Krebs Pinpoints the Likely Author of the Mirai Botnet

The Mirai botnet caused serious trouble last fall, first hijacking numerous IoT devices to make a historically massive Distributed Denial-Of-Service (DDoS) attack on KrebsOnSecurity's site in September before taking down a big chunk of the internet a month later. But who's responsible for making the malware? From a report on Engadget: After his site went dark, security researcher Brian Krebs went on a mission to identify its creator, and he thinks he has the answer: Several sources and corroborating evidence point to Paras Jha, a Rutgers University student and owner of DDoS protection provider Protraf Solutions. About a week after attacking the security site, the individual who supposedly launched the attack, going by the username Anna Senpai, released the source code for the Mirai botnet, which spurred other copycat assaults. But it also gave Krebs the first clue in their long road to uncover Anna Senpai's real-life identity -- an investigation so exhaustive, the Krebs made a glossary of cross-referenced names and terms along with an incomplete relational map.

How about the link directly to Krebs?

[Kludge]

https://krebsonsecurity.com/20... [krebsonsecurity.com]

BK rocks BTW.

Re:How about the link directly to Krebs?

[DrXym]

Engadget suck. They digest stories and then bury the original source link amongst many others, most of which point back into their own site. They should be banned as the source of any story they didn't originate themselves.

Re:

[Anonymous Coward]

Many of which end up here a day later, so...

Re:

[DrXym]

That's very true too. I've often seen a news article crawl from its original source through aggregators before it turns up here. But at least this site serves a purpose beyond just being some kind of clickbait ball of aggregated content and inward pointing links.

Engadget used to a lot better site but not these days. Pick any article and if the original source is cited at all it'll be 2, 3, 4, 5 links into the article with all the other links pointing to other Engadget stories, each of which pulls the same

Re:How about the link directly to Krebs?

[ole_timer]

I posted krebs directly yesterday, the editors chose this nonsense today instead, go figure.

Re:

[Anonymous Coward]

Probably makes em more money from the links

Re:

[ole_timer]

I'd move your response up but I already commented. Thanks for the comment.

Re:

[Coren22]

How do you propose moving the ACs comment? This isn't reddit.

Re:

[ole_timer]

the way i moved up yours - after a while you earn moderator points

Re:

[Coren22]

Moderator points don't move a comment, they just make it more visible. That is why I was asking about the terminology (in a joking manner), no comments move around on the page.

Re:

[tlhIngan]

Engadget suck. They digest stories and then bury the original source link amongst many others, most of which point back into their own site. They should be banned as the source of any story they didn't originate themselves.

Usually, but this one was quite easy to find. Hint: Never look in the article for the link - look below and there's usually a "Source" link which links to the sources for the article. It's not buried, but it's not hard to find, though the coloring could be better. That's more of a CSS pr

Re:

[l20502]

Can't load it, Is it being DDoSed again? Here's a link to an archived version [archive.org]

Re:

[kaizendojo]

Thanks - article reads like Stoll's The Cuckoo's Egg!

Re:

[Raenex]

BK rocks BTW.

Yep, he gets it: "The object of Minecraft is to run around and build stuff, block by large pixelated block. That may sound simplistic and boring, but an impressive number of people positively adore this game -- particularly pre-teen males."

Re:

[xxxJonBoyxxx]

Alleged response from Anna-senpai:
https://www.reddit.com/r/AskReddit/comments/5nqq3c/serious_people_whove_written_malicious_code/dce7rh9/

Re:

[gweihir]

BK rocks BTW.

He does. Let's hope he is right and that this person will have to pay for all the damage he did. If not, criminal business practices like this will become more common...

Re:

[sinij]

Don't write and use DDoS bots if you don't want to end up on the front page of the Internet is fairly simple, but you got caught and now sour grapes about it. Maybe try bragging less next time?

Re:

[JustAnotherOldGuy]

"...an investigation so exhaustive," Really? How exhaustive was it? Are we talking 2 searches on Google Exhaustive? Or what?

It's almost like you didn't read the article.

Re:

[LifesABeach]

RTFA?! Why? If one casually notices the quotes, it's those two little marks placed together, it's used to 'quote' a source. The quoted source implies that the reader doesn't comprehend what is being explained. In other words, the writer is insulting your intelligence. You can accept it, I do not.

Re:

[Daetrin]

Given your use of grammar i'm guessing that maybe English isn't your first language? If someone says "X was so Y" followed by a comma and then a statement, it is generally accepted that the statement following the comma is in support of "X was so Y".

