
Botnet Controls “Twitch Installs Arch Linux” - gangwolf
https://twitter.com/twitchinstalls/status/660616466413162496
======
jbott
Yup, this was pretty disappointing to us.

We were keeping it running as long as we felt comfortable to do so, but due to
our lack of preparation for an actual attack, we decided to cut it when it was
obvious that the majority was voting too perfectly on actions that were
turning malicious.

At this point, we are not sure how we are going to be continuing with this
project. The time investment required to make this secure is much larger than
we initially anticipated and our current setup is not optimal to do so. Along
with this, we are both currently students and do not have the time to invest
in such an undertaking. However, we are currently talking with a group that is
attempting to reboot this idea immediately in a more secure environment. We
will be exploring our options on how to best keep this project going.

All of our code is available on github at
[https://github.com/twitchinstallsarchlinux](https://github.com/twitchinstallsarchlinux)

~~~
XiOmicronSigma
Well, I'll thank you for having this experiment, short as it was.

------
anoa
Latest news from irc:

JRWR: So, the creators of this project have left. they no longer want to be a
part of this any more. they have their reasons and I will NOT be disclosing
it. The creators have handed over the keys to JRWR and yamamushi

JRWR: This project WILL live on, give us 24/48 hours to make something nice,
we have their code and will expand on it.

yamimushi: We are working to get everything back online asap

And yes the reasoning for shutdown was the botnet, not pings or Google
complaints.

------
noobermin
I was in the stream and while at least some of the feats accomplished
(partitioning the disk, installing the right things, changing the password)
seemed to have some authenticity to it, the chat started to try to install
nmap, then it tried investigate networking capabilities, tried to ping
8.8.8.8, to start dhcpcd, then tried to ping 8.8.8.8 again...all in rapid
succession before anyone really discussed it at all. It certainly seemed
fishy.

It's kind of upsetting. It was very exciting in the beginning--the internet
installing a bootable arch linux system by voting for a single character at a
time in under 3 hours...seemed unimaginable. But after the dhcpcd stuff
started, it felt like that victory was taken from us.

EDIT: it WAS a botnet, see the reply from pdaddyo

~~~
pdaddyo
Creator JRWR confirmed botnet in irc channel:
[https://i.imgur.com/qaWFUEH.jpg](https://i.imgur.com/qaWFUEH.jpg)

~~~
nlurski
JRWR is not a creator, he is one of the irc members who are looking into
rebooting the project for us.

------
terda12
So, is there any way to stop this botnet? Seems to be that the only way to
stop bots from abusing the twich IRC api is to ban each of them.

I have programmed twitch spam bots before (repeats what people say, once on
each account with eight accounts), it's surprisingly easy to do. Twitch does
have some sort of system to detect if you are abusing the API I think, because
I noticed that I get timed out pretty quickly.

~~~
anoa
A few ideas were thrown around with a third-party server and captcha necessary
to validate your twitch account to send commands.

People working on it say it's being handled, but it definitely isn't a bad
idea to brainstorm.

~~~
n17r4m
What about setting up a second site with a form: enter twitch name and answer
a turing test question. also ask for person to create a new turing question
with answer. Person has ability to request a few new questions before deny.

Submitted questions are approved by admins via rapid fire Y/N buttons, with
ability to fix typos, etc.

This authenticates that user for something like 5-15 minutes or however long
to participate in voting.

~~~
kbar13
this kind of defeats the purpose of twitch chat

------
gangwolf
Evidence? [https://imgur.com/WLEt2iz](https://imgur.com/WLEt2iz)

~~~
terda12
I doubt it, I doubt people would just hand over their twitch accounts to some
guy on 4chan.

~~~
noobermin
Most likely the OP would have been nypa'd out of there.

------
thekmap
Don't restart this thing until you've had a professional harden your network.
You are not gonna stop the botnet, so the best you can do is limit the impact
of post-exploitation.

~~~
nelhage
Better yet, just run this on a t2.micro on a throwaway EC2 account. Doesn't
matter if they own the box, they get literally nothing they couldn't get for
free from Amazon anyways.

~~~
grogenaut
it also becomes quite easy to lock the machine down

------
jarboot
A good twitch stress test. Hopefully this stuff gets cleaned up in the future!

