Russian Hackers? Nah. Three kids playing hardball in Minecraft
To the average person, the Internet is just magic. They have no clue how it works or how you can mess with it. That ignorance makes it easier for TPTB to create boogeymen, like "Russian Hackers". But, techies, sometimes, are more interested in the facts instead of politics. Hence, this interesting story about the Mirai botnet in Wired Magazine (which I have called "Hacker of Fortune" since the day it was founded).
The most dramatic cybersecurity story of 2016 came to a quiet conclusion Friday in an Anchorage courtroom, as three young American computer savants pleaded guilty to masterminding an unprecedented botnet—powered by unsecured internet-of-things devices like security cameras and wireless routers—that unleashed sweeping attacks on key internet services around the globe last fall. What drove them wasn’t anarchist politics or shadowy ties to a nation-state. It was Minecraft.
The Wired story is very solid investigative technical reporting. It is a readable, if somewhat lengthy, whodunit. If you have ten minutes, it is worth a read. The rest of the quotes are from that story.
The story is about the tech itself, and Russian hacking only comes in for an incidental mention:
Coming just weeks before the presidential election—one in which US intelligence officials had already warned about attempts by Russia to interfere—the Dyn and Mirai attacks led officials to worry that Mirai could be harnessed to affect voting and media coverage of the election. The FBI team scrambled for a week afterward with private-industry partners to secure critical online infrastructure and ensure that a botnet DDoS couldn’t disrupt Election Day.
What is really fascinating about the story is the monster that the Minecraft ecosystem has evolved into:
The huge income from successful (Minecraft) servers had also spawned a mini cottage industry of launching DDoS attacks on competitors’ servers, in an attempt to woo away players frustrated at a slow connection. (There are even YouTube tutorials specifically aimed at teaching Minecraft DDoS, and free DDoS tools available at Github.) Similarly, Minecraft DDoS-mitigation services have sprung up as a way to protect a host’s server investment. The digital arms race in DDoS is inexorably linked to Minecraft, Klein says.
...according to court documents, the primary driver behind the original creation of Mirai was creating "a weapon capable of initiating powerful denial-of-service attacks against business competitors and others against whom White and his coconspirators held grudges.”
After a year of Russian hacker hysteria, the fact is that three non-state-actors were the perps for one of the few genuine (as opposed to media crapola, like the Vermont power company "hack") and truly dangerous hacks of the recent past. I predict this story will get no further coverage. The circumstance that the trial happened to be held in Anchorage, Alaska will help keep it off the front page.
To drive home the point that the major hack was just another day on the Wild West Internet, we learn what the perps had been up to since then:
They’d given up DDoS attacks for something lower-profile—but also lucrative. They were using their botnet to run an elaborate click-fraud scheme—directing about 100,000 compromised IoT devices, mostly home routers and modems, to visit advertising links en masse, making it appear that they were regular computer users. They were making thousands of dollars a month defrauding US and European advertisers, entirely off the radar, with no one the wiser. It was, as far as investigators could tell, a groundbreaking business model for an IoT botnet. As Peterson says, “Here was a whole new crime that industry was blind to. We all missed it.”
"a groundbreaking business model for a botnet" - this is beyond Pottersville. This is gangsterism. It pulls back the curtain on what a dirty mess the non-dark internet is. Who needs the dark net when Minecraft is a trade school for hackers?
Every service the corporations force onto the internet, either to extract a fee or to gain control over users, is another can of gasoline that we slosh onto our civilization. One of these days someone is going to toss a match.
The lack of genuine, public interest regulation of a potentially proven dangerous technology has been caused by a techno-libertarian propaganda campaign praising the "freedom" of the internet. But, freedom for whom? Freedom for hacker crooks. Freedom for corporate tax dodgers, like Amazon.
What few cops are on the beat are either FBI folks, who see state actors when there are none, or corporate-funded security centers that are interested in protecting corporate property (i.e., the internet itself) and reputation - and not really worried about free speech or honest elections. This convergence of law enforcement and corporate security is another red line that no one seems to be tracking.
When WW3 comes, it will start on the internet. If we are lucky, all that will be blown up is our financial system and our libraries of data.