So your original question "Really? How exhaustive was it?" was answered immediately after the bit you quoted, which is why everyone else who is more fluent in English was confused by you asking the question in the first place. To them the answer was right ther

Re:

[JustAnotherOldGuy]

Lol, "The Krebs".

Re:

[JustAnotherOldGuy]

RTFA?! Why? If one casually notices the quotes, it's those two little marks placed together, it's used to 'quote' a source. The quoted source implies that the reader doesn't comprehend what is being explained.

I agree, it's clear that you don't comprehend what is being explained.

If, however, you had taken a moment to just look at the article it probably would have answered your ignorance, demonstrated by what you wrote: "Really? How exhaustive was it? Are we talking 2 searches on Google Exhaustive? Or what?"

You're free to be as ignorant as you like but don't get your panties in a twist when others point out that your ignorance is a self-inflicted wound.

Re:

[LifesABeach]

I'm commenting on the post; see the quotes, they have a use. Google it?

Re:

[JustAnotherOldGuy]

I'm commenting on the post; see the quotes, they have a use. Google it?

Some people are hard of hearing but you appear to be hard of thinking.

WRONG! Totally false.

[mmell]

LifesABeach is all talk, talk, talk. Takes more than Google search, you can't tell who did it unless you catch him in the act. Sad.

Re:

[LifesABeach]

In this day and age, that appears to be enough. Loser. -- with no apologies to the fat ass and chief.

Link to Krebs

[Anonymous Coward]

This is a technical community. Why link to a pre-digested Engadget re-telling of a really great piece by Krebs?

Comment removed

[account_deleted]

Comment removed based on user account deletion

Re:

[sinij]

If you aren't into this for ego reasons, then you are likely end up as a white hat. Almost every time these people get caught is because of bragging and/or social angle. However, you always see them getting over-paranoid on technical issue. Considering that some of them even good at social engineering, you'd think they get OPSEC.

Why engadget?

[Anonymous Coward]

Why link to a 4-paragraph crappy article when Krebs just posted a masterpiece in infosec reporting? PS: Is it me or Engadget has just given up on reporting altogether and are posting ONLY 2-3 paragraph stories now with 30 ads around them?

My guess was wrong

[Anonymous Coward]

I had theorized a frustrated biochem student who mistakenly attributed the creator of the Krebs Cycle [umich.edu].

Re:

[TechyImmigrant]

I had theorized a frustrated biochem student who mistakenly attributed the creator of the Krebs Cycle [umich.edu].

Yes, but it doesn't really work like that if you're on statins.

Indictments?

[davidwr]

Indictments in 3...2...1...

The only question is will that be days, weeks, months, or years?

Re:

[TFlan91]

Meh, sounds more like the anger I harbor.

Which is more "Fuck you for getting there first" than just "Fuck you".

I would argue that no one on this site would be against controlling botnets of this size and capability. Half of you already site behind networks ranging in the thousands of devices.

Re:

[lactose99]

Nah, some people, even here, have an actual conscience.

Re:

[JustAnotherOldGuy]

Which is more "Fuck you for getting there first" than just "Fuck you".

Nope, not me. I genuinely hate the idea that one or two fuckheads with a botnet can wreck the internet for tens of thousands or even millions of people, or destroy the livelihood of people who are just trying to do something like providing a legitimate service such as a Minecraft server.

-

I would argue that no one on this site would be against controlling botnets of this size and capability.

I disagree...I don't think that the majority of people on Slashdot are amoral fuckheads without a shred of integrity. You might fit into that category, however.

Re:

[gtall]

Yep, and it is easy to figure out who did what and when. All you need do is ask them.

Rodrigo Duterte

[swb]

Would agree with your crime fighting methods.

I can't say that I don't like it in theory, but in practice it seems to have some side effects.

Re:

[JustAnotherOldGuy]

I can't say that I don't like it in theory, but in practice it seems to have some side effects.

I know, there always seems to be some collateral damage, but what can you do? It's not a perfect world, amirite?

If you want we could just give them a super-expedited trial and then life imprisonment but the follow-on costs of doing that concern me.

Re:

[UberVegeta]

For once, AC didn't even need to read the article - it's in the summary. Anna is claimed to be a man.

Get Doxed

[Luthair]

Criminals

Why go public instead of notifying the FBI?

[MobyDisk]

Surely the FBI is trying to find out the identity of the criminal who created this botnet. Why would Krebs go public with it, instead of going to the authorities? At the bottom of the article, it says "The FBI officials could not be immediately reached for comment." What does that mean? "could not be immediately reached?" Why was he doing this investigation alone? And why did the author of the botnet release the source code?

