‘Minecraft’ Studio Releases New Game, ‘Cobalt WASD’
Mojang, the creators and original publisher of Minecraft, today released Cobalt WASD, a new game created by a team that includes one of the a lead developer of Minecraft.
Developer Oxeye Studios describe Cobalt WASD as a multiplayer follow-up to their robo-RPG Cobalt. The game introduces competitive team-play in the style of a side-scrolling Counter-Strike and controls tuned for mouse-aim and keyboard.
In the game, two teams of bots fight across multiple rounds to try and plant and detonate bombs in their opponents’ base. Each round earns money the teams can spend on equipment and weaponry, much like in popular first-person shooter Counter-Strike: Global Offensive. But in the case of Cobalt WASD, the equipment and weapons are a bit more unrealistic, like a stealth suit, reflector shield, radioactive crossbows and a time-slowing bomb.
The game is available starting on November 30th on Steam for Windows machines and will support player-createod maps and modes through Steam Workshop. The developers say they created the game specifically for PC, which means it has mouse-aim, dedicated servers, lots of camera settings, a native resolution of 1920×1080 and can even run at 1000 frames per second. The game will sell for about $8.30 (it will be €6.99). But it will be free to folks who were alpha testers.
You can also pick up the original Cobalt for the reduced price of about $18, once WASD launches, or get both in a bundle for about $23.
Oxeye game Studios is an indie game studio made up of former Minecraft lead developer Jens Bergensten, Daniel Brynolf and Pontus Hammarberg.
Square Enix’s Minecraft-inspired Dragon Quest Builders is coming to Switch next year
The game originally launched on PS4, PS3, and Vita last year, and was very well received. Despite its obvious similarities to Minecraft, both in its blocky aesthetic and in its core crafting and construction loops, it’s an altogether more structured. focussed experience.
Dragon Quest Builders goes beyond mere open-ended survival, featuring a proper story-driven adventure. Here, you’re charged with restoring the world of Alefgard, completing tasks to rebuild towns and attract new citizens. These in turn will help fend off enemies, and offer quests that send you exploring ever-further afield. It was a strong enough twist on the classic Minecraft formula to earn a Recommended badge in Eurogamer’s review.
Dragon Quest Builders on Switch will apparently feature an exclusive “Great Sabrecub” which can “boost your speed and grant you special material by defeating enemies.”
A sequel, simply titled Dragon Quest Builders 2, was announced for Switch and PlayStation 4 earlier this year, and will add co-op play, a feature missing from the original game. However, there’s no word on a release date for that just yet.
Square Enix’s Minecraft-inspired Dragon Quest Builders is coming to Switch next year
Minecraft welcomes new Norse Mythology DLC pack
Minecraft and Norse mythology may seem like two very different things, but the two are coming together with the new Norse Mythology Mash-Up Pack, a new DLC release that brings together some familiar pieces together with the blocky goodness of Minecraft.
The mash-up pack includes locations like Hel, the Great Hall, and Yggdrasil from throughout the annals of Norse mythology. You can even dress up as important figures from the stories themselves, like the very same ones you may remember reading about in one of your history classes (the parts you fell asleep during.)
For instance you can dress up as Thor and Odin, or even Heimdall and Sif. There are a few creatures up for grabs as well to complete the package. Enemies get several interesting skins as well, transforming familiar baddies into antagonists based in Norse mythology.
There are plenty of large, fanciful environments found in the expansion as well that really look as though they could transport you, even temporarily, to a faraway place and time. You can see it all in action in the official trailer, and you can download the DLC pack right now across all Minecraft platforms.
If you like reskinning Minecraft with lots of different looks, be on the lookout for a new Festive Mash-Up DLC pack, which is releasing later this week just in time for the holidays. It will transform your favorite world with candy canes, Santa hats, reindeer, and more!
Portumna company selected by Microsoft and Mojang as official Minecraft events partner
A small family business in the West of Ireland has been selected by global gaming giants Microsoft and Mojang as an official events partner for Minecraft community events.
O’Brien Event Management was established by mum-of-three Lisa O’Brien, who was inspired to run conventions for fans of Minecraft after witnessing her own children’s obsession with the game.
Her company is now one of only three companies worldwide to be certified as an official Minecraft community events partner.
Speaking to the Galway Advertiser, Ms. O’Brien said “being selected by Microsoft and Mojang as an official events partner for Minecraft community events is a huge honour. We are the only partner company in Ireland.
“Having this status will allow us display official Minecraft graphics at our future events, offering fans an even better and more immersive experience. It will also enable us to strengthen our relationships with the global Minecraft community, including those who produce the maps used by Minecraft players when they bring in Microsoft educations to explain the powers of Minecraft to event attendees.
“Becoming an official partner will help hugely in continuing to grow our event, attracting world-class participants and sponsors, and ensuring we’re the No. 1 event for Minecraft fans in Ireland and beyond.”
Ms O’Brien ran her first “MineVention” event in Galway in December 2014. The 1,500 tickets for the event sold out in just nine hours and, since then, she has run an additional 20 MineVention events and workshops in 10 locations nationwide. Over 35,000 people have attended her events.
Tickets for Ireland’s next MineVention event are on sale now. The event will take place in Dublin’s RDS on 14th and 15th April. Tickets start from €15 and are available through Ticketmaster.
“When we started out in 2014, we had no idea of the demand that was out there from Minecraft fans. Parents had their children literally begging them to get tickets to our events.
“The support we’ve received from the Minecraft community and attendees has been overwhelming. We attribute our success to being responsive and keeping it real: we’re a small company and we personally deal with all aspects of the event – from programming, marketing and ticketing to email enquiries and social media.
“We take all feedback on board, and we implement changes and improvements all the time in response to what we’re hearing from Minecraft fans. We’ve also built up excellent relationships with Minecraft content creators: we’ve had some of the most high-profile people in the global Minecraft community attending and participating in our events.”
Minecraft is one of the most popular computer games ever developed, selling over 122 million copies since it launched in 2009.
Its popularity is so great that a community of professional YouTubers has emerged – gamers who make a living from posting videos of themselves online playing Minecraft.
