The Mirai botnet caused major trouble last fall in the beginning, hijacking a number of IoT devices to create an historically huge Distributed Denial-Of-Service (DDoS) attack on KrebsOnSecurity's site in September, and then removing an entire chunk of the internet within a month. Who is responsible for the malware? Brian Krebs, security researcher was determined to discover the source of the malware after his site went down. He discovered a variety of sources and evidence that point to Paras Jha (a Rutgers University student who is also the owner of DDoS protection company Protraf Solutions).
The source code for the Mirai botnet was released by the attacker, who went under the name Anna Senpai, around a week later. This led to the emergence of other copies of the attacks. It also provided Krebs with the first clue in their long journey to discover Anna Senpai's true identity. Krebs created a glossary of terms and names with cross-references and a partial relational map.
The full report is admittedly long, clocking in at over 8000 words, but it's worth the time to learn how botnet wranglers earn a living siccing their zombie device armies on innocent targets. The sources that pointed Krebs to Anna Senpai's identity were involved in using botnets on behalf of dark clients, releasing them on security companies protecting lucrative Minecraft servers which host thousands of players. Players will leave the server if their online gaming experience is disrupted, such as by irritating DDoS attacks or repeated DDoS attacks. This provides servers with a reason to switch to security companies which can protect them and, in this case, the same providers who orchestrated the botnet attacks.
According to Krebs the source, his security site was involved in the botnet war when it leaked information in the early September leading to the arrest of the two hackers responsible for the Israeli 'vDos' attack service. Mcnames Anna Senpai was allegedly paid to unleash Mirai on the KrebsOnSecurity website by angry clients who had used the now-defunct vDos and thereby bolstering the security company's interest in.