Mirai's creators plead guilty, reveal that they created a DDoS superweapon to get a competitive edge in the Minecraft server industry

Last year, the Mirai botnet harnessed a legion of badly secured internet of things devices and turned them into a denial of service superweapon that brought down critical pieces of internet infrastructure (and even a country), and now its creators have entered guilty pleas to a Computer Fraud and Abuse Act federal case, and explained that they created the whole thing to knock down Minecraft servers that competed with their nascent Minecraft hosting business.

The three co-creators are Paras Jha, Josiah White, and Dalton Norman, three young American men in their twenties. Jha was a Rutgers student who had also used DDoS attacks to knock Rutgers offline in a bid to sell the university DDoS mitigation tools.

The identities of the Mirai creators were first published last January by Brian Krebs, a noted security journalist who was one of the first serious targets of Mirai.

The men released the source-code for Mirai and it is now widely used by criminals who've continued to refine it and use it to launch devastating attacks. The men will be sentenced shortly.

The huge income from successful servers had also spawned a mini cottage industry of launching DDoS attacks on competitors' servers, in an attempt to woo away players frustrated at a slow connection. (There are even YouTube tutorials specifically aimed at teaching Minecraft DDoS, and free DDoS tools available at Github.) Similarly, Minecraft DDoS-mitigation services have sprung up as a way to protect a host's server investment.

The digital arms race in DDoS is inexorably linked to Minecraft, Klein says.

"We see so many attacks on Minecraft. I'd be more surprised sometimes if I didn't see a Minecraft connection in a DDoS case," he says. "You look at the servers—those guys are making huge money, so it's in my benefit to knock your server offline and steal your customers. The vast majority of these Minecraft servers are being run by kids—you don't necessarily have the astute business judgment in the quote-unquote 'executives' running these servers."

As it turned out, French internet host OVH was well-known for offering a service called VAC, one of the industry's top Minecraft DDoS-mitigation tools. The Mirai authors attacked it not as part of some grand nation-state plot but rather to undermine the protection it offered key Minecraft servers. "For a while, OVH was too much, but then they figured out how to even beat OVH," Peterson says.

How a Dorm Room Minecraft Scam Brought Down the Internet [Garrett M Graff/Wired]