The Mirai Botnet
Three students built a DDoS weapon to win an argument over Minecraft servers. It ended up rewriting the rules of internet infrastructure.
In the autumn of 2016, large chunks of the internet stopped answering.
Twitter, Reddit, Spotify, the New York Times — sites separated by oceans and business models — all blinked out together. The proximate cause was Dyn, a DNS provider that millions of services quietly relied on. The deeper cause was a piece of malware named after a Japanese anime: Mirai.
Plastic and packets
What made Mirai unusual was not its sophistication. The code itself was almost crude. What was unusual was the army it raised: hundreds of thousands of cheap webcams, DVRs, and home routers, most of them sold with the default password still active. Mirai's authors scanned the open internet for these devices, logged in with a short list of factory credentials, and turned each one into a foot soldier.
Three kids and a Minecraft server
The story behind the malware is, in many ways, smaller than the story of its consequences. The authors were three young men in their early twenties. Their original goal was commercial: extract money from competitors in the Minecraft server hosting market by knocking them offline. The leap from that to taking down half the American web was, by their own later admission, mostly accident.
What the chronicle remembers
Mirai marked the moment the consumer internet of things became a publicly understood liability. Regulators noticed. So did insurance companies. The botnet's source code was released on a hacker forum a few weeks before the Dyn attack — a final gesture that ensured the technique would outlive its creators by years.