The attendance of these professional gamers at the various events over the years has been one of the most popular elements of MineVention, says Lisa O’Brien.
“The ‘meet and greets’ with YouTubers have been hugely successful,” she says. “However, there’s a lot more than that to our events. We also have Minecraft VR, Education in Minecraft, gaming tournaments, ‘Build Battle’ stages, games, and arts and crafts.
“We’ve partnered with Autism Action to make sure our events are accessible and welcoming for children with autism and, in 2018, we’re introducing lots of new elements, including the chance to play on new maps built by Mojang’s MarketPlace and to visit our streaming zone to see how it all works. The fact that we’re now an official Minecraft partner means our 2018 event will be the best yet.”
O’Brien Event Management is based in Portumna, Co. Galway, and employs four people alongside Ms. O’Brien, with plans to recruit a further three staff-members in the coming year.
Further information about MineVention 2018 is available at www.minevention.com
Portumna company selected by Microsoft and Mojang as official Minecraft events partner
Square Enix CEO: Microtransactions Are Better Suited for Mobile Games Than Console Games
Square Enix can claim a few of the year’s biggest success stories with games like Nier: Automata, Final Fantasy XV, and the continued success of Final Fantasy XIV. And while Square Enix has floated games as services as the future of the industry, bolstered by a successful series of mobile games, it appears the recent controversies around microtransactions have made an impact on the company.
In a recent interview with Square Enix CEO Yosuke Matsuda for MCV, the Square Enix head shared some thoughts about microtransactions in the current game climate and how the practice might not suit console games.
“What people expect and want in a home console game is perhaps quite different from what people want in a mobile game,” said Matsuda. “The way that console games are made, the volume of content and how much effort goes into them, there’s something in that which doesn’t fit in the mind with microtransactions.”
The statement is rather interesting because earlier this year, Matsuda said that the focus in the industry is shifting towards games as services, a style of game where players would be continuously tied to a single game thanks to regular content releases. There appears to be an acknowledgement that microtransactions in full content, $60 games are incompatible.
However in the age of season passes, story expansions, and other forms of DLC, it’s hard to take this as an outright indictment of microtransactions from the Square Enix CEO. What’s clear is that Matsuda seems to argue that the tactics for microtransactions found in mobile games can’t, or won’t, work in console games. What that means in practice is still unclear.
EA kicked up a huge controversy regarding microtransactions with Star Wars Battlefront 2 this holiday season. The game offered players who wanted an “accelerated” experience an option to purchase game-improving upgrades. This generated anger among players who felt it to be unfair for players who have to otherwise play hours and hours of game content to receive the benefits of players who can buy their way to the top.
Now the industry is reeling from the controversy, with lawmakers calling for investigations into loot practices and EA considering abandoning loot boxes altogether.
Square Enix for its part found major success with the single-player Nier: Automata. There’s a good chance that its success and the toxicity around microtransactions could convince Square Enix to stay clear from practices that could potentially anger players like loot boxes.
Square Enix CEO: Microtransactions Are Better Suited for Mobile Games Than Console Games
PUBG Xbox One Patch to Deliver Performance and Visual Improvements
The Xbox One version of PUBG hasn’t had the smoothest of releases, with the game’s performance and visuals coming under fire from players. Thankfully, PUBG on Xbox One is set to be improved today thanks to the game’s first patch.
PUBG on Xbox One currently suffers from some pretty severe frame rate issues and isn’t much of a looker (on either Xbox One or Xbox One X), but the first steps to improve things start today. As well as a series of bug fixes, gameplay, and UI tweaks, the debut patch for PUBG on Xbox One will provide a first pass on visual and performance improvements.
That’s great news for players of PUBG on Xbox One X. While the game is part of the Xbox Game Preview program and as such is a work in progress, such a high profile game performing so badly on the consoles isn’t a good look for Microsoft. As the firm battles to gain some ground on the PlayStation 4, it’s hoping the power of the Xbox One X will win over some players.
The Xbox One PUBG patch will go live today at 1AM PST / 10AM CET / 6PM KST. Detailed patch are below:
Gameplay
- Gas can now be used while on bike or bike with sidecar
UI/UX
- Equipment icons on HUD will now be visible
- Player icon is now more clearly visible on the world map
- UI prompts now appear when reload and enter a vehicle options are present
- Character
- Tweaked hair color options
Animation
- Cleaned up sidecar passenger animations in first person view
- Fixed player camera issues while a passenger on the backseat of a Buggy
- Addressed arm animations specific to holding some weapons
- Character now correctly faces the proper direction when stopping while swimming
Others
- First pass visual and performance improvements
- Slightly improved anti-aliasing on Xbox One and Xbox One S
- Localization updates for Vietnamese, Spanish,(Spain/Mexico)
- Controls on motorcycle no longer inverted
- Keyboard functionality is disabled
Bug Fixes
- Fixed instances of player nametags not properly displaying in the lobby during Squad and Duo play
- Fixed minor animation while crouching and prone
- Fixed issues where curtains on windows block line of sight of players in the TPP mode
- Fixed an issue where when Squad leader left the party, voice chat ceased to function as intended
- Fixed issue where players could lean out of vehicles even when obstructed
- Fixed collision of cardboard boxes in Yasnaya city
- Fixed typo in the controller guide
- Other minor fixes
Read all about how to get better at PUBG on Xbox One in our PUBG Xbox One guides.
PUBG Xbox One Patch to Deliver Performance and Visual Improvements
Minecraft Players Are Choosing The Xbox One Edition Over The Better Together Version
Back in September, Microsoft and Mojang launched the Better Together update for Minecraft on Windows 10, Xbox One, iOS, and Android. This update allowed players on those devices to play together and access the Marketplace on any of those platforms.
The new Better Together versions of Minecraft are known collectively as the Bedrock Edition. The Bedrock games avoid the “___ Edition” naming scheme on their respective platforms, being just “Minecraft” instead of “Minecraft: Pocket Edition” or “Minecraft: Windows 10 Edition”. This is the new foundation and codebase Mojang wants to build upon, hence the name.
