
The Mirai Botnet Was Part of a College Student Minecraft Scheme - jgrahamc
https://www.wired.com/story/mirai-botnet-minecraft-scam-brought-down-the-internet/
======
chatmasta
> “We don’t know who is doing this, but it feels like a large nation-state.
> China or Russia would be my first guesses.” [Bruce Schneier when Mirai first
> appeared]

This looks especially foolish now. Schneier is a so-called expert who has
testified in front of congress. He should be more careful when engaging in
rampant speculation like this. What basis did he have for such an assumption?

I don’t understand why every single cyberattack is immediately blamed on
Russia or China. It’s an intellectual embarrassment, and especially worse when
it’s coming from experts within the community rather than politicians in
congress.

But I’m sure the DNC hack was the work of an advanced nation state. Probably
had nothing to do with sharing passwords like runner123 over email...

~~~
sasas
> Schneier is a so-called expert who has testified in front of congress

Schneier has been around for a long time, knows the industry well and has made
significant contributions. Not everyone get's things right all the time
including Schneier.

Credibility wise he ..

\- has a master's degree in computer science

\- was awarded an honorary Ph.D from the University of Westminster in London

\- is chief technology officer of BT Managed Security Solutions

15 publications, 6 notable books -

\- Applied Cryptograph

\- Cryptography Engineering

\- Secrets and Lies: Digital Security in a Networked World

\- Beyond Fear: Thinking Sensibly About Security in an Uncertain World

\- Liars and Outliers: Enabling the Trust that Society Needs to Thrive

\- Data and Goliath: The Hidden Battles to Collect Your Data and Control Your
World

Reference:
[https://en.wikipedia.org/wiki/Bruce_Schneier](https://en.wikipedia.org/wiki/Bruce_Schneier)

~~~
tptacek
I don't want to throw more shade at Schneier than needs to be thrown, but I
want to point out that you've pointed out basically two† real credentials:

* He has a masters degree.

* He wrote a bunch of popular books, and reaped a lot of fame from them.

I work, part-time, in the cryptography space his best-known books cover. His
most popular book, Applied Cryptography, is not well regarded in the field.
Opinions differ on Cryptography Engineering --- I like it a lot --- but he's a
coauthor on that book, alongside a practicing cryptographer of significant
renown. The rest of those books are non-technical.

I've worked in security since the mid-1990s, and Schneier has been a presence
in the industry that whole time. And his Mirai attribution is far from the
dumbest thing he's had to say.

I want to be careful because I'm sure Schneier is very good at what he's good
at. My concern is that in addition to that --- without intending to be ---
he's also insidiously "famous for being famous", and that his takes on things
like DDoS attribution are thus taken more seriously than they should be. There
are HN commenters that I think have more reliable takes on what's happening in
the computer underground than Schneier.

He should write HN comments rather than pieces that get syndicated into
magazines. He'd be an _excellent_ HN commenter. :)

† _(You might add that he 's a co-author of some well-known cipher and hash
designs, and IIRC the sole author of Blowfish, his best-known design. [Don't
use Blowfish.])_

~~~
sasas
Thanks for the perspective. How would you classify him if ranked against the
other usual high profile “security personalities?”. Often an individuals
ability for self promotion can place a shadow over their true ability making
it difficult to discern their true qualities when not a subject matter expert
on the topic at hand.

On the book front, would be keen to gain your perspective on the following
crypto book that was recently published -

[https://www.nostarch.com/seriouscrypto](https://www.nostarch.com/seriouscrypto)

~~~
tptacek
Serious Crypto is strong, and JP Aumasson is the real deal. I might still want
both Cryptography Engineering and Serious Crypto; Serious Crypto is far more
detailed and up-to-date, but Cryptography Engineering has valuable perspective
on a lot of nuts-and-bolts stuff.

~~~
sasas
Great! That’s all I need to hear - will place an order.

------
syntheticcdo
Why do these kinds of investigations only ever stop at the perpetrator of the
attack? In rushing to market, these IoT companies pushed out a defective,
insecure product. Such an attack would not be possible without vulnerable
hosts to hijack, so why aren't the IoT hardware companies investigated or
fined?

