Techdirt Lite.
(Click here for full version)

How Minecraft Led To The Mirai Botnet ((Mis)Uses of Technology)

by Tim Cushing

from the just-a-little-unfriendly-competition dept on Friday, December 15th, 2017 @ 1:30PM

The Mirai botnet that swept through poorly-secured devices last year resulted in unprecedented denial-of-service attacks. At one point, the botnet turned its wrath on security researcher Brian Krebs' site, resulting in a sustained attack that saw Krebs' DDoS protection service (Akamai) say it was getting too old for this shit uninterested in providing further protection for this particular user.

The people behind the botnet have just pled guilty to federal charges.

Three men have pleaded guilty to federal cyber-crime charges for launching a cyberattack last year that knocked large parts of the internet offline.

Paras Jha, Josiah White, and Dalton Norman were indicted by an Alaska court in early December, according to documents unsealed Wednesday.

The Justice Dept. released a statement later in the day confirming the news.

Prosecutors accused the hackers of writing and using the Mirai botnet to hijack vulnerable internet-connected devices to launch powerful distributed denial-of-service (DDoS) attacks.

According to Jha's plea agreement, the botnet ensnared more than 300,000 vulnerable devices.

But the story behind the botnet suggests it was never meant to become a global threat or used to target researchers like Krebs. The malware was far from benign, but it wasn't written to bring the internet to its knees. It was meant to do something much simpler.. Garrett Graff has put together an amazing story of Mirai's origin over at Wired -- one that begins in a college dorm room and involves crafting tables, zombie pigs, and battles for server superiority.

As the 2016 US presidential election drew near, fears began to mount that the so-called Mirai botnet might be the work of a nation-state practicing for an attack that would cripple the country as voters went to the polls. The truth, as made clear in that Alaskan courtroom Friday—and unsealed by the Justice Department on Wednesday—was even stranger: The brains behind Mirai were a 21-year-old Rutgers college student from suburban New Jersey and his two college-age friends from outside Pittsburgh and New Orleans. All three—Paras Jha, Josiah White, and Dalton Norman, respectively—admitted their role in creating and launching Mirai into the world.

Originally, prosecutors say, the defendants hadn’t intended to bring down the internet—they had been trying to gain an advantage in the computer game Minecraft.

Minecraft may seem to be a cooperative game, but competition for server traffic is anything but. Popular servers charge players rent for online real estate, allowing them to set up semi-persistent worlds for other players to visit. A popular server is big business. The Wired article says some server owners rake in $100,000/month during summer months when traffic is at its peak.

That's what these students were attempting to do when they unleashed their malware: DDoS competitors' servers to funnel players to theirs.

[A]ccording to court documents, the primary driver behind the original creation of Mirai was creating "a weapon capable of initiating powerful denial-of-service attacks against business competitors and others against whom White and his co-conspirators held grudges.”

Once investigators knew what to look for, they found Minecraft links all over Mirai: In an less-noticed attack just after the OVH incident, the botnet had targeted, a company in San Francisco that specializes in protecting Minecraft servers from DDoS attacks.

“Mirai was originally developed to help them corner the Minecraft market, but then they realized what a powerful tool they built,” [FBI agent Bill] Walton says. “Then it just became a challenge for them to make it as large as possible.”

The end result was a mammoth botnet of 200,000-300,000 enslaved devices capable of generating up to 1.1 terabits per second in junk traffic. Once the three realized what they'd unleashed, they dumped the code online in hopes of obscuring its source.

The whole story is a fascinating read, digging deep into the casual use of botnets and DDoS attacks by Minecraft server owners and the mostly-accidental thermonuclear-level havoc it wreaked on the internet. Unfortunately, you'll also learn little has been learned by manufacturers -- and users -- of internet-connected devices in the aftermath of these attacks.

Two weeks ago, at the beginning of December, a new IoT botnet appeared online using aspects of Mirai’s code.

Known as Satori, the botnet infected a quarter million devices in its first 12 hours.

