-

I would argue that no one on this site would be against controlling botnets of this size and capability.

I disagree...I don't think that the majority of people on Slashdot are amoral fuckheads without a shred of integrity. You might fit into that category, however.

Re:There are Times When...

[JustAnotherOldGuy]

RTFA?! Why? If one casually notices the quotes, it's those two little marks placed together, it's used to 'quote' a source. The quoted source implies that the reader doesn't comprehend what is being explained.

I agree, it's clear that you don't comprehend what is being explained.

If, however, you had taken a moment to just look at the article it probably would have answered your ignorance, demonstrated by what you wrote: "Really? How exhaustive was it? Are we talking 2 searches on Google Exhaustive? Or what?"

You're free to be as ignorant as you like but don't get your panties in a twist when others point out that your ignorance is a self-inflicted wound.

Re:There are Times When...

[JustAnotherOldGuy]

Lol, "The Krebs".

Re:There are Times When...

[JustAnotherOldGuy]

I'm commenting on the post; see the quotes, they have a use. Google it?

Some people are hard of hearing but you appear to be hard of thinking.

Re:WRONG! Totally false.

Admittedly, from the quality/depth of the linked article, one might be left to wonder...

ISR

[SeaFox]

In Soviet Russia, senpai gets noticed!

Re:ISR

[vel-ex-tech]

Win.

Russians hack everything

[wwalker]

Wait, I thought it was Russians? After all, "Mirai" means "gullible" in Russian.

Re:Russians hack everything

[klui]

Or "Future" in Japanese. The author watched Mirai Nikki and was inspired by the anime. All in BK's article.

Re:Russians hack everything

It doesn't.

Re:I'm not kidding

What? You can't legitimately make money with CS skills, so you need to ruin everyone else's lives instead being a parasite? FUCK YOU. Not for being first, but for rationalizing being a prick.

THIS is how you attribute hackers, with facts

THIS is how you attribute hackers, with facts.

Hey - NSA, FBI and 15 other "intelligence" agencies, pay attention if you want people to believe your 13+ pg reports.

Krebs is engaging in a witch hunt.

He is butt hurt about the loss of his site and is witch hunting. Be very wary of anything that comes out of his mouth, as he is starting to sound and act like Captain Ahab.

Re:There are Times When...

Lol, check out Daetrin's response below, you fucking simpleton. LMAOOOO

Nothing like a good old fashioned witch hunt.

[stephen.holstein]

Sucks to be the one singled out.

Re:Nothing like a good old fashioned witch hunt.

[amicusNYCL]

Yeah it really sucks when you find out that someone investigating all of the murders in town notices that the bloody footprints keep leading to your door.

If he didn't want to go down for this then he shouldn't have done it. I probably have more respect for Brian Krebs than any other journalist, he's obviously not infallible but his investigations and articles are great pieces of work. After reading the article, it seems pretty unlikely that there is another person in that small group of people who are connected which is actually the author but somehow didn't get noticed by Krebs. Jha admitted that the author of the botnet is a sociopath, so he's at least self-aware, but I'm not going to shed any tears for him when the FBI comes calling again. His attacks have run into the hundreds of thousands or millions of dollars, and he's directly negatively impacting the lives of many other people. If you want to try to poke holes in any of Krebs' arguments then go ahead, but if you haven't even read his article then it's probably better to save your witch hunt cliche for a time when it applies.

stop repeating yourself

stop repeating yourself

use a comment subject that isn't the first sentence of your actual comment.

use a comment subject that isn't the first sentence of your actual comment.

gets annoying, doesn't it?

gets annoying, doesn't it?

Re:There are Times When...

you're a douchebag. nothing is wrong with his/her grammar. they even capitalized and punctuated correctly, even though this isn't a fucking book and doesn't need it fuckface!

Re:WRONG! Totally false.

[LifesABeach]

In this day and age, that appears to be enough. Loser. -- with no apologies to the fat ass and chief.

This article kills working time! Goog Read

[eionmac]

The original article is good but a long read.

Why do it?

[gantry]

American individuals who play this game, and do not have Mafia lawyers, will eventually receive long prison sentences for multiple counts of extortion.

The upside is the rush of power, and revenues in the thousands of dollars. These are poor compensation for a decade or more in the slammer.