Software Integrity Blog


Minecraft and the Mirai IoT botnet connection

Gamers, warring over turf, may have launched the Mirai botnet, according to research by KrebsonSecurity.

On Wednesday, Brian Krebs published a long and detailed article explain his month’s long investigation into the author of the Mirai botnet which was used to darken the internet for much of North America for several hours in October. The botnet has been notable because it is one of the largest to exploit known vulnerabilities in common surveillance cameras sold worldwide.

After the botnet’s author, using the nickname Anna Senpai, first published the source code, Krebs said others noticed some similarities to other botnet code using by warring gamers online.

KrebsonSecurity says it now knows the real-life identity of Anna Senpai, which means “upper classman” in Japanese. The person is part of a gang that has in the past created software to perform distributed denial of service (DDoS) attacks on servers hosting the popular Minecraft game. Krebs says the individuals in this gang have participated in DDoS-for-hire services which allow unskilled users to launch high-impact attacks.

Krebs says that Minecraft customers began coming under attack as early as 2015 from a botnet made up of IoT devices infected with malware called Qbot. Then-17-year-old Christopher “CJ” Sculti, Jr is alleged to have created Qbot and other DDoS-enabling botnets that take advantage of vulnerabilities in IoT devices. Krebs said shortly before his website was shut down with massive DDoS attack, he’d been contacted by Sculti. But Sculti is not thought to be person behind Anna Senpai.

Krebs bases much of his article on the claims by Robert Coelho is vice president of ProxyPipe, Inc., a San Francisco company that specializes in protecting Minecraft servers from attacks. Coelho and Sculti have battled each other for years. But the man behind Anna Senpai is allegedly Paras Jha, the 20-year old president of ProTraf Solutions, a company which helps people defeat Qbot and other DDoS attack botnets. A further proof, Krebs finds that Rutgers University has had problems with DDoS attacks on its networks. Jha is a student at Rutgers University. While circumstantial, Krebs finds it plausible the attacks were proof of concepts Jha’s tools worked.

Neither Jha nor Rutgers responded to Kreb’s request for comment.


More by this author