~~~
slededit
Its not illegal to leave your door unlocked.

~~~
majewsky
At least in Germany, it's illegal to leave your car door unlocked. (Not sure
about house doors.) The rationale is that it invites crime.

~~~
docdeek
I didn't know that. Is it possible, then, that a person who leaves their door
unlocked is punished while the person who stole and dumped the car is not?

~~~
mlnj
And is that not a classic case of victim blaming?

~~~
StudentStuff
It is victim blaming, but some countries obviously deem that acceptable
behavior, to the point of putting it into law.

------
Asdfbla
If IoT botnets become more prevalent (and it doesn't seem like IoT makers have
incentives to make their devices more secure), I wonder if ISPs will just
start monitoring the traffic patterns of their customers for possible DDoS
activity and possibly throttle or cut off their internet connection to stop
the attack at its source. Probably would even be compatible with most net
neutrality regulations around the world, since it's a security issue.

You could probably hide DoS traffic from a single device by making it very low
volume, but if the ISPs coordinate, they still know that the device recently
sent packets to a victim of a DDoS attack, making it suspicious.

~~~
PurpleRamen
Providers in my country are already doing this. But they simply send an
informal letter to notify the user that with high probability his household is
part of a botnet.

------
techdragon
This was one of the best things I’ve read on wired in a while. It’s a
surprisingly excellent write up on the Mirai bot net and the events
surrounding it. (The HN headline title is definitely more click bait than I’d
like)

~~~
majewsky
The HN headline currently says:

> The Mirai Botnet Was Part of a College Student Minecraft Scheme

How is this clickbait? All I can see is a summary of what happened. When
people say "clickbait", I expect something like:

> Three Boys Sucked At Minecraft. You Won't Believe What Happened Next!

~~~
techdragon
The title has been changed since I posted, and unfortunately I didn’t think
ahead to save a copy of the original HN title. The current title is much more
what I would have been expecting.

------
verroq
[https://www.justice.gov/opa/pr/justice-department-
announces-...](https://www.justice.gov/opa/pr/justice-department-announces-
charges-and-guilty-pleas-three-computer-crime-cases-involving)

FBI indictments

> JIIA further participated in a Border Gateway Protocol (BGP) hijacking
> scheme in which JIIA and co-conspirators fraudulently gained control over IP
> addresses that were in legitimate use by third parties. JIIA conducted these
> activities to consolidate and maximize the power of the Mirai botnet. [1]

Uhh what?

[1] [https://www.justice.gov/opa/press-
release/file/1017581/downl...](https://www.justice.gov/opa/press-
release/file/1017581/download)

~~~
dylz
At the very least they stole IPs for the hell of it. Datawagon, Protraf, ....

The cybercrime hosts stole a ton of space, even impersonating dead people and
falsifying documents. Served malware, etc off them

[https://www.spamhaus.org/sbl/query/SBL180438](https://www.spamhaus.org/sbl/query/SBL180438)

Also stole a ton for abuse/C&C/etc.
[https://www.spamhaus.org/sbl/query/SBL287709](https://www.spamhaus.org/sbl/query/SBL287709)
(check whois names at bottom)

They also hijacked 1.3.3.0/24 to announce 1.3.3.7/32 (you can guess why).

------
Unbeliever69
Great read. Despite the damage they caused, there is a part of me that wishes
(hopes) that their crimes are overlooked and instead put to use as white hat
operatives in an elite super-secret government black program fighting
terrorism and solving the world's most pressing problems; not ruining their
lives with prison and all the other baggage associated with being branded
criminals. Maybe I have watched too many movies!

------
itronitron
DDOS attacks on individual Minecraft players are definitely a thing. As a
result players' infosec practices are likely a lot stronger than their
peers...

------
walshemj
"young American computer savants" Ah so Mum or Dad paid a doctor to diagnose
them as autistic after the fact.

~~~
NathanWilliams
What does autism have to do with it?

~~~
westmeal
Maybe because the word savant was used which is oftentimes used to describe a
smart person with autism.

~~~
NathanWilliams
No, savant simply means "a learned person". Perhaps you are thinking of "idiot
savant", which refers to someone with a mental disability and is gifted in a
particular way.

~~~
walshemj
that's not the way Wired where using it they where using it as a synonym for
autistic