Re:

[houstonbofh]

Why was he doing this investigation alone?

Vengeance. Jha messed with Krebs, and Krebs messed back. Hard. And by going public, Jha can not attack him since he is too busy trying to burn the evidence. It is also a message to others...

Re:

[geek]

Krebs better be right or Jha will have one hell of a defamation case against him

Re:

[klui]

Seems like Brian connected the dots.

Re:

[Anonymous Coward]

Krebs is an investigative journalist.

Why did they release the code?? To brag.

Correct Article

[Luthair]

https://krebsonsecurity.com/2017/01/who-is-anna-senpai-the-mirai-worm-author/

We do we link to some shitty gadget blog instead of the original author with real credibility?

Now...

[argStyopa]

...the point would be that this person be punished fully to the degree appropriate to the economic damage they wrought.

I like execution for any crime where the costs exceed $1 million, whether they're a hacker or Goldman Sachs.

Re:

[Guybrush_T]

It depends if you stole $1 million from a crook or from many people who didn't have much money in the first place.

If you want to make the punishment fair, at least make it proportional to that actual harm done to people. Money means nothing.

Re:

[MrL0G1C]

Like hacking into one pc and saying 'hi' causing their firm to have to spend 2 million upgrading all their pcs security.... or sharing 20 tunes.

HAHAHAHAHAHA

[l0n3s0m3phr34k]

IMHO, this is the best part of this story: "Digital Shadows noted that the Mirai author appears to have used another nickname: “OG_Richard_Stallman,”"

wow awesome!

[citylivin]

I actually read through the whole article and its great detective work. I get the feeling people were bragging to krebby because of how famous he is and they, being anonymous hackers, can never shut up and stop bragging. I love how the reddit account mentioned has recent postings (last one 3 days ago), hasn't been scrubbed, and links together many aspects of the guys life (his love for anime, the dorm he lives in at ruttegers, discussion of botnets and networking).

A life lived online is not very anonymous it seems! especially when you re-use handles and are young and really really like to brag.

Hopefully he made enough to buy a plane ticket away from the USA before the shoe drops on him. I'd be at the airport right now if i was him. Love how Jha says at the end "I don't think there are enough facts to definitively point the finger at me," Jha said. âoeBesides this article, I was pretty much a nobody. "

Well so were all the serial killers and other sociopaths of history... obviously! Someone did the detective work and now they are notorious, like you.

My advice? Run! The FBI surely has enough resources to get IP address for skype users, and reddit gives up their users at the drop of a hat. The FBI can easily take possession of his computer equipment with this kind of evidence. I doubt he was that careful and everything is tight and anonymous at the layer 3 level.

Expecting to see him arrested within days! FBI doesn't like to be made a fool of!

ISR

[SeaFox]

In Soviet Russia, senpai gets noticed!

Re:

[vel-ex-tech]

Win.

Russians hack everything

[wwalker]

Wait, I thought it was Russians? After all, "Mirai" means "gullible" in Russian.

Re:

[klui]

Or "Future" in Japanese. The author watched Mirai Nikki and was inspired by the anime. All in BK's article.

Nothing like a good old fashioned witch hunt.

[Stephen Holstein]

Sucks to be the one singled out.

Re:Nothing like a good old fashioned witch hunt.

[amicusNYCL]

Yeah it really sucks when you find out that someone investigating all of the murders in town notices that the bloody footprints keep leading to your door.

If he didn't want to go down for this then he shouldn't have done it. I probably have more respect for Brian Krebs than any other journalist, he's obviously not infallible but his investigations and articles are great pieces of work. After reading the article, it seems pretty unlikely that there is another person in that small group of people who are connected which is actually the author but somehow didn't get noticed by Krebs. Jha admitted that the author of the botnet is a sociopath, so he's at least self-aware, but I'm not going to shed any tears for him when the FBI comes calling again. His attacks have run into the hundreds of thousands or millions of dollars, and he's directly negatively impacting the lives of many other people. If you want to try to poke holes in any of Krebs' arguments then go ahead, but if you haven't even read his article then it's probably better to save your witch hunt cliche for a time when it applies.

This article kills working time! Goog Read

[eionmac]

The original article is good but a long read.

Why do it?

[gantry]

American individuals who play this game, and do not have Mafia lawyers, will eventually receive long prison sentences for multiple counts of extortion.

The upside is the rush of power, and revenues in the thousands of dollars. These are poor compensation for a decade or more in the slammer.