Respected security analyst Brian Krebs published a report today detailing his research into who authored Mirai, a publicly available piece of malware that can be used to infect devices with online connections (think: printers, routers, etc.) and unite them into botnets capable of executing massive distributed-denial-of-service (DDoS) attacks.
Mirai and its ilk garnered headlines around the world last year after it was employed to DDoS the servers of DNS provider Dyn and “break the Internet” by taking down popular websites like Twitter, Reddit, Netflix and more.
Countless game developers rely on these services, and they may be curious to read Krebs’ report that the author of the Mirai malware — and indeed, the business of conducting DDoS attacks in general — is deeply intertwined with Mojang’s mega-popular game Minecraft.
Krebs claims the real identity of Mirai author “Anna-Senpai” is Paras Jha, who at one point described himself as the president of Minecraft-focused DDoS protection firm ProTraf Solutions. It’s unclear if he still works at the company — Krebs claims Jha has not (yet) responded to his request for comment, while a ProTraf Solutions representative reportedly told him that “we [are] in the process of restructuring and refocusing what we are doing.”
Moreover, Krebs reports Jha got interested in the mechanics of DDoS attacks as a Minecraft fan and server operator who complained online when his own popular Minecraft server was attacked. Krebs believes this inspired Jha to take an interest in DDoS protection, and notes that Jha’s LinkedIn page includes stints at multiple high-profile Minecraft servers.
Plus, in a now-deleted (but recovered via the Internet Archive) personal bio, Jha describes himself as an aspiring Minecraft modder and game developer.
“My passion is to utilize my skills in programming and drawing to develop entertaining games and software for the online game Minecraft,” reads the excerpt of his personal bio published by Krebs. “Someday, I plan to start my own enterprise focused on the gaming industry targeted towards game consoles and the mobile platform.”
Krebs’ whole post is fascinating, and well worth reading in full if you’re at all interested in the position Minecraft servers hold in the DDoS attack business.
“The Minecraft industry is so competitive,” Robert Coelho, chief of fellow Minecraft-focused DDoS protection service ProxyPipe, told Krebs. “If you’re a player, and your favorite Minecraft server gets knocked offline, you can switch to another server. But for the server operators, it’s all about maximizing the number of players and running a large, powerful server. The more players you can hold on the server, the more money you make. But if you go down, you start to lose Minecraft players very fast — maybe for good.”