In the case of Minecraft on Xbox One, if you purchase the game now on the Xbox Store, it’s the Bedrock Edition, called “Minecraft”. If you had the previous Minecraft: Xbox One Edition, you get the new version for free, but the old one remains installed on your console. This allows players to switch back and forth between both versions and players are finding they prefer the old Xbox One Edition.
If you go to the Microsoft Store page for Minecraft: Xbox One Edition, the game is rated at 4.5 stars out of 5 with 111,000 reviews. In contrast, the new Minecraft entry is rated at 2.5 stars out of 5, with 5,634 reviews as of this writing.
“The Xbox One Edition was designed for Xbox, this version is literally a port from PC. The creative inventory is a disarray and difficult to navigate, placing blocks is much slower as being precise is terribly difficult. The graphics are a disgrace, the game crashes every 30 mins, everything is laggy,” said one review. (Edited for spelling and formatting.)
“The new crafting and inventory menus are quite cumbersome and seem rushed. It now takes easily twice as long to perform trivial tasks like swapping items in these menus in creative mode. The previous setup was much more streamlined and easier to use,” added another review.
“I played this version in beta and it was not ready for a public release. There are numerous problems that went unaddressed or were flat out ignored. To list a few: Frame rate is extremely unstable and drops considerable. This version is not optimized for redstone and more complicated devices produce massive amounts of lag,” said one review from last month.
The previous Minecraft editions were customized for their specific platforms by 4J Studios, who no longer seem to be involved in the new versions. They took into account the technology behind each console or device, and tailored the releases to those platforms.
Players are saying that the Bedrock Edition represents a step back. There are lost features like large biomes, some players dislike the new UI and Creative mode controls, there are reported frame rate issues, lag, and crashes that didn’t occur in previous editions, and some players can’t even convert their worlds over to the new version. One of the top requests on the Minecraft support site is for a console UI for the Bedrock Editions on Xbox One.
Players on Xbox One have gone around the problem by simply playing the old Xbox One Edition, but Mojang isn’t updating that version anymore. If players want new features, they’ll need to upgrade eventually. Currently, the Nintendo Switch version is supposed to join the Better Together party at a later date, but some Switch players are hoping that update can be pushed down the line until the Bedrock codebase has seen some fixes. Hopefully, Mojang and Microsoft keep plugging away at the new unified Minecraft, because players aren’t happy.
Minecraft Players Are Choosing The Xbox One Edition Over The Better Together Version
How a Rutgers student went from Minecraft to internet warfare
There are no rules or goals in Minecraft.
“The game is brilliant in a lot of ways,” observed Brian Krebs, a former Washington Post reporter and well-known cybersecurity blogger at KrebsonSecurity.com, talking about the incredibly popular Lego-like video game where players make things out of virtual blocks. “You can build anything and destroy anything. You just make up things as you go along.”
Paras Jha, a Rutgers University computer science major, was apparently a Minecraft devotee, playing the game with others in an on-line world where everyone knows each other by their screen names.
That was before the 21-year-old from Fanwood wrote the computer code that was later used by others in one of the biggest internet attacks of the decade.
The unsealing of federal charges Wednesday against Jha and two other young men in connection with a series of earlier cyber attacks was described by prosecutors in terms most familiar to a computer security expert. The trio, according to the feds, created and operated two “botnets” which targeted “Internet of Things” (IoT) devices, launching a powerful distributed denial-of-service or DDoS attack that crippled web hosting companies across the country.
But essentially what they were doing, according to authorities, was running a sophisticated high-tech protection racket.
Federal prosecutors have not provided much detail into what motivated them. However, investigators and computer security experts say it all may have begun with Minecraft, the game with no rules.
And the muscle they employed was a malicious computer software program they had written. That code was used by others–their identities still unknown–to infect hundreds of thousands of devices connected to the internet in a massive online attack in October 2016 that blocked access to Twitter, Spotify, Netflix, Amazon, Tumblr, Reddit, PayPal and many other popular websites.
No one has been charged in that incident, which came after Jha and others posted their malware on the Dark Web.
New variants of the code, meanwhile, have been picked up recently by cyber security researchers.
Playing the game
Jha, together with Josiah White, 20, of Washington, Pa., and Dalton Norman, 21, of Metairie, La., earlier this month pleaded guilty to creating and operating a network of compromised computers known as “botnets” that were used in a number of attacks on several host servers.
Jha also last week pleaded guilty to a series of separate attacks that took out the Rutgers computer network.
Appearing in court before U.S. District Court Judge Michael Shipp in Trenton, Jha acknowledged his involvement, but offered little more. His attorney, Robert Stahl of Westfield, said “Paras Jha is a brilliant young man whose intellect and technical skills far exceeded his emotional maturity.”
Investigators say Jha was immersed in online gaming culture, and was adept at writing code–the software that controls a computer.
But there is a dark side to cyber gaming. Popular game servers are often targeted for sport. And sometimes, for money.
Krebs, who was the first to link Jha to the cyber attacks and the software that caused them, said there is a lot of money to be made off hosting Minecraft servers. Some in the industry have told him it’s not hard to make $200,000 or more a month.
That did not go unnoticed.
“What started happening in 2013 and 2014 was the biggest Minecraft servers began to come under DDoS attacks,” said Krebs, noting that some of these operations were willing to “pay handsomely to protect them from these type of attacks, which are fairly complicated.”
Distributed denial-of-service, or DDoS attacks involve the hijacking of hundreds of computers, which are used to flood the internet connection of a targeted server or computers. Such an attack generates a barrage of so many fake requests for information that the server typically crashes under the assault.
“It only takes a while for some of these servers to be off line before someone says ‘screw it, I’ll find someplace else that doesn’t have problems,'” Krebs noted.
Jha was one of those who created a business offering his services to companies hosting Minecraft servers, to protect against DDoS attacks, said Krebs.
According to court filings, however, Jha had also created a botnet–a collection of hijacked computers that were infected with malware software used to launch the kind of distributed denial-of-service attacks that were plaguing many of the Minecraft game servers.
However, the targets of the worm Jha and others used to create the botnet was something that had not been seen before, according to the Justice Department. It burrowed into non-traditional computing devices connected to the internet, such as wireless cameras, home routers, and digital video recorders, the so-called “Internet of Things.”
