The Mirai botnet caused a lot of troubles in the fall of 2017 beginning with the hijacking of numerous IoT devices to create an historically huge Distributed Denial-Of-Service (DDoS) attack on KrebsOnSecurity's website in September, before removing an entire chunk of the internet within a month. But who's responsible for making the malware? just another wordpress site Brian Krebs, security researcher, set out to find the source of the malware after his website was shut down. He discovered a variety of sources and evidence that point to Paras Jha (a Rutgers University student who is also the owner of DDoS security provider Protraf Solutions).
The source code of the Mirai botnet was released by the attacker, who was referred to under Anna Senpai's name around a week later. This led to the emergence of other copies of the attacks. It also provided Krebs with the first clue on the long road to discover Anna Senpai's true identity. Krebs created a glossary of terms and names with cross-references and an incomplete map of relations.
The full report is admittedly lengthy, clocking in at over 8000 words, but it's worth the time to learn how botnet wranglers earn money by deploying zombie devices on innocent targets. The sources that pointed Krebs to Anna Senpai's identity were involved in using botnets on behalf of clients in shadows, and unleashing them on security firms that protect lucrative Minecraft servers that host thousands of players. Players will leave if their online gaming is affected, for example, by irritating DDoS attacks or repeated DDoS attacks. Servers are enticed to switch to security providers which can protect them and, in this case, the same providers who orchestrated the botnet attacks.
Krebs sources claim that Krebs' security site was attacked in the botnet war by it revealing information in September, which led to the arrests of the two hackers behind the Israeli "vDos" attack service. Anna Senpai was believed to have been paid to unleash Mirai on the KrebsOnSecurity site by vengeful clients who'd used the vDos service that's now gone and thereby bolstering the security company's interest.