1 Comment

PlayerUnknown's Battlegrounds Creator Massively Confused And Hypocritical In Rant Begging For More IP For Video Games (Say That Again)

by Timothy Geigner

from the battle-lost dept on Friday, December 15th, 2017 @ 11:59AM

The last time we checked in with the folks behind the massively popular video game PlayerUnknown's Battlegrounds, the company was complaining about Epic Games "ripping off" its 100 vs. 100 player game mode for its Fortnite title. In that post, we attempted to explain why this sort of thing isn't "ripping off" in an intellectual property sense, because the idea/expression dichotomy exists. Using someone else's idea for creative expression is not infringement, whereas using someone else's specific creative expression is. Simple enough.

Except the folks behind PubG, as the game is sometimes known, didn't take to this intellectual property lesson and are now instead suggesting that the entire video game industry needs much more intellectual property protection because of all the "ripoffs" out there. This from the creator of the game, Brendan Greene.

He claims elements of his game, Player Unknown's Battlegrounds (PubG), have been ripped off by other titles and he wants better protection from copycats.

Newly released on the Xbox One, PubG almost singlehandedly created a new genre, the Battle Royale game.

"I want other developers to put their own spin on the genre... not just lift things from our game," Brendan says.

It's worth noting that PubG is indeed a unique game in many ways. By tweaking several aspects of a well-worn genre and upping the map size and player count in a battle royale format, the game has become wildly successful. So successful, in fact, that one wonders exactly what danger Greene is seeing out in the hinterlands of clone-games.

Speaking to the Radio 1 Gaming Show, Brendan says: "I want this genre of games to grow.

"For that to happen you need new and interesting spins on the game mode.

"If it's just copycats down the line, then the genre doesn't grow and people get bored."

Sure, there are indeed games that look to essentially clone others, including PubG. But those games are rarely more than blips on the radar in terms of success. And if you think about it, it's obvious why that is. If game A comes along and introduces new features and gameplay that people gobble up, and then game B tries to copy that format closely, people aren't going to be buying game B because they already have game A. The only reason to buy the second game is if it offers something the first doesn't, in which case it isn't a clone at all, but a separate creative expression that may have some similar elements to the first. That's exactly how culture, including game genres, are supposed to morph and grow, and it's essentially Exhibit A as to why the idea/expression dichotomy is such a treasure.

Greene also has a strange idea that video games are not afforded much in the way of intellectual property protections.

Brendan explains: "There's no intellectual property protection in games.

"In movies and music there is IP protection and you can really look after your work. In gaming that doesn't exist yet, and it's something that should be looked into.

Let's put a fine point on our response to this one: .......wut? The idea that games are not afforded intellectual property protection would come as news to this writer. I must now do some deep introspection, because I'm fairly sure I've written hundreds of articles right in these here pages about intellectual property disputes in the video game industry. In fact, not only do IP protections for games exist, the gaming industry specifically has done more in the realm of the nefarious to protect that IP than any other industry (see all of DRM, forever, everywhere). Claiming otherwise is nearly enough for a wellness check on Greene.

Beyond that, some of Greene's reasoning is downright bizarre.

"Look at movies, Armageddon came out then 20 other comet disaster films came soon after," Brendan Greene explains.

Can any of our readers actually name 20 comet disaster movies that came out after Armageddon? I can't even name two. And the reason for that is obvious: once Armageddon did it, it was played out. No reason to go see another one of those movies. His example is actually a perfect encapsulation of why this isn't a problem. One of the only meteor disaster movies I can recall is Deep Impact, which came out before Armageddon, and indeed was the inspiration for that film, so even this one example only works at a fifth of its supposed impact, and only in reverse. It would be hard to be more wrong with an example than this.

It's also helpful to look at the Wikipedia article that describes, in the first paragraph on the game's development, just how much influence and borrowing Greene's game owes to its success.