“Some of these devices have no way to change default passwords,” noted Adam Alexander, an assistant U.S. attorney for the District of Alaska, where the hidden controlling software corrupting the internet-connected things was first discovered.
The authors of the botnet called it Mirai, named after a popular character in Japanese anime, according to FBI case agents who said the three were fans. The Justice Department said the Mirai botnet, at its peak, was made up of hundreds of thousands of compromised devices.
“Once they built the botnet, they sought to make money by renting it or extorting companies for money,” said William Fitzpatrick, the acting U.S. Attorney in New Jersey, where the botnet repeatedly hit the computer network at Rutgers University.
According to the government, Jha ran Mirai on computers from his family home in Fanwood.
Beginning in the summer of 2016, Mirai was deployed to conduct attacks against a number of game servers and hosting companies. Prosecutors said Jha contacted one company and demanded payment in exchange for halting the attack. They said he also bragged about his exploits using monikers such as “ormemes” and “Anna Senpai” on discussion boards, soliciting clients.
That bravado also served to unmask him.
Krebs began a deep dive into the Mirai botnet after his own site was forced offline by a DDoS attack for nearly four days.
Krebs tied to the malware to Jha earlier this year, publicly naming him after linking him to Anna-Senpai. But he believes the FBI already knew much of what he posted.
Indeed, when NJ Advance Media knocked on Jha’s door back in January after the Krebs post, his father said the FBI had interviewed his son, but denied he had any knowledge of the attacks.
Counting clicks
In addition to those attacks, prosecutors said Jha and Norman made money with software that duped on-line advertisers.
“They build a botnet to commit click fraud,” said Fitzpatrick.
Click fraud is a scheme to artificially pump up the number of “clicks” on a particular website, to increase advertising revenue generally based on how many times someone clicks on a page. In Jha’s plea agreement, prosecutors said the student leased access to his click fraud botnet in exchange for payment.
“Because the victim activity resembled legitimate view of these websites, the activity generated fraudulent profits through the sites hosting the advertising content, at the expense of the on-line advertising companies,” noted the court filing.
That scam netted Jha and others 100 bitcoin, valued at the time at more than $180,000, said prosecutors.
Closer to home, even before those attacks, Jha admitted he had initiated DDoS attacks on the computer network at Rutgers University, where he was then studying.
In 2014, the university first began to get hit with a series of denial-of-service attacks that crashed Rutgers’ websites and cut off Internet and Wi-Fi access to tens of thousands of students, faculty and employees. The university, which had announced it planned to spend $3 million to upgrade its computer security system, was taunted by someone on Twitter using the screen name “exfocus.”
“where internet go?? 3m dollar gone?” asked one tweet.
In a courtroom in Trenton on Wednesday, Jha, who is no longer at Rutgers, admitted that he was “exfocus.” And he said he timed the attack during midterms when it would cause the most disruption.
He did not say why.
Prosecutors said toward the end of the scheme, Jha took steps to conceal his role in the Mirai botnet.
In September 2016, the government said he erased the files on his home computer and then posted the Mirai code online, “in order to create plausible deniability if law enforcement found the code on computers controlled by Jha or his co-conspirators.”
The following month, other hackers took the Mirai code and launched a massive cyber attack that crippled much of the internet, crashing Twitter, Netflix and other websites.
Who they are remains a mystery.
All three men have pleaded guilty in the District of Alaska to charges of conspiracy to violate the Computer Fraud & Abuse Act in operating the Mirai Botnet.
Jha pleaded separately in New Jersey to launching the cyber attack on the Rutgers University computer network.
He is to be sentenced in March.
How a Rutgers student went from Minecraft to internet warfare
PC game Minecraft can be a teaching tool
Minecraft is a game that most people certainly have heard of. If you do not know about the game, ask a child who will likely to give a very enthusiastic response that can last up to several minutes (or hours depending on the child). As of the time I wrote this article, Minecraft was the No. 1 best-selling PC game in history. Minecraft has been so successful that it caught the attention of Microsoft, which purchased the game as well as the founding company, Mojang, in 2014.
I first heard about Minecraft about three years ago when numerous students in my class constantly talked about it. Hearing about this game so annoyed me that I wanted nothing to do with it. The concept of Minecraft sounded confusing to me, and I could not figure out why it was such a popular game with children. About a year after I first heard about it, I caved in and bought the game to check it out. As the saying goes: “curiosity killed the cat.” It definitely killed my skepticism about the game, and I became hooked within just a couple days. One night I played Minecraft so intensely that it was 1 a.m. before I realized it.
For those who don’t know about Minecraft, it is an open-world concept game where players can build, mine, fly, explore and do just about anything their heart desires. Players can be in creative mode, which allows them to build with unlimited blocks and fly around the world they are in. They also can be in survival mode, where they create weapons using materials they find; obtain food by hunting animals and planting gardens; and build an appropriate shelter to protect themselves from monsters that are ready to attack or blow up the players. Minecraft is available in multiplayer mode so numerous people can build in the same world at the same time.
Parents and teachers need to be in tune with what children are engaged in and find ways to use it as an educational tool. Minecraft is one of the rare games that can be used in every classroom subject and beyond. Children are still fascinated with the game, so this is our chance to capitalize on it and use it to our advantage.
Here are some ideas for you to use Minecraft with your children or students:
–Math and Minecraft go hand in hand in several ways.
One, it is very easy to integrate area and perimeter in the game. Have the child build something with a square shape in Minecraft, and after they are done they can count the blocks on each side and calculate the area and perimeter. For older elementary and junior high children, integrate volume as well and have them find the answer. Each block in Minecraft is one meter long, wide, and high. Older students can calculate the exact area and perimeter using that information.
Another topic that usually is introduced in fifth grade is finding the area of composite shapes. A teacher approached me and told me that her students were not doing well in this topic, so I taught it using Minecraft to see how the students would respond. As I broke the composite shape down into two different shapes using different blocks, it clicked for the class. Students’ scores in this topic went up dramatically, and it was all because of the game.
–You can use Minecraft in science by allowing students to be creative.
