Software Integrity Blog


Minecraft and the Mirai IoT botnet connection

Gamers, warring over turf, may have launched the Mirai botnet, according to research by Brian Krebs at Krebs on Security.

On Wednesday, Krebs published a long and detailed article explain his months-long investigation into the author of the Mirai botnet, which was used to darken the internet for much of North America for several hours in October. The botnet has been notable because it is one of the largest to exploit known vulnerabilities in common surveillance cameras sold worldwide.

After the botnet’s author, using the nickname Anna-senpai, first published the source code, Krebs said others noticed some similarities to other botnet code using by warring gamers online.

Krebs says he now knows the real-life identity of Anna-senpai. The person is part of a gang that has in the past created software to perform distributed denial-of-service (DDoS) attacks on servers hosting the popular Minecraft game. Krebs says the individuals in this gang have participated in DDoS-for-hire services, which allow unskilled users to launch high-impact attacks.

Krebs says that Minecraft customers began coming under attack as early as 2015 from a botnet made up of IoT devices infected with malware called Qbot. Christopher “CJ” Sculti Jr., then 17 years old, is alleged to have created Qbot and other DDoS-enabling botnets that take advantage of vulnerabilities in IoT devices. Krebs said that shortly before his website was shut down with a massive DDoS attack, he’d been contacted by Sculti. But Sculti is not thought to be the person behind Anna-senpai.

Krebs bases much of his article on the claims of Robert Coelho, vice president of ProxyPipe, Inc., a San Francisco company that specializes in protecting Minecraft servers from attacks. Coelho and Sculti have battled each other for years. But the man behind Anna-senpai is allegedly Paras Jha, the 20-year-old president of ProTraf Solutions, a company that helps people defeat Qbot and other DDoS attack botnets. As further proof, Krebs finds that Rutgers University has had problems with DDoS attacks on its networks. Jha is a student at Rutgers University. While circumstantial, Krebs finds it plausible the attacks were proofs-of-concept to demonstrate that Jha’s tools worked.

Neither Jha nor Rutgers responded to Krebs’ request for comment.


More by this author