At the UK airport arrested the alleged administrator of the botnet Mirai

Last year, the Mirai worm and botnet attacked hundreds of thousands of cameras, digital set-top boxes and other IoT devices. The malware searched the network for open ports of such systems, went through the standard access data and infected gadgets whose owners did not replace the default accounts. As a result, a powerful botnet was formed, with which the creator of the malware organized several powerful DDoS attacks. Their power exceeded the majority of attacks carried out with the help of other botnets.

The first victims of the botnet were an information security specialist and journalist Brian Krebs, as well as French hosting provider OVN, plus Dyn . The latter provides network infrastructure and DNS services for a number of large US companies. As a result of attacks without access to services such as Twitter, Amazon, Tumblr, Reddit, Spotify and Netflix, hundreds of thousands, if not millions, of people remained. And now a man is arrested at the British airport who is suspected of carrying out some of the DDoS attacks carried out earlier.

His name is not called, but, judging by the information of some media, this person is a cybercriminal, known by the nickname BestBuy. He is not the creator of Mirai, but together with his partner, known as Popopret, he managed to seize control of a significant part of the Mirai botnet, complementing it with new vulnerable to hacking IoT devices. The modified botnet absorbed its predecessor and became a powerful tool for network attacks in the hands of hackers. BestBuy was able to fix the vulnerability of the previous version of the Mirai botnet, taking control of it.
')
BestBuy was also known for a successful attack aimed at hacking into the routers of users of the German provider Deutsche Telekom. Here he worked in tandem with another hacker with the nickname The Real Deal. After some time, both hackers apologized to the company's customers. “I would like to apologize to the customers of Deutsche Telekom - this (harming them, - ed.) Was not our goal,” said the attackers. In addition to Germany, the botnet attacked the network of Liberia, the UK, it was used to conduct cyber attacks on Spamhaus.

The Federal Office of Criminal Police of Germany announced the arrest of a 29-year-old young man on Tuesday. He is suspected of conducting attacks on the infrastructure of Deutsche Telekom. After the arrest, the police made a statement that the operation was successful thanks to the combined efforts of law enforcement agencies in Germany, Cyprus, the United Kingdom, as well as Europol and Eurojust .

Cypriot police helped investigate an attack on one of Liberia’s largest providers. This attack (it became known due to the work of information security specialists from the organization SpoofIT) was carried out using Cypriot IP addresses.

The fact that the police arrested the hacker with the nickname BestBuy, it became known from several sources. “BestBuy is taken,” said one of the information security experts who investigated the activities of this cybercriminal. The British National Criminal Agency also confirmed the arrest without, however, revealing details of the suspect’s arrest.

The fact that there is no connection with BestBuy and Popopret can be an indirect confirmation of the detention. According to the journalists of the Internet media Motherboart, the accounts of these users in various services are now offline. There is information that they have not been in touch since the beginning of February. The hackers in question are also suspected in the development and subsequent sale of the malware GovRAT.

Another interesting point is that BestBuy and Popopret may not be two different people, but one person. Last year, the BestBuy account at The Real Deal was hacked, and it became clear that two accounts were managed by one person.


Nicky sender and recipients are hidden by Motherboard journalists. According to them, the screen really confirms the above - the accounts of BestBuy and Popopret are controlled by one person. At least at The Real Deal

As for the creator of the malware Mirai, who became the beginning of the whole chain of hacks and DDoS attacks, then it is with a high degree of probability that programmer Paras Jha. The identity of this man, hiding under the name Anna Sepai, was revealed by Brian Krebs, who had already fallen victim to the Mirai botnet's DDoS attacks twice. He was tired of it, and the journalist began his own investigation. Perhaps the retention of BestBuy / Popopret was made possible thanks to his work. Probably it was not worth the attackers trying to "punish" Krebs, in the end they themselves dug a hole.