If younger students are having a difficult time understanding ecosystems, there is a world that can be downloaded that introduces different habitats. For older students who are learning about the respiratory system, download a world where students can explore how air travels down the trachea to the lungs and ultimately to the blood.
If you google the subject you are looking, for followed by “Minecraft world,” there’s a good chance that a world already has been made.
–Reading and Minecraft work very well together, believe it or not.
You can have the child recreate a scene from a book they are reading and have them act out what they have read so far. You can also have them place signs in order and have them type the sequence of events in the story. Signs have many uses, such as creating a story and having the child read it out loud. They also can be very helpful with comprehension, phonics or any other topic the child is not doing well in.
–Minecraft can also be used in social studies, foreign languages or art.
You can show the child a building from the 1700s and have them recreate it by using the features being studied. Signs can also be used to label different parts in a house in the language they are learning. In art, students can recreate a painting to the best of their ability to identify shading, tint and more.
Minecraft can even be used as an assessment tool. You can get real creative and make rooms with four doors as the answer choices. Place the question on a sign on the side of the room, then place chests behind each door. The right answer choice can have food of some sort, while the wrong answer choice can have rotten flesh.
These are just a few ideas on how Minecraft can be tailored to the needs of the child to increase learning in whatever subject is being taught. This game has the amazing power of immediately engaging students, so I challenge you today to help your children or students by implementing ideas such as this to bring learning to their level. A big thing holding us back is fear, so for the sake of the children, let’s get out of our comfort bubble and do what’s best for them.
D.J. Rambo teaches technology at Pease Communications and Technology Academy.
School begins using Minecraft in order to teach history
A primary school in Cambridgeshire is using Minecraft in the classroom to teach pupils all about history.
According to the BBC, the children at Haslingfield School have been playing the popular computer game to design a Bronze Age city which has helped them to learn more about yesteryear.
The school has also been assisted by a group of experts from the University of Cambridge in order to design the city accurately.
The game, which ultimately allows players to build with a variety of different cubes in a 3D procedurally-generated world, has gained much success since it was first developed back in 2009.
Although the demo is free, it actually costs to pay and many more editions have been released since.
Earlier this year, the Nintendo Switch partnered up with the game to create Minecraft: Nintendo Switch Edition.
Climb a Mountain for Christmas: TOYA Releases “My Snowy Journey” on Minecraft Marketplace
TEL AVIV, Israel, Dec. 22, 2017 /PRNewswire/ — Just in time for Christmas, there’s a new Minecraft game from the Israeli start-up company TOYA, which develops games for girl-empowerment. “My Snowy Journey” is an awe-inspiring trip up Mt. Everest where players follow in the footsteps of and are assisted by the first woman ever to reach the summit, Japanese climber Junko Tabei.
“Junko Tabei was an amazing woman,” said TOYA CEO Anat Shperling. “Although at the start of her career she had no help from her government or male mountaineers, she climbed not only Mt. Everest but the Seven Summit peaks – the highest mountains on seven continents.”
“As a role model for the millions of gamers playing Minecraft, especially girls, Junko is very special. She did things her own way, resisting and overcoming all obstacles. We were inspired by her personal passion for climbing, and created a game that enables you to climb Mt. Everest while experiencing fun and challenging gameplay.”
“My Snowy Journey” takes players up the mountain through a series of challenges, including three giant ice walls that increase in difficulty. With tools and the help of Whysa, a rather unpredictable old lady who appears in every TOYA game, gamers interact with Junko and each other as they climb to the top – where, like real mountaineers, they can leave their own permanent messages. The game is available for purchase at http://bit.ly/2Bv1PNW
“Making Everest look like its gigantic self, while not intimidating young gamers, was a design challenge we had to overcome,” said Yifat Anzelevich, TOYA’s COO. “We wanted girls to experience the immense, icy world of Everest while understanding how Junko’s personal approach of not being intimidated by the mountain was what enabled her to master it!”
TOYA was founded by Shperling and Anzelevich, women entrepreneurs, to create a brand of digital games and media designed to inspire and motivate young girls to realize their full potential, and expose boys to the accomplishments of women who changed our world. The small start-up is developing new Minecraft games designed to be an alternative to the typical “pink” games about fashion, pets and homecare targeted to grade-school-age girls.
The games are important for boys, too: research indicates that there is only one female for every five male characters in video games, and 76% of solo video game heroes are male, despite the fact that half of online gamers are female. The Minecraft games’ playful learning experience enables gamers to become explorers, adventurers and all sorts of heroes through experiencing the accomplishments of exceptional women from around the world. The company’s first Minecraft game, inspired by the work of renowned gorilla researcher Dian Fossey, was released in November.
“My Snowy Journey” will be featured on Microsoft’s “12 Days of Minecraft” and its skin pack will be available to play for free on December 29th. The game will be available for purchase starting December 19th. Toya is one of Microsoft’s few Minecraft content-creator partners and is the only one developing games that focus on phenomenal women achievers around the world. Most of the games include subtle encouragement for players to develop and use STEM skills, from understanding animal biology to figuring out the geology of mountain-climbing.
Minecraft itself is a gaming phenomenon, with a user base of more than 130 million gamers around the world, 40% of whom are female. The game’s popularity is rooted in its creative, non-violent approach, and in its graphics, both the users and their surroundings are made out of blocks, allowing unlimited choices in representation and creating new worlds.
“From the textures and colors of this game to the ability to join an online “community” of gamers who have completed the game successfully, ‘My Snowy Journey’ is a unique addition to the Minecraft universe,” Shperling said. “It’s another landmark for the TOYA approach: fun and interesting but with the serious purpose of empowering girls around the world.”
In 2018, TOYA will release a series of adventure games inspired by extraordinary women from Brazil, Egypt, the UK and Japan, and is expected to expand its content to linear media as well.
Media Contact:
Anat Shperling
972537728870
187910@email4pr.com
SOURCE TOYA
Climb a Mountain for Christmas: TOYA Releases “My Snowy Journey” on Minecraft Marketplace
The Last Jedi Petition Ignores Luke’s Amazing Character Arc
Star Wars: The Last Jedi has lit the internet up with both praise and critique, an overflow of love and hate. It’s actually pretty poetic, considering a theme of the movie is about finding a balance between light and dark. As the debate continues a large petition circulating online right now focuses on Luke’s actions and argues the portrayal of the Jedi is so horrid, Disney should scrap the record-breaking box office hit from the official canon and completely redo the story. These people are wrong.
