Damn kids!
posted by oceanjesse at 3:06 PM on December 13, 2017

The Minecraft hook is fun but in the end this isn't that different from all the other DDOS botnets being run for extortion rackets.
posted by Nelson at 3:19 PM on December 13, 2017 [1 favorite]

On the compromised devices, they had to carefully reconstruct the network traffic data, and study how the Mirai code launched so-called “packets” against its targets—a little-understood forensic process, known as analyzing PCAP (packet capture) data. Think of it as the digital equivalent of testing for fingerprints or gunshot residue.

I have personal PCAP data demonstrating conclusively that the very website that this author has chosen to publish on has just now been launching so-called "packets" against my browser.

Should I call the FBI?
posted by flabdablet at 3:56 PM on December 13, 2017 [24 favorites]

Obligatory Brentalfloss' Minecraft Song. Talks about all the glorious things you can create in Minecraft.

NSFW.
posted by ErisLordFreedom at 3:58 PM on December 13, 2017 [1 favorite]

I find that if an journalist describes something as "little-understood" it usually just means they personally didn't understand it.
posted by Mr.Encyclopedia at 4:04 PM on December 13, 2017 [23 favorites]

The Minecraft hook is fun but in the end this isn't that different from all the other DDOS botnets being run for extortion rackets.

I thought the difference was mainly in scale (and, I guess, the types of devices compromised for the botnet). From the article:

Until then, a large DDoS attack was often considered to be 10 to 20 gigibits per second; vDOS had been overwhelming targets with attacks in the range of 50 Gbps. A follow-on Mirai attack against OVH hit around 901 Gbps.

[...]

Normally, companies fight a DDoS attack by filtering incoming web traffic or increasing their bandwidth, but at the scale Mirai operated, nearly all traditional DDoS mitigation techniques collapsed, in part because the tidal wave of nefarious traffic would crash so many sites and servers en route to its main target. “DDOS at a certain scale poses an existential threat to the internet,” Peterson says. “Mirai was the first botnet I’ve seen that hit that existential level.”

posted by mhum at 4:06 PM on December 13, 2017 [4 favorites]

Actually, given the orders of magnitude increase in power of the Mirai botnet over its predecessors, I find the Minecraft hook even weirder. It'd be as if the A-bomb was originally developed not to defeat the Axis war machine but rather to extort rare Magic: The Gathering cards from junior high kids.
posted by mhum at 5:04 PM on December 13, 2017 [21 favorites]

It'd be as if the A-bomb was originally developed not to defeat the Axis war machine but rather to extort rare Magic: The Gathering cards from junior high kids.

Well, they haven't declassified everything on the Manhattan Project, so...
posted by Thorzdad at 5:09 PM on December 13, 2017 [6 favorites]

It'd be as if the A-bomb was originally developed not to defeat the Axis war machine but rather to extort rare Magic: The Gathering cards from junior high kids.

brb writing historical fanfic
posted by mordax at 5:15 PM on December 13, 2017 [7 favorites]

I find that if an journalist describes something as "little-understood" it usually just means they personally didn't understand it.

Well they definitely don't understand quantum chromodynamics at all, but other than that it seems like they're pretty up on things.
posted by officer_fred at 5:48 PM on December 13, 2017

: "

On the compromised devices, they had to carefully reconstruct the network traffic data, and study how the Mirai code launched so-called “packets” against its targets—a little-understood forensic process, known as analyzing PCAP (packet capture) data. Think of it as the digital equivalent of testing for fingerprints or gunshot residue.

I have personal PCAP data demonstrating conclusively that the very website that this author has chosen to publish on has just now been launching so-called "packets" against my browser.

Should I call the FBI?"

Of course. You didn't ASK for packets, you just wanted to read the article....
posted by Samizdata at 6:34 PM on December 13, 2017 [2 favorites]

: "It'd be as if the A-bomb was originally developed not to defeat the Axis war machine but rather to extort rare Magic: The Gathering cards from junior high kids.

brb writing historical fanfic"

I do NOT want to see the ships in that.
posted by Samizdata at 6:37 PM on December 13, 2017 [2 favorites]

Glad to see Kreb's covered here.. His site has always been interesting reading for goings-on in the darkweb..
posted by k5.user at 6:48 PM on December 13, 2017 [1 favorite]

floam: "Using a counter-espionage tool some call "tcpdump" , I believe I have carefully reconstructed some pcap data proving that Metafilter is launching "packets" at my router when I try to access the website. This goes deep."

Look, you knew when you signed on there was a Cabal. How you can act surprised when their site is launching packets at you, all willy-nilly, at this point completely escapes me.

This, RIGHT HERE, is proof we need Internet driver's licenses. I mean, really.
posted by Samizdata at 8:02 PM on December 13, 2017 [2 favorites]

OH GOD I THINK THERE ARE PACKETS COMING FROM MY OWN COMPUTER
posted by biogeo at 8:24 PM on December 13, 2017 [7 favorites]

Do these packets travel through tubes to our computers?
posted by vorpal bunny at 9:07 PM on December 13, 2017

According to a little-known forensic process, mine arrived by truck.
posted by flabdablet at 10:58 PM on December 13, 2017 [1 favorite]

So, this "Internet," it comes in...packets?
posted by straight at 11:41 PM on December 13, 2017

Most of the Internet comes in regular packets, but the porny bits come in sex packets.
posted by neckro23 at 12:08 AM on December 14, 2017 [2 favorites]

That's what the s in https:// is for. The sex packets also have a plain brown wrapper.
posted by flabdablet at 1:01 AM on December 14, 2017

I have personal PCAP data demonstrating conclusively that the very website that this author has chosen to publish on has just now been launching so-called "packets" against my browser.

I have fingerprints. Should I call the FBI?
posted by chavenet at 3:51 AM on December 14, 2017 [2 favorites]

MetaFilter: Been launching so-called "packets" against my browser.
posted by runcifex at 4:01 AM on December 14, 2017

mhum: Actually, given the orders of magnitude increase in power of the Mirai botnet over its predecessors, I find the Minecraft hook even weirder. It'd be as if the A-bomb was originally developed not to defeat the Axis war machine but rather to extort rare Magic: The Gathering cards from junior high kids.

How much are those rare cards worth? From the article:

As Peterson and Klein explored the Minecraft economy, interviewing server hosts and reviewing financial records, they came to realize how amazingly financially successful a well-run, popular Minecraft server could be. “I went into my boss’s office and said, ‘Am I crazy? It looks like people are making a ton of money,’” he recalls. “These people at the peak of summer were making $100,000 a month.”

The huge income from successful servers had also spawned a mini cottage industry of launching DDoS attacks on competitors’ servers, in an attempt to woo away players frustrated at a slow connection. (There are even YouTube tutorials specifically aimed at teaching Minecraft DDoS, and free DDoS tools available at Github.) Similarly, Minecraft DDoS-mitigation services have sprung up as a way to protect a host’s server investment.

Emphasis mine. They were part of an arms war among Minecraft server operators, who then realized "holy shit, we're the biggest bully on the internet!"

The scary thing is that the attack on Dyn wasn't from them - it happened because they released their source code on a "hacker" forum to mask their trail (previously on MetaFilter). In a somewhat common attempt to muddy the waters in possible investigations against users of particular hacking/cracking tools, coders sometimes post their source code for others to use and modify, so they can deny that they developed it in the first place, should someone track it back to them.
posted by filthy light thief at 10:29 AM on December 14, 2017