Historic DDoS Cyberattacks Linked to Rutgers Student
The massive DDoS attacks have shut down Rutgers University’s network several times.
A prominent cybersecurity reporter is claiming to have exposed the author of the largest Distributed-Denial-of-Service attack in history.
Brian Krebs, who runs a popular internet security blog, published the results of a lengthy investigation he conducted into the Mirai botnet on Wednesday.
The Mirai botnet has been responsible for the largest DDoS cyberattacks ever seen, using thousands of hacked IoT devices to overwhelm websites by flooding them with data.
Someone using the name Anna Senpai online recently released the source code for Mirai, making large-scale copycat DDoS attacks much more likely.
Krebs’ investigation, which began after his own website was taken down in Mirai’s debut, links Rutgers University student Paras Jha to Anna Senpai and the Mirai attacks.
Kreb’s website krebsonsecurity.com was forced offline for nearly four days and lost cloud service provider Akamai in September after Mirai crashed the site with 620 gigabits of data per second, which was more than double the previous DDoS record at the time, reports New York Magazine.
Later Mirai attacked a French web-hosting company with one terabit of data per second, which is still the record for the largest DDoS attack in history. Interest in the cyberattacks rose further when Director of National Intelligence James Clapper went on record saying the person responsible for Mirai was likely a non-state actor.
Kreb took Anna Senpai’s attack on his site personally and says he spent hundreds of hours uncovering who was responsible. The result is an 8,000 word post that links the student with a series of massive DDoS attacks.
“The first clue to Anna Senpai’s identity didn’t become clear until I understood that Mirai was just the latest incarnation of an IoT botnet family that has been in development and relatively broad use for nearly three years,” Krebs wrote.
The origins of Mirai can be seen in a series of cyberattacks on Minecraft servers that people use to make money off of the game, and later was used in several DDoS attacks that crippled Rutgers’ network in the fall of 2015.
In those attacks, the hacker refused to stop paralyzing the university’s network until they hired a DDoS protection service. Jha is the president of DDoS mitigation service ProTraf.
Krebs also used a series of Anna Senpai’s posts in hacker threads to show the resemblance between the skills of the DDoS hacker and Jha. Additionally, Krebs says one of Jha’s former coworkers admitted to him that Jha bragged about being responsible for the Rutgers attacks in his dorm room in October 2015.
“He was laughing and bragging about how he was going to get a security guy at the school fired, and how [Rutgers] raised school fees because of him,” Jha’s former coworker Ammar Zuberi told Kreb. “He didn’t really say why he did it, but I think he was just sort of experimenting with how far he could go with these attacks.”
Rutgers, the FBI and the Department of Homeland Security, who have been investigating the origins of Mirai and may have already questioned Jha, have not commented on the allegations yet. Jha has also not responded.
Read Next: Don’t Let Your IP Cameras Get Hacked
Read More Articles Like This… With A FREE Subscription
Campus Safety magazine is another great resource for public safety, security and emergency management professionals. It covers all aspects of campus safety, including access control, video surveillance, mass notification and security staff practices. Whether you work in K-12, higher ed, a hospital or corporation, Campus Safety magazine is here to help you do your job better!