WARNING: Full The Last Jedi spoilers ahead. Read at your own risk.
The crux of the argument for the petition is that The Last Jedi depicted Luke Skywalker, and therefore the entire Jedi order, as less than pure good. “ It completely destroyed the legacy of Luke Skywalker and the Jedi. It destroyed the very reasons most of us, as fans, liked Star Wars,” the petition argues. “[R]e-make Episode VIII properly to redeem Luke Skywalker’s legacy, integrity, and character.”
The problem, if you haven’t seen the movie and are still reading this article, is Luke attempted to kill Ben Solo back when he was training his young nephew. Luke’s justification for this move is because he saw the evil lurking in Solo, and wanted to eradicate it before it could spread. Ironically, Skywalker’s actions further fueled Solo’s quest for power and was the driving reason for Solo to turn into his alter ego Kylo Ren.
If that moment felt off to you, like Luke was abandoning the ways of the Jedi and becoming evil, then congratulations. That’s how you’re supposed to feel. Luke even feels this, which is why he decided to run away to a small corner of the galaxy and hide for the rest of his life. He knew he did something wrong, and couldn’t face the repercussions of his actions, especially from Han and Leia.
This point is driven home even further when Rey shows up, asking what happened to the legendary Luke Skywalker. The rebellion is failing and the Ultimate Hero is needed once again to come save the day. However, Luke knows he isn’t what people want him to be. He can’t be the force of pure good people think he is, because of his actions in the past. He’s flawed, he’s human.
If this makes you stop and look critically at who your heroes are, that’s a good thing. Allegations against many notable people like Louis C.K., Al Franken and Matt Lauer have made us rethink if those we look up to should be put on pedestals and trumpeted as our favorites.
The petition ends with the line “let us keep our heroes.” Maybe our heroes know they have reason to not be seen as such. Maybe it’s time to make some new heroes.
So what do you think? Are you still upset with what The Last Jedi did to Luke Skywalker? Do you like the flawed portrayal of a man who is capable of error? Let us know your thoughts in the comments section below, but please keep it civil.
New Jumanji Mobile Board Game Is Actually Pretty Fun
Movie releases and casual mobile games seem to go hand in hand these days, so it’s no surprise the new Jumanji: Welcome to the Jungle film has a companion mobile game. In my experience, the majority of movie-themed mobile games turn out to be uninspired money grabs, so I went into Jumanji with some tacit eye-rolling. However, after spending a little time with the game, I was happy to discover it isn’t half bad. In fact, once I got a handle on the rules, it became downright fun..
The best way I can describe Jumanji: The Mobile Game is a mashup of Monopoly and Hearthstone, but simpler. While the combination may sound terrible, it actually comes off quite well in Jumanji. The game board consists of 12 spaces. 10 of them are like Monopoly properties you can purchase and then set up camp. Each time you pass START, you’ll earn income off these properties, so acquiring as many as you can becomes a central goal. The other two spaces are special features, similar to the corners in Monopoly. These change as the game progresses. Sometimes they are punitive and landing on them will cause you to be imprisoned and miss a turn. Others can give you boosts like gold coins or the ability to move to any spot you choose on the board.
Like Monopoly, the object of the game is to monopolize the board, forcing your opponent into bankruptcy. What makes Jumanji ingenious, however, is that it solves a major Monopoly gameplay problem that puts many people off. When you first start playing Monopoly, it can be fun, but once a player has gained control of the board, the outcome is unavoidable and inevitable. If you are the loser, you’ll be subjected to hours of tedious torture as your opponent slowly bleeds you dry of your resources.
Jumanji solves this problem by offering more options for what can happen when you land on an opponent’s property. Players have the option to pay a toll or attack the other player. If they choose to attack (which everyone pretty much does), then players move to an RPG-style dice battle. If your attack is higher than your opponent’s defense score, you win the fight and with it, not only steal that player’s property, but also some of his or her gold.
But the battle isn’t solely dependant on the toss of a dice. In fact, attacks are where the Hearthstone -like CCG elements come into play. Going into a game, each player takes with them a deck of six cards. These cards make up your team and each have varying amounts of attack and defense points, as well as special skills. When you purchase a property, its base defense level is the same as your team’s combined defense points. In the same way, when you make an attack, your base attack is equal to the combined attack points of your team. When an attack occurs, your base points are added to your dice roll and whichever player’s total is higher wins the match. When a game ends, whichever player wins will be awarded a backpack full of resources, including new cards you can unlock or duplicates used for upgrading cards.
In the first stage of Jumanji, this is as complex as the rules get, but Stage 2 introduces to skills, which add a greater element of strategy to the game. Each card in your deck comes with a particular skill that is either passive or active. Passive skills go into action under certain conditions (ex: increase defense by 1 during the day), while active skills can only be used once during a game. These include everything from destroying an opponent’s base to stealing coins and more. Some of these skills prove quite useful and become a key factor in putting together your team. You also get to choose one of four heroes for your game, each with a starting perk like additional coins or heightened attack scores.
Since Jumanji is meant to be played in five to 15 minutes, the developers have added two additional ways of winning the game if you can’t manage to bankrupt your opponent. 1) Gain control of all properties in a set, creating a monopoly or 2) have the most money at the end of 12 rounds.
My biggest complaint with Jumanji is the opening tutorial lacked information about how to play and the strategy behind the game, which could be off-putting to new players. If you stick in there though, you’ll soon discover that Jumanji is a satisfying online multiplayer game. If you enjoy casual games that combine both luck and strategy this one is worth checking out. You can download Jumanji now for free on either the Apple App or Google Play store.
The Gifted’s Emma Dumont Thinks There’s No Happy Ending
Every conversation, every scene in The Gifted has a larger meaning. It’s what makes the X-Men series feel so big, despite being filled with lesser known characters. The fall finale was no different. The Stepford Cuckoos make their debut, telepathically forcing more than a dozen Sentinel Services agents to open fire on one another. This happens only hours after Agent Turner’s lengthy, and somewhat enlightening, conversation with the Strucker parents that culminated in an agreement to transport the captured Mutant Underground’s allies away from Trask Industries where Dreamer was murdered.
