Minecraft link to net's biggest botnet

Minecraft link to net's biggest botnet

Malware which launched the net's largest ever cyber-attack last year had links to Minecraft servers, according to those investigating it.

Security blogger Brian Krebs has spent months investigating the attack which knocked his blog offline.

He claims that the origins of the Mirai botnet can be traced back to rivalries in the Minecraft community.

His claims are backed up by a security expert who provided net security for Minecraft servers.

Robert Coelho, vice president of security firm ProxyPipe, told the BBC that his suspicions about who was behind the Mirai code have been passed to the FBI who are "actively investigating" the claims.


The botnet Mirai was made up of more than 500,000 web-connected devices such as webcams and routers.

The attacks it launched - so-called denial-of-service (DDoS) which hit web pages with so much data that they fall over - were the biggest the net had ever experienced.

Victims that were knocked offline included Twitter, Spotify and Reddit.

Shortly after the attacks, the individual claiming responsibility - using the codename Anna Senpai - released the source code online, paving the way for copycat attacks.

A modified form of the malware was later used to attack the UK's internet service providers TalkTalk and the Post Office.

Since being hit by the Mirai botnet in September 2016, Mr Krebs has devoted "hundreds of hours" into uncovering who was behind it.

"If you've ever wondered why it seems that so few internet criminals are brought to justice, I can tell you that the sheer amount of persistence and investigative resources required to piece together who's done what to whom (and why) in the online era is tremendous," he writes.

His research led him directly to the community around Minecraft, a computer game now owned by Microsoft, in which users build things from cubic blocks.

It has a huge following, especially among children and it is estimated that at any one time, one million people are playing it.

Minecraft link to net's biggest botnet

According to Mr Krebs, a large successful Minecraft web server with more than 1,000 players logging on each day can earn up to $50,000 (?40,600) per month, mainly from players renting space to build their Minecraft worlds.

"The first clues to Anna Senpai's identity didn't become clear until I understood that Mirai was just the latest incarnation of an IoT [internet of things] botnet family that has been in development and relatively broad use for nearly three years," he writes.

The code for these earlier versions was often used to knock over web servers used to host Minecraft, he claims.

ProxyPipe - owned by Mr Coelho - had plenty of Minecraft servers as clients and in mid-2015 was hit by a massive attack, launched from a botnet made up of IoT devices such as web cameras.

Mr Coelho told the BBC that he had his suspicions about who was behind the attack: "Minecraft is a tight knit community. We know who is talking to who."

He alleged that the attack came from a competing security firm, which also offered DDoS protection to Minecraft clients.

He claimed that the founder of the security firm had previously run a Minecraft web server and was one of his clients.

He also claims that the Mirai author - Anna Senpai - contacted him via Skype at the end of September, partly to explain that the attack on his firm was "not personal" but also to brag that he had been paid by the owners of a large Minecraft server to launch an attack on a rival server.



Add Comment

all comments

  Other news

more
Burning boats

Burning boats..

26-Jul, 23:41

Outside Libyan waters, it has deployed military vessels to disrupt the...

Man arrested after live cobras found inside potato chip cans

Man arrested after live cobras found inside potato chip cans..

26-Jul, 15:20

A California man was arrested after a package addressed to him was found...

California independence 1 step closer as AG paves way for potential 2018 referendum

California independence 1 step closer as AG paves way for potential 2018 referendum..

26-Jul, 07:10

A new California independence campaign has got the go ahead to collect...

Ohio puts child killer to death with controversial lethal injection drug

Ohio puts child killer to death with controversial lethal injection drug..

26-Jul, 16:30

Ohio carried out its first execution in more than three years as child...

Trump's 'deportation force' begins to take shape

Trump's 'deportation force' begins to take shape..

14-Apr, 12:48

President Trump's campaign promise for more aggressive immigration...

New EPA head's emails indicate close ties to oil and gas producers

New EPA head's emails indicate close ties to oil and gas producers..

22-Feb, 18:02

More than 7,000 pages of emails from Environmental Protection Agency head...

Prince William, Princess Kate face off in rowing competition

Prince William, Princess Kate face off in rowing competition..

20-Jul, 16:11

Prince William won bragging rights today in Heidelberg, Germany, as his...

Stabbed London Bridge officer tells of fighting attackers

Stabbed London Bridge officer tells of fighting attackers..

28-Jun, 17:24

A British Transport Police officer who fought off three extremists in...