Did a 20-year-old Rutgers student have anything to do with a massive cyber attack that took down a large portion of the internet? His family says no, but the FBI has questioned the young man, his family says.
NEW BRUNSWICK -- The FBI has interviewed a Rutgers University computer science student who has been identified by a well-known cyber security blogger as the likely author of the malicious code that caused a massive Internet disruption in October. The expert said the student also may be linked to repeated attacks on Rutgers' computer system starting in late 2014.
While he says he does not know who may have actually launched the massive "denial of service" or DDoS attacks last fall, the security researcher said the coding language used and other anecdotal evidence seemed to point to the 20-year-old-student as an author of the malware used to shut down hundreds of computer servers.
The father of the student, Paras Jha, 20, confirmed that federal investigators have questioned his son, but adamantly denied he had any knowledge of the attacks or was involved in any way.
In an interview with NJ Advance Media at his Fanwood home, the father, Anand Jha, said his son is one of the principals at ProTraf, a company he said helps clients avoid online attacks. But he said his son had nothing to do with the attacks that caused widespread disruptions.
"I know what he is capable of," Jha said. "Nothing of the sort of what has been described here has happened."
He said the FBI has been in touch with his son more than once. Initially, the family believed authorities were trying to help their son, but they now believe the FBI is trying to build a case against him.
"It is tough. He is just a college kid who doesn't know what is going on," the father said. 'The truth will come out."
Attorney Robert Stahl, a former assistant U.S. attorney who has been retained by the family, said the younger Jha has not been charged with any wrongdoing and was innocent. He said the focus on the student largely stemmed from the apparent findings of Brian Krebs, a former Washington Post reporter who writes a highly influential computer security blog.
"The Krebs alleged investigation makes several leaps of logic," Stahl said. "We'll be conducting our own investigation and are looking forward to clearing this young man's name."
A Rutgers spokeswoman, Karen Smith, said she could not comment on the status of the investigation.
"We continue to cooperate with all appropriate law enforcement authorities in connection with the ongoing investigation of the DDoS attacks," Smith said. "This is a very serious matter and we will have no further comment while this matter is under investigation."
The U.S. Attorney's office declined comment.
A DDoS attack is a program that floods computer servers with requests, causing the online service to overload and shutting down websites.
Rutgers was the target of a series of attacks over the past two years, forcing the university to hire at least three consulting firms to help test its networks and upgrade its computer security.
A wider series of cyber-strikes, which struck last fall nationwide, was attributed to an infected network of computers loaded with malicious software that came to be known as the so-called Mirai botnet.
Brian Krebs, who writes a blog called Krebsonsecurity, began researching who might be possible after his own site was taken down by a strain of the Mirai botnet last summer.
Krebs said the most frequent target of the attacks were web servers used to host Microsoft's popular computer game Minecraft, which can be played from any device and on any internet connection.
"A large, successful Minecraft server with more than a thousand players logging on each day can easily earn the server's owners upwards of $50,000 per month, mainly from players renting space on the server to build their Minecraft worlds, and purchasing in-game items and special abilities," Krebs explained in his blog post.
He reported that ProTraf reportedly had repeatedly sought to snare customers from another DDoS protection provider and that within days after an attack on that provider, many of its most most lucrative Minecraft servers had moved over to servers protected by ProTraf.
Krebs said there were strong similarities in some of the Mirai code and other on-line coding that made a connection to Jha and his company.
He also said he spoke to a former co-woker of Jha, Ammar Zuberi, who told Krebs that Jha admitted he was responsible for both Mirai and the Rutgers DDoS attacks. He said Zuberi told him that when he visited Jha at his Rutgers University dorm in October 2015, the student bragged to him about launching the DDoS attacks against Rutgers.
"He was laughing and bragging about how he was going to get a security guy at the school fired, and how [Rutgers] raised school fees because of him," Krebs said Zuberi told him. "He didn't really say why he did it, but I think he was just sort of experimenting with how far he could go with these attacks."
Stahl, Jha's attorney, denied his client made any statement to Zuberi.
In a phone interview with NJ Advance Media, Krebs said he was not accusing the Rutgers student of launching the Oct. 21 attack, one of the broadest and most devastating in history, with hundreds of web sites crippled for hours or days.
But Krebs said months of sleuthing pointed to Jha as the on-line hacker persona Anna-Senpai, who had claimed responsibility for earlier denial of service attacks on servers using various iterations of Mirai.
Weeks before the historic Oct. 21 attack, Krebs said, Anna-Senpai publicly released the code, allowing anyone with bad intentions to use it or modify it for future attacks.
"Anna-Senpai had a part in writing Mirai, if he didn't write the whole thing, and he released it so if he got caught by law enforcement, he wouldn't be the only one holding the code," Krebs said.
Krebs said he could not personally say with certainty that Jha is Anna-Senpai. But he said people he interviewed for the 8,000-word post said they believed Jha was the author.
"I'm saying there are a lot of clues that suggest that. And a number of people have suggested that -- people who know him pretty well," Krebs said.
Krebs believes there is also evidence to suggest Anna-Senpai is the hacker behind the denial-of service attacks that targeted Rutgers in 2015 and 2016.
And what if Jha is not Anna-Senpai?
"Good for him," Krebs said. "If he's not, he'll definitely have name recognition, that's for sure."
Stahl said Krebs' findings hardly stand as evidence, and he specifically took issue with the cybersleuth's contention that Jha and Anna-Senpai could be the same person because they are both fluent in identical programming languages.
"There were lots of leaps of logic," he said. "To be falsely accused of something like this is disturbing and distressing, as it would be for anyone."
Staff writers Kelly Heyboer and Ted Sherman contributed to this report