Mirai Botnet: Minecraft Server DDoS Scam gone Wild!

[WMGroomAK]

This is definitely more of a follow-up, but information is being released by the US Court System and FBI on the Mirai Botnet that wreaked havoc last fall...  According to a really good write-up on Wired, this appears to have started off primarily as a DDoS botnet to primarily target Minecraft Servers in order to advertise for competing servers and the scheme just went out of control.  

https://www.wired.com/story/mirai-botnet-minecraft-scam-brought-down-the-internet/

Quote

It was a hard story to miss last year: In France last September, the telecom provider OVH was hit by a distributed denial-of-service (DDoS) attack a hundred times larger than most of its kind. Then, on a Friday afternoon in October 2016, the internet slowed or stopped for nearly the entire eastern United States, as the tech company Dyn, a key part of the internet’s backbone, came under a crippling assault.

 

As the 2016 US presidential election drew near, fears began to mount that the so-called Mirai botnet might be the work of a nation-state practicing for an attack that would cripple the country as voters went to the polls. The truth, as made clear in that Alaskan courtroom Friday—and unsealed by the Justice Department on Wednesday—was even stranger: The brains behind Mirai were a 21-year-old Rutgers college student from suburban New Jersey and his two college-age friends from outside Pittsburgh and New Orleans. All three—Paras Jha, Josiah White, and Dalton Norman, respectively—admitted their role in creating and launching Mirai into the world.

 

Originally, prosecutors say, the defendants hadn’t intended to bring down the internet—they had been trying to gain an advantage in the computer game Minecraft.

...

Behind the scenes, the FBI and industry researchers raced to unravel Mirai and zero in on its perpetrators. Network companies like Akamai created online honeypots, mimicking hackable devices, to observe how infected “zombie” devices communicated with Mirai’s command-and-control servers. As they began to study the attacks, they noticed that many of the Mirai assaults had appeared to target gaming servers. Peterson recalls asking, “Why are these Minecraft servers getting hit so often?”

...

As Peterson and Klein explored the Minecraft economy, interviewing server hosts and reviewing financial records, they came to realize how amazingly financially successful a well-run, popular Minecraft server could be. “I went into my boss’s office and said, ‘Am I crazy? It looks like people are making a ton of money,’” he recalls. “These people at the peak of summer were making $100,000 a month.”

 

The huge income from successful servers had also spawned a mini cottage industry of launching DDoS attacks on competitors’ servers, in an attempt to woo away players frustrated at a slow connection. (There are even YouTube tutorials specifically aimed at teaching Minecraft DDoS, and free DDoS tools available at Github.) Similarly, Minecraft DDoS-mitigation services have sprung up as a way to protect a host’s server investment.

...

In fact, according to court documents, the primary driver behind the original creation of Mirai was creating "a weapon capable of initiating powerful denial-of-service attacks against business competitors and others against whom White and his coconspirators held grudges.”

 

Once investigators knew what to look for, they found Minecraft links all over Mirai: In an less-noticed attack just after the OVH incident, the botnet had targeted ProxyPipe.com, a company in San Francisco that specializes in protecting Minecraft servers from DDoS attacks.

 

“Mirai was originally developed to help them corner the Minecraft market, but then they realized what a powerful tool they built,” Walton says. “Then it just became a challenge for them to make it as large as possible.”

Again, this is a really interesting story and twist to the whole Mirai Botnet, especially considering it was not actually developed by State-Actors, but some college students who were wanting to perform shady business practices...  My best guess is that after they get their slap, they will probably get some job offers with the CIA or NSA that they 'can't refuse'.

[WMGroomAK]

5 minutes ago, huilun02 said:

Scam? Who got scammed?

Reading the article, it sounds like the scheme that started of was that they were creating (or had) a Minecraft DDoS protection service and were using the botnet to target competing DDoS protection services to take them offline in order to present themselves as the 'protection service' that you should be purchasing.

[Guest]

Gee, I wasn't expecting (But I shouldn't be surprised) a whole mini market of DDoSing/protection services centered around Minecraft. I guess I just think to small

[Matu20]

So kind of racketeering?

[WMGroomAK]

6 hours ago, Matu20 said:

So kind of racketeering?

Something like that, although the official plea agreement is under Computer Fraud (18 USC 1030 (a)(5) (A)). Language from the document is: Conspiracy to violate 18 USC 1030 (a)(5)(A)[Fraud and related activity in connection with computers] in violation of 18 USC 371 [Conspiracy to commit offense or defraud United States].

 

Plea documents: https://www.documentcloud.org/public/search/projectid:36453-Mirai