 |
Malware which launched
the net's largest ever cyber-attack last year had links to Minecraft servers,
according to those investigating it. Security blogger Brian
Krebs has spent months investigating the attack which knocked his blog offline. He claims that the
origins of the Mirai botnet can be traced back to rivalries in the Minecraft
community.
His claims are backed up
by a security expert who provided net security for Minecraft servers.
Robert Coelho, vice president
of security firm ProxyPipe, told the BBC that his suspicions about who was
behind the Mirai code have been passed to the FBI who are "actively
investigating" the claims.
The botnet Mirai was made
up of more than 500,000 web-connected devices such as webcams and routers. The attacks it launched -
so-called denial-of-service (DDoS) which hit web pages with so much data that
they fall over - were the biggest the net had ever experienced.
Victims that were knocked
offline included Twitter, Spotify and Reddit.
'Hundreds
of hours'
Shortly after the
attacks, the individual claiming responsibility - using the codename Anna
Senpai - released the source code online, paving the way for copycat attacks.
A modified form of the
malware was later used to attack the UK's internet service providers TalkTalk
and the Post Office.
Since being hit by the
Mirai botnet in September 2016, Mr Krebs has devoted "hundreds of
hours" into uncovering who was behind it. "If you've ever
wondered why it seems that so few internet criminals are brought to justice, I
can tell you that the sheer amount of persistence and investigative resources
required to piece together who's done what to whom (and why) in the online era
is tremendous," he writes.
His research led him
directly to the community around Minecraft, a computer game now owned by
Microsoft, in which users build things from cubic blocks.
It has a huge following,
especially among children and it is estimated that at any one time, one million
people are playing it.
According to Mr Krebs, a large
successful Minecraft web server with more than 1,000 players logging on each
day can earn up to $50,000 (£40,600) per month, mainly from players renting
space to build their Minecraft worlds.
"The first clues to
Anna Senpai's identity didn't become clear until I understood that Mirai was
just the latest incarnation of an IoT [internet of things] botnet family that
has been in development and relatively broad use for nearly three years,"
he writes.
The code for these
earlier versions was often used to knock over web servers used to host
Minecraft, he claims.
ProxyPipe - owned by Mr
Coelho - had plenty of Minecraft servers as clients and in mid-2015 was hit by
a massive attack, launched from a botnet made up of IoT devices such as web
cameras.
Mr Coelho told the BBC
that he had his suspicions about who was behind the attack: "Minecraft is
a tight knit community. We know who is talking to who."
He alleged that the
attack came from a competing security firm, which also offered DDoS protection
to Minecraft clients.
He claimed that the
founder of the security firm had previously run a Minecraft web server and was
one of his clients.
He also claims that the
Mirai author - Anna Senpai - contacted him via Skype at the end of September,
partly to explain that the attack on his firm was "not personal" but
also to brag that he had been paid by the owners of a large Minecraft server to
launch an attack on a rival server.
Source:BBC
0 comments:
Post a Comment