Photographee.eu - Fotolia
Investigative security journalist Brian Krebs has claimed that a distributed denial of service (DDoS) protection provider is the most likely creator of the Mirai malware that was designed to carry out the largest DDoS attacks to date.
The Mirai malware enables attackers to hijack thousands of devices making up the internet of things (IoT), such as webcams, to launch DDoS attacks.
The malware was used to carry out a string of crippling DDoS attacks in September and October 2016 that affected several websites, including Twitter, Spotify, Reddit, PayPal and Krebs on Security.
Krebs, whose news site was hit by a DDoS attack of 620 gigabits per second (Gbps) in size on 22 September 2016, has since worked to discover the true identity of the malware author.
About a week after the attack on Krebs on Security, the attacker – using the name Anna-Senpai – released the source code for Mirai on an underground forum, spawning dozens of copycat attacks.
A Mirai variant caused the mass shutdown of Deutsche Telekom routers, reportedly affecting more than 900,000 customers, and nearly 2,400 home routers across the UK were infected with a variant of the Mirai botnet code.
After “hundreds of hours of research”, Krebs claimed that Paras Jha, owner of DDoS attack mitigation company ProTraf Solutions, was the most likely creator of the Mirai malware.
Read more about Mirai
- Customers of broadband internet service providers (ISPs) Post Office Broadband and Kcom have been hit by a cyber attack perpetrated by the evolving Mirai internet of things (IoT) botnet.
- Organisations with an online presence should prepare for terabit-class Mirai IoT botnet-based DDoS attacks that could knock almost any business offline or disable chunks of the internet.
- The Mirai DDoS attack on DNS firm Dyn at the end of October 2016 highlighted both the vulnerability of the world’s internet infrastructure and the dangers of leaving devices unsecured.
- A new nematode worm proof of concept could help the internet avoid the next massive Mirai IoT botnet DDoS attack, but experts are unsure of the legality of the option.
After the Mirai malware code was released, security experts expressed fears of a surge in powerful DDoS attacks capable of taking almost any company offline.
Initial investigations indicated that Mirai was the work of a person named Anna-Senpai, but Krebs says he eventually linked the name to Jha, who has also used the alias Dreadiscool and OG_Richard_Stallman.
He alleges that Jha and others created the Mirai code and used it to attack Minecraft servers to generate business for Jha’s DDoS mitigation service.
After months of research, Krebs claims that Ammar Zuberi, a former ProTraf Solutions colleague of Jah, informed him that Jah had admitted to being the author of Mirai.
But when Jah finally responded to a request for comment from Krebs, he denied creating the Mirai code and telling Zuberi that he had, according to an update to the original report by Krebs.
“I don’t think there are enough facts to definitively point the finger at me,” Jha told Krebs. “Besides this article, I was pretty much a nobody. No history of doing this kind of stuff, nothing that points to any kind of sociopathic behaviour. Which is what the author is – a sociopath.”