Comments
@arendt There's
There's plenty for us to do amongst ourselves, down here in the 99%, but you are spot-on in your analysis of what the real problem is with us taking action for our own benefit (independent of the government and the megacorps): the real problem is that we have been culturally and economically blitzed for 40 years, many of us are putting every ounce of their energy into keeping their heads above water--whatever that means to them--and yes, that means they are working much longer hours and are in debt and barely have time for their kids and taking care of their elders.
This economic and cultural Blitzkrieg have left us drained, exhausted, demoralized, and overworked. Therefore doing the work of increasing our independence, our sustainability/resilience, and our community ties is very hard indeed. It requires many of us to skill up (we have, most of us, been terribly de-skilled as one result of that Blitzkrieg); it requires us to do something most people are very loathe to do, which is form IRL relationships they spend time on with people who are not their families or their friends from school or work. In other words, the third sphere of human activity, (1st sphere is family, 2nd is work) where the community used to live (the parish, the neighborhood, the town, etc.) has diminished badly. We've replaced it with the internet. and I love the net dearly, always have since the 90s, but it's hardly a panacaea. And it's got operatives all over it as well, making trouble.
This is where the real problem is: we often don't have the energy and resources to connect and do real work. Sometimes it even seems that we don't have the inclination, probably because we're exhausted and demoralized.
"More for Gore or the son of a drug lord--None of the above, fuck it, cut the cord."
--Zack de la Rocha
"I tell you I'll have nothing to do with the place...The roof of that hall is made of bones."
-- Fiver
“Sanctuary cities” and Cal’s “sanctuary state” are already
declarations of intention to ignore the federal government.
With sanctuary cities, people have already philosophically and psychologically accepted a refusal to co-operate with the federal government — states would just need to extend the argument to every other area of endeavor.
So, after the 19th century’s Confederacy, a 21st century secessionist rebellion that is nominally Left, progressive, anti-fascist?
May seem a strange notion but, after all, sanctuary cities are a case of liberals learning legal strategy from Orval Faubus, George Wallace, and Lester Maddox. “States have their own sovereignty and you can’t make us.”
As far as I can tell, Trump may bluster but he’s not Eisenhower — he’s not going to send in the National Guard to enforce federal (immigration) law.
Trump is probably not an obstacle
…but he's a vindictive bastard, with poor impulse control. That's what makes people nervous.
In any event, he could be expelled from the White House, easily. I am secretly amused by this fact and turn it over in my mind often.
Trump committed a blatant, impeachable crime in front of a shocked world. Everyone saw it. He would have been charged and convicted in any of the five-eyes nations, and in any European nation. But Americans won't impeach him for it because 1) They forgot it was a crime. 2) They sort of liked it, and 3) Hell yeah!
The US is a nation of war criminals. We cheer our war crimes and we lionize those who commit them. "USA! USA! USA!"
So, I figure even the Democrats love their war crimes and war criminal Presidents more than they hate Trump. In fact, a war crime is the only thing Trump ever did that they liked. Someone should take their pussy hats away They don't deserve them.
It's Existential-Dilemma Friday. Have a nice weekend everyone.
____________________
The political system is what it is because the People are who they are. — Plato
Immigrant Entrepreneur Hall of Fame: Sergey Brin
http://www.ilctr.org/promoting-immigrants/immigrant-entrepreneur-hof/brin/
Sergey Brin is a Putin plant. Checkmate! lol
--- local, seriously ---
Immigration conversation in Cloverdale
wow I live among a bunch of xenophobic racists, it is really depressing. Rotten stinking plutocracy needs purging.
Nobody 2018
huelga
Its more likely Brin is a CIA plant
I read a news article that referred to a 2015 report about CIA funding of Google, a report which has been completely ignored. The story has a CT feel to it, with long recitals of which organizations which people work for. This is even acknowledged by the authors of the report:
I haven't got time to track down the truth of this, but it would be hard not to trace connections between the CIA and Google. It's well known that the CIA founded
Q-telIn-Q-Tel to hoover up Silicon Valley talent. IIRC,Peter ThielNorman Augustine (ex-CEO of Lockheed Martin) was the first CEO of Q-tel. Peter Thiel founded Palantir, another spookware company.Pages