• Three US college-age hackers pleaded guilty to creating the Mirai botnet, which took out critical parts of the internet in 2016 through distributed denial of service (DDoS) attacks.
  • The attacks affected Spotify, Twitter, Reddit, and well-known security journalist Brian Krebs.
  • The three men created the malicious software to profit from the popular game Minecraft, according to Wired.
  • They hoped the DDoS attacks would take out rival Minecraft servers, and boost their own DDoS mitigation business.

Three US hackers have pleaded guilty to creating the Mirai botnet, which took out some of the internet’s biggest sites last year including Reddit, Spotify, and Twitter through distributed denial of service (DDoS) attacks.

According to a Wired investigation, the college-age Paras Jha, Josiah White, and Dalton Norman originally created the botnet to gain an advantage on Minecraft. But once they realised the botnet’s power, they went bigger.

“Mirai was originally developed to help them corner the Minecraft market, but then they realized what a powerful tool they built,” one FBI investigator told the publication. “Then it just became a challenge for them to make it as large as possible.”

Hosting and protecting Minecraft servers is competitive and big money

While Mirai eventually took down critical parts of the internet, alarming engineers tasked with keeping the infrastructure running smoothly, it had humbler beginnings.

The game Minecraft is massively popular, with 55 million players a month. Users construct blocky 3D worlds by "mining" blocks. The entire effect is cartoonish, and the game is popular with kids.

Those who want to play multiplayer must sign up to a Minecraft server, which can often have tens of thousands of users who pay money to rent "space" or buy tools. According to Wired, the FBI investigators found that people were making big money by hosting Minecraft servers. "These people at the peak of summer were making $100,000 a month," one investigator said.

Minecraft

Foto: source Microsoft

That, in turn, has resulted in rival Minecraft server hosts trying to one-up each other with DDoS attacks. Indeed, the arms race in DDoS attacks is directly linked to Minecraft, an agent said. The goal of DDoS in Minecraft is to try and frustrate users on a rival server with slow service - so that they end up switching to yours.

Mirai's creators wanted both to knock out rival servers, but also potentially make money by offering protection against DDoS attacks. The trio had set up their own DDoS mitigation company and used Mirai to take out a competitor, French web hosting firm OVH. OVH offers Minecraft DDoS mitigation services and, in September 2016, it suffered a crushing DDoS attack unlike anything it had seen before.

"This was a calculated business decision to shut down a competitor," one of the investigators said.

Eventually, Mirai's creators decided to publish its source code online, to try and throw any investigators off the trail. That opened up the tool for wider use, and variants of Mirai - apparently not created by the three original hackers - took out performance management company Dyn. That meant outages for Dyn customers including Reddit, Github, and Twitter, and gave Mirai greater attention. According to Wired, an FBI investigation into Dyn is still ongoing.

The three left enough fingerprints for both the FBI and security journalist Brian Krebs, victim of a Mirai attack, to track them down.

You can read the full Wired investigation here.