Security experts have managed to uncover the identity of the creator of the infamous Mirai botnet known under the alias of Anna-senpai.
Mirai’s Anna-Senpai Unmasked
Security researchers have long been trying to uncover the identity behind one of the most dangerous computer criminals for the past year – the creator of the Mirai botnet. He/She has been known simply as Anna-senpai which is a generic alias that doesn’t really mean much besides the Japanese title for a mentor. Brian Krebs, one of the most famous experts on security, has made an in-depth research to uncover the person behind the botnet which was used to attack his own site as well.
The first clues that reveal the programmer’s identity were made by taking a look at the victims of the botnet. The virus propagates across the world and attempts to recruit all victims into a massive relay that can be used by computer criminals.
While investigating further into the history of the campaigns Krebs was able to track down Anna-senpai by talking to other hackers. Eventually he was lead to the LinkedIn profile of a match – Paras Jha, who is the president of ProTraf Solutions. According to Krebs his programming language skills match the Mirai code and level of sophistication that the botnet features. The programmer has listed the following summary on his profile:
Anna-Senpai has posted his application for membership into a hacking collective known as “Nightmare” by posting the following information about himself:
Location and Languages Spoken: English
Which of the aforementioned categories describe you the best?: Programmer / Development
What do you Specialize in? (List only): Systems programming / general low level languages (C + ASM)
Why should we choose you over other applicants?: I have 8 years of development under my belt, and I’m very familiar with programming in a variety of languages, including ASM, C, Go, Java, C#, and PHP. I like to use this knowledge for personal gain.”
Krebs continued his investigation to see if the discovered match is legitimate. He uncovered that he had used the alias dreadiscool in the past which belongs to different accounts on online forums that are dedicated to computer programming and Minecraft. Surprisingly the nickname also reveals his profile on the popular Anime site My Anime List. From there we can see that Jha has stated that one of the anime series that he has watches is Mirai Nikki. This is the probable origin of the botnet name.
The rest of the story details several large-scale Mirai attacks and snippets of chats initiated with Anna-senpai. For more information you can read Krebs’s detailed blog post.