“It was very important the conversation included the wives,” series star Emma Dumont told Player.One. “We’ve seen conversation between Jace and Reed. It’s bigger than just these men and their egos, there are bigger risks. And it foreshadows that the X-Men say a war is coming — this scene specifically shows it may not just be a war between two parties. What does that mean for the mutant underground and the Struckers, and what does it mean for Lorna? There are so many factors that we get into in the last three episodes.”
At this point in the series, we don’t know much about the deadly “7/15” event that is tied to the disappearance of the X-Men and the Brotherhood, but the nature of the Stepford Cuckoos’ introduction was so ruthless, so dark, there’s no doubt Agent Turner is done hearing out the Mutant Underground.
“We can talk about 7/15 all day long and obviously understand what it’s a reference to, but until we actually see a mutant commit a horrible crime like this, we aren’t gonna understand why Jace is the hero of his own story,” she said. “The fact that this sweet little blonde girl could make armed, trained men do these things — it’s terrifying. But not only can she can do it, she will do it. We could kill each other every day of our lives, but we don’t, because we have empathy. That’s what makes us different than other animals. But to see someone who really doesn’t have that… The audience needed to see it.”
Dumont explains the scene highlights The Gifted’ s ongoing exploration of prejudice. You cannot blame an entire group, especially an entire minority group, for the terrible actions of one person. But for Polaris, the incident was particularly jarring because the Stepford Cuckoos actions are sort of an irrational version of her own Magento-esque mutant code. It’s a kill-or-be-killed world, but there are rules.
“If you are using your mutant ability, using mayhem and violence and chaos, and you are not saving someone… Lorna thinks it’s fine, kill Hitler, it’s totally fine, but if you are doing things that don’t benefit other people, that is disgraceful. Reed, in her mind, isn’t helping anyone. Putting those mutants away, ripping up families, those are bad things and they are not redeemable,” Dumont said. “However, if someone like Magneto were to kill one bad human and save hundreds of innocent mutant lives, that is okay with her, she sees the good in that. It’s a very sketchy fine line, but to her it’s very clear thinking. Lorna thinks it makes total sense.”
Eclipse doesn’t see it that way, and his relationship with Polaris illustrates the dynamic between Professor X and Magneto (and their real life counterparts) from the comics and cinematic universe.
“It’s an exact parallel to Professor X and Magento. Marcos wants peace. He will sit by and have change happen slowly. He thinks any change is good change, and Lorna won’t have it. She definitely believes if we all started acting a lot more, using our powers and taking a stand. If that means violence than so be it. But if things continue the way Marcos wants them to continue, then things will never change,” Dumont continued.
“The difference between slavery and current-day hate crime, it’s a difference but we are still living in a world where horrible things happening to minority groups — innocent people being hurt and killed — and it’s not okay. And Marcos sees those two time periods and says, ‘Oh, but look how different it is now? Now, people don’t own mutants, they just abuse them and hurt them.’ But to Lorna that’s an awful way of thinking. She thinks if you stand for nothing, you’ll fall for anything. She has a very Magento way of thinking politically. In the eyes of justice, that’s the right thing to do.”
Like Magento, Polaris isn’t even sure there is a place for people like Strucker — who have only recently displayed a willingness to understand the mutant cause — to be part of the way society moves forward to create equality.
“Someone that’s been raised up in bigotry, who now works for the government, not only do they do that because they are passionate about ‘protecting the general public,’ they are paid to do this. They get paid to hurt people. So, of course, the end goal we all say is to make this a peaceful environment for mutants and humans to live in together. But Lorna doesn’t know if that is possible. She’s almost to the point where she thinks these people need to be taken away,” she said.
The X-Men universe is defined by what exists between love and hate. Mutant discrimination never stops, political initiatives are never enough to incite real social change, the scientific experiments only get more invasive — and The Gifted will be no different.
“There will never be a happy ending, especially in the X-Men universe,” said Dumont. “The fall finale was heartbreaking in every way imaginable. On an individual level, people start to get what they want, but then in the overall goal of making peace between mutants and humans, it sort of falls apart.”
Dumont teases big things for the last few episodes, including an internal struggle about her character’s place in surviving such an oppressive world — a story arc Dumont isn’t shy to compare to that of Magneto. With a child on the way, Polaris will finally come to terms with what she believes needs to be done.
“She has this reputation, but finally now she’s at a place where she doesn’t care. She doesn’t care if you don’t like things about her because she is right. And she hates that she’s right — we will see this in the last few episodes — she hates that Magneto was right. She wishes it wasn’t this way, but it is, and she has to do what she has to do.”
The Gifted returns Jan. 1.
Watch Agents Of SHIELD Season 5 Episode 5 To See Lance Hunter Return
The Marvel’s Wanted pilot starring Lance Hunter and Mockingbird didn’t pan out, yet thankfully, Agents of SHIELD has found a way to bring a beloved team member we haven’t seen since Season 3 back to the series. Nick Blood will return as Hunter in episode 5, “Rewind.”
The new promo reveals Hunter’s return, and that Fitz has been held in captivity for six months. We don’t know who these people are (they look like military), but they have forced Fitz to help them find the missing SHIELD agents. Fitz has yet to come up with any plausible theories — the only thing he can come up with is that they’ve been abducted by aliens.
“You want to find them to bring them to justice, I want to find them so I know they are okay.”
Bring who to justice? It seems like a lifetime ago, but if you remember back to the Season 4 finale and the whole AIDA framework ordeal… there’s no question government officials need answers about what happened. Before the team was abducted, Fitz even offered to take the blame for messing with the Darkhold. But before he and Coulson can finish their discussion, the bald guy appears and next thing you know, everyone except Ftiz is in space. Even though AIDA and the Framework is Fitz’ fault, SHIELD is still on the hook and it appears the government officials are convinced they are on the run. And when Fitz said he thinks SHIELD was abducted by aliens, the woman tells him to enjoy spending his life in a cell.