Lead designer Brendan Greene, better known by his online handle PlayerUnknown, had previously created the ARMA 2 mod DayZ: Battle Royale, an offshoot of popular mod DayZ, and inspired by the 2000 film Battle Royale.[8][9] At the time he created DayZ: Battle Royale around 2013, Irish-born Greene had been living in Brazil for a few years as a photographer, graphic designer, and web designer, and played some video games such as Delta Force: Black Hawk Down and America's Army.[10][11] The DayZ mod caught his interest, both as a realistic military simulation and its open-ended gameplay, and started playing around with a custom server, learning programming as he went along.[10] Greene found most multiplayer first-person shooters too repetitive, as maps were small and easy to memorize. He wanted to create something with more random aspects so that players would not know what to expect, creating a high degree of replayability; this was done by creating vastly larger maps that could not be easily memorized, and using random item placement across it.[12] Greene was also inspired by an online competition for DayZ called Survivor GameZ, which featured a number of and YouTube streamers fighting until only a few were left; as he was not a streamer himself, Greene wanted to create a similar game mode that anyone could play.[12] His initial efforts on this mod were more inspired by The Hunger Games novels, where players would try to vie for stockpiles of weapons at a central location, but moved away from this partially to give players a better chance at survival by spreading weapons around, and also to avoid copyright issues with the novels.[9] In taking inspiration from the Battle Royale film, Greene had wanted to use safe square areas, but his inexperience in coding led him to use circular safe areas instead, which persisted to Battlegrounds.[9]

In that one paragraph alone, how many times are borrowing and influences in the game's development and Greene's previous work are mentioned? Way more than the number of comet disaster films that have came out immediately after Armageddon, that's for sure.

Meanwhile, hey, BBC, how about injecting a little actual journalism into pieces like this? All of these refutations above weren't exactly hard to tease out of a few well-phrased Google searches, after all. Maybe it'd be better not to simply parrot the claims of someone clearly out of their depths on matters of intellectual property.


European News Agencies Again Demand Google, Facebook, Etc. Pay Up For Sending Them Traffic (Say That Again)

by Tim Cushing

from the definition-of-insanity dept on Friday, December 15th, 2017 @ 10:41AM

Because it's worked oh so well in the past, European news agencies are (again!) calling for service providers like Google and Facebook to start paying them money for sending them business.

Nine European press agencies, including AFP, called Wednesday on internet giants to be forced to pay copyright for using news content on which they make vast profits.

The call comes as the EU is debating a directive to make Facebook, Google, Twitter and other major players pay for the millions of news articles they use or link to.

"Facebook has become the biggest media in the world," the agencies said in a plea published in the French daily Le Monde.

"Yet neither Facebook nor Google have a newsroom... They do not have journalists in Syria risking their lives, nor a bureau in Zimbabwe investigating Mugabe's departure, nor editors to check and verify information sent in by reporters on the ground."

"Access to free information is supposedly one of the great victories of the internet. But it is a myth," the agencies argued.

"At the end of the chain, informing the public costs a lot of money."

This is a doomed idea. First off, if the demands are a pain to implement, news agencies can expect to start seeing referral traffic drop as other news sources not tied to payment demands see their search engine stock rise. If they continue to press for a cut of these companies "billions," they can expect to be cut off completely. This isn't hypothetical.

Second, any agency that wants to cut off the search engines supposedly bleeding them dry can always block the engines' crawlers. But this obviously isn't about killing off search engine hits and Facebook sharing -- it's about dipping a hand into pockets of service providers for having the audacity to expand the reach of European news agencies.

Finally, there's nothing in it for news agencies even if they succeed in getting a snippet tax implemented. They see companies worth billions and think skimming a little off the top will put them back in the black permanently. But anyone who knows anything about ad payouts knows CPM "taxes" aren't the road to riches. In reality, any implemented scheme would involve hundreds of news sites divvying up fractions of cents between themselves for search result impressions. Payouts might be slightly higher for more direct clicks from referrers like Facebook, but at best, new agencies should expect a few bucks a month from a link tax, rather than the thousands (or millions) they envision.

The news agencies supporting this move are complaining about declining ad revenue and think charging platforms for sending them traffic is the solution. This has been tried and it hasn't worked, but hope springs eternal when you're all out of innovative ideas.


