
Who is Anna-Senpai, the Mirai Worm Author? - chopin
https://krebsonsecurity.com/2017/01/who-is-anna-senpai-the-mirai-worm-author
======
ploggingdev
Previous discussion :
[https://news.ycombinator.com/item?id=13428824](https://news.ycombinator.com/item?id=13428824)

Mods, the current url points to somewhere in the middle (contains a #).
Consider editing the url to point to [https://krebsonsecurity.com/2017/01/who-
is-anna-senpai-the-m...](https://krebsonsecurity.com/2017/01/who-is-anna-
senpai-the-mirai-worm-author/)

The article makes for a fascinating read (could form the basis of a Social
Network style movie), and also brings up the topic of IoT security. IoT
devices in usage are only going to increase in number, so if the manufacturers
don't get their act together, multi TBps DDoS capable botnets operated by
teenagers will become the new normal.

Links worth mentioning:

AnnaSenpai 5 days ago on reddit (story adds up) :
[https://www.reddit.com/r/AskReddit/comments/5nqq3c/serious_p...](https://www.reddit.com/r/AskReddit/comments/5nqq3c/serious_people_whove_written_malicious_code/dce7rh9/)

Chat between AnnaSenpai and a victim: [https://krebsonsecurity.com/wp-
content/uploads/2017/01/annas...](https://krebsonsecurity.com/wp-
content/uploads/2017/01/annasenpaichat.txt)

~~~
SomeStupidPoint
I often feel that crimes "committed by teenagers" are a distraction from the
real criminals.

Let's look at drugs, for instance: a lot of teenagers are used as street
dealers and runners, because they're new to an organization, easily
replaceable, and shield key people from liability.

As a youngster online, I found a lot of tools that contained backdoors or
takeover methods, and my suspicion always was that older, professional hackers
were dangling toys out there so we'd do a lot of their dirty work setting up
botnets and providing cover noise so they could hide behind our actions in a
similar manner.

~~~
SCHiM
It's an old trick. In the cybercriminal world there's a service called
'crypting'. It's used to delay or remove detection of malware samples by anti-
virus products. It's easy to build one with the right technical skills.

It's one of four things that you need for a succesfull campaign really:

    
    
        A viable piece of malware (nowadays probably ransomware, in the past it was banking malware)
        Infrastructure (servers for updates and command and control)
        A speading method (spamruns, phishing, exploits etc.)
        A way for retaining infections (keeping your malware of the radar, updating the binary)
    

The problem for many newbies in the cybercrime world is that the good crypters
(any crypter at all really) cost money. A newbie can't program anything
themselves, and don't want to spend money. So they go for one of the 'free'
crypters. Obviously the malware obfuscated with one of the free crypters will
contain a little 'extra'.

This is a beneficial scheme for all the parties involved, the inexperienced
newbies have access to tools to obfuscate their third-rate malware, the more
experienced members benefit from some extra spreading of their own malware for
free and with minimal ties to themselves.

Perhaps this will become less viable for criminals in the future because
ransomware does not play well with any other infection on the system. As
opposed to adding some banking malware to a newbies RAT.

All the other free tools are probably full of 'extras' too, with the rare
exception of a free tool released purely for reputation gains and vouches.

------
fennecfoxen
Because the article doesn't mention it all, and because it's interesting to
ponder what fictional dystopian futures are sufficiently of interest to virus
authors and the like that they use names from those works:

"In a dystopian future, the Japanese government is cracking down on any
perceived immoral activity from using risqué language to distributing lewd
materials in the country, to the point where all citizens are forced to wear
high-tech devices called Peace Makers (PM) at all times that analyse every
spoken word and hand motions for any action that could break the law. A new
high school student named Tanukichi Okuma enters the country's leading elite
"public morals school" to reunite with his crush and student council
President, _Anna Nishikinomiya_.

... After being accidentally kissed by Tanukichi, she develops an obsessive
love for him but due to lack of knowledge on "immoral" subjects she ends up
expressing her love in extreme tendencies. These include pursuing him
relentlessly and attempting to rape him, endangering Kosuri and Ayame when she
sees them with Tanukichi, and becoming far more harsh and strict on her
surveillance, believing that by doing "justice" and "good things" she will be
loved by him."

–
[https://en.wikipedia.org/wiki/Shimoneta](https://en.wikipedia.org/wiki/Shimoneta)

And that's Anna-senpai, the fictional character.

~~~
astrange
Shimoneta and B-Gata H-Kei are just teen sex comedies. RIP Miyu Matsuki.

"Gate" (not the same thing) is an extreme Japanese right-wing military
fetish[1] about how rebuilding your self-defense force into an army and
invading fantasy kingdoms would be really cool.

[1] "extreme Japanese right-wing" = "American centrist" as far as guns go

~~~
metaphorm
I don't know how extreme right-wing Gate is. only in the sense that it
portrays JDF sympathetically, and possibly raises a constitutional issue about
just how "expeditionary" the JDF is allowed to be. In the Gate storyline it
emphasizes really heavily how the heroic virtue of individuals creates
positive outcomes. It's an overly simplistic and romantic view of human nature
and political realities, but it's really just intended to be some shonen fun.

When I think of extreme Japanese right-wing I think more like Yukio Mishima

[https://en.wikipedia.org/wiki/Yukio_Mishima](https://en.wikipedia.org/wiki/Yukio_Mishima)

ultra-nationalist and imperial restorationist who led a failed coup attempt.

------
Apocryphon
Based on this article, are a majority of DDOS-prevention firms really just
hacker outfits who are launching attacks on rival firms?

~~~
ocdtrekkie
Hasn't it always generally been kinda known or suggested that a lot of black
hat hackers actually have information security jobs somewhere? If you have a
talent that is well-paid for, it's pretty likely you're going to want a real
job where people pay you to do it.

~~~
Apocryphon
I didn't realize that there were DDOS protection "firms" that had less than
ten people, operating as security companies. I had assumed that most companies
would simply hire Cloudflare or FireEye. Much easier to act as a gang when
your firm only has a few people who are all in on it.

------
throw2016
Let alone the US the security services of nearly any state can take care of
this. But no, they want to access and use these services and have plausible
deniability and so let them exist and extort others.

I don't think anyone imagines the NSA, the russian or chinese security
services do not have the ability to put a stop to this, at least those parts
that are in their control.

~~~
putsteadywere
"...at least those parts that are in their control." And there's the rub! In
the article, the author notes that Ukrainian command-and-control is used in
the attacks on these western services... and if they were attacking Ukrainian
services, they wouldn't locate their command-and-control there.

You've identified an obvious solution and presumed that no-one is pursuing it,
in dereliction of the facts.

------
Dolores12
If i were anna-senpai, i would put my own anti-ddos servers down to avoid
suspicion. hence here is a question:

have any of ProtTraf servers been hit by Mirai botnet?