Daily Deal: Voice, Chat, and Vision Automation Bundle (Deals)

by Daily Deal

from the good-deals-on-cool-stuff dept on Friday, December 15th, 2017 @ 10:36AM

If you're looking to learn more about the growing app development field around AI, the Voice, Chat and Vision Automation Bundle is the place to get started. You'll learn about using Alexa for building conversational interfaces for Echo, FireTV and more. Another course covers SikuliX, a scripting/automation technology that relies on pattern matching. You'll learn about chatbots and how to build them with DialogFlow or Amazon Lex, and much more. This bundle is on sale for $29.

Note: The Techdirt Deals Store is powered and curated by StackCommerce. A portion of all sales from Techdirt Deals helps support Techdirt. The products featured do not reflect endorsements by our editorial team.


T-Mobile's Getting Into Cable TV, Where Its Opposition To Net Neutrality May Come Back To Bite It (Culture)

by Karl Bode

from the goes-around-comes-around dept on Friday, December 15th, 2017 @ 9:24AM

After regulators blocked AT&T's attempted acquisition of T-Mobile, T-Mobile found a new lease on life and began delivering some much-needed competition to the wireless sector. That added competition brought numerous benefits to consumers, from forcing AT&T and Verizon to bring back unlimited data plans, to the elimination of long-term contracts. And while these companies still try to avoid competing too intently on price, T-Mobile's disruption has been hugely beneficial all the same.

That said, T-Mobile's consumer-friendly brand identity (driven by trash-talking CEO John Legere) often only goes so far. The company has consistently opposed net neutrality rules, at one point insisting this opposition would put the company on the "right side of history." When people questioned T-Mobile's positions (and a lot of the outright bullshit it used to justify its own zero rating and throttling), Legere doubled down by attacking the EFF.

So it's interesting to see the company's announcement this week that it would be jumping into the television business and challenging traditional cable operators. According to T-Mobile, they've also acquired a streaming video operator by the name of Layer3TV, whose technology will be used to fuel the new service scheduled to arrive sometime in 2018. While details and pricing are non-existent, Legere quite justly took the opportunity to make fun of the cable industry's high prices and horrible customer service reputation:

"People love their TV, but they hate their TV providers. And worse, they have no real choice but to simply take it – the crappy customer service, clunky technology and outrageous bills loaded with fees! That’s where we come in. We’re gonna fix the pain points and bring real choice to consumers across the country,” said John Legere, president and CEO of T-Mobile. “It only makes sense for the Un-carrier to do to TV what we’re doing to wireless: change it for good! Personally, I can’t wait to start fighting for consumers here!”

But T-Mobile's previous disdain for net neutrality rules could easily come back to bite it. T-Mobile did state the service will be offered over both wireless and the fixed-line broadband networks of industry giants like Comcast. And with net neutrality rules set to be destroyed this week, there will soon be nothing stopping Comcast from using any number of tricks to make T-Mobile's entry into the market more difficult.

Without net neutrality rules there's about a million ways Comcast could harm T-Mobile TV, based entirely on things broadband ISPs have already done. Comcast could let its interconnection points congest forcing T-Mobile to pay significantly more money just for packets to reach Comcast customers without delay. If that doesn't work, Comcast could use its arbitrary and unnecessary usage caps to penalize T-Mobile's new offering while letting Comcast's own services through untouched (aka zero rating). T-Mobile's service could also be throttled or deprioritized, while deeper-pocketed competitors pay to get preferential treatment.

And that's all just things Comcast is on record having already done. With no net neutrality rules in place, and the FCC and FTC poised to be little more than rubber stamps for entrenched telecom duopolies, there's really no limit to the "creative" approaches incumbent ISPs will take to protect their turf. Of course since T-Mobile helped enable this with its opposition to net neutrality, it surely won't mind as companies like Comcast do everything in their power to harm T-Mobile's TV efforts while driving up operating costs via a rotating array of unnecessary troll tolls, right?


Older Stories >>