Thankfully, Lance Hunter comes to the rescue. According to Blood, Lance and Fitz are integral to helping the team return from space.
“Oh yeah, I don’t think Fitz could have managed it without him — or at least that’s what I think Hunter tells himself ,” Blood told TV Line. “Fitz is very grateful to see him, despite the fact that some of his ideas don’t go quite according to plan.”
Unfortunately, it’s unlikely we’ll see Mockingbird join the fight. Adrianne Palicki is busy in The Orville, but who knows, maybe ABC is saving her return as a surprise. Blood did reveal his characters is at least still in touch with Bobbi.
“Well, he’s been up his usual tricks, doing some mercenary work and bickering with Bobbi… He doesn’t necessarily have access to all the bells-and-whistles and gadgetry that S.H.I.E.L.D. did, so he has to use his charm and his wit to break down doors, and call in a few favors from his dodgy friends — who at times are quite unreliable!”
The next episode of Agents of SHIELD airs at 9 p.m. on Friday. Are you excited for Lance’s return? Let us know in the comments.
Watch Agents Of SHIELD Season 5 Episode 5 To See Lance Hunter Return
Minecraft Marketplace Holiday Update Coming Thursday, Says Mojang
The holiday spirit will come to the Minecraft Marketplace before week’s end, announced developer Mojang on Tuesday. All of the content featured in the announcement will be premium DLC (because why would one of the best selling games in history give anything away for free?), and features a theme to celebrate Christmas in the world’s most popular sandbox game.
First up is the new Norse Mythology Mash-Up Pack, a relatively self-explanatory new addition to the list of Minecraft visual overhauls. The new mash-up pack lets Minecraft players visit blocky versions of the Great Hall, Hel, Yggdrasil and other iconic locales from Norse mythology. New skins include a who’s who of the Norse pantheon, from Odin and Thor to Sif and Heimdall, along with lesser mainstays like wolf and bearskin-clad berserkers. The Norse Mythology Mash-Up Pack also includes reskins for a shockingly long list of enemy mobs.
Mojang also highlights a sprawling array of new community-created holiday content on the Marketplace this week. Beginning Thursday, players will find mods who will invite them to winter festivals, join a pirate’s Christmas celebration or take a ride in Santa’s sleigh. Although than a dozen unique Minecraft add-ons will be part of the holiday promotion, today’s announcement didn’t include pricing information for any of the upcoming Marketplace content. A handful of the holiday additions are currently available, but the vast majority will arrive on/after Dec. 21.
It’s a bit disappointing to see that Mojang will not follow the lead of the many other studios, like Io Interactive and Blizzard, which release holiday content free of charge. The Minecraft Marketplace may have been created to give the community’s growing legion of content creators a chance to make a living (or at least some side income) off their work, but that doesn’t mean Mojang can’t produce a separate batch of holiday-themed content too. Most players probably wouldn’t want a holiday update if it meant slowing development of Minecraft Update 1.13. But it’s still a disappointing follow-up to last year’s Festive Mash-Up Pack.
Minecraft is currently available on PlayStation 3, PS4, Xbox 360, Xbox One, Nintendo Switch, PS Vita, the New 3DS, PC and numerous smart devices.
Be sure to check back with Player.One and follow Scott on Twitter for more Minecraft news in 2018 and however long Mojang supports Minecraft in the years ahead.
Minecraft Marketplace Holiday Update Coming Thursday, Says Mojang
Minecraft video game gets big content update in time for the holidays
Minecraft has updated across the Xbox One family of consoles with a variety of changes and new content.
In addition to the new Norse Mythology Mashup Pack, the update also adds a Festive Tumble Arena where gamers can celebrate the holiday season. This update also changes some mechanics involving cauldrons, potions, water, and world generation that should please many Minecraft fans. Here’s the official release notes for this update.
- Added Norse Mythology Mashup Pack.
- Added Festive Tumble Arena.
- Added New Horse Model.
- Added Dyeable Leather Horse Armour.
Cauldron changes
- Cauldrons can be filled with potions.
- Tipped Arrows can be created using an Arrow with Cauldrons filled with potions.
- Water can be dyed.
- Armour can be dyed in a Cauldron filled with dyed water.
Baby Zombie jockeys can now ride any mobs.
World generation changes
- Added Fallen Trees & Dying Trees.
- Village Changes.
- Tables have brown carpet instead of a pressure plate.
- Added Ice Plains & Cold Taiga Villages.
- Added Chests to Ice Plains and Cold Taiga Villages.
- Ice Plains & Cold Taiga Villages won’t generate crops.
- Paths around village wells now made up of grass path (sandstone in desert).
- Dispenser changes.
- Fireworks will fire in the direction the dispenser is facing.
- Mob heads will drop to ground unless they are being placed on a block that would cause a Wither or Snow Golem to spawn.
Updated Wither Boss behavior
- Explodes and spawns Wither Skeletons on half health.
- Change to dash attack.
- Remove health regeneration.
- New birth and death animations.
- Armor Stands now have arms and multiple poses.
Do you play Minecraft on an Xbox One? Let us know if you like the console experience in the comments below.
Minecraft video game gets big content update in time for the holidays
3 US hackers took out key parts of the internet in 2016 because they wanted to make money on Minecraft
- Three US college-age hackers pleaded guilty to creating the Mirai botnet, which took out critical parts of the internet in 2016 through distributed denial of service (DDoS) attacks.
- The attacks affected Spotify, Twitter, Reddit, and well-known security journalist Brian Krebs.
- The three men created the malicious software to profit from the popular game Minecraft, according to Wired.
- They hoped the DDoS attacks would take out rival Minecraft servers, and boost their own DDoS mitigation business.
Three US hackers have pleaded guilty to creating the Mirai botnet, which took out some of the internet’s biggest sites last year including Reddit, Spotify, and Twitter through distributed denial of service (DDoS) attacks.
According to a Wired investigation, the college-age Paras Jha, Josiah White, and Dalton Norman originally created the botnet to gain an advantage on Minecraft. But once they realised the botnet’s power, they went bigger.
“Mirai was originally developed to help them corner the Minecraft market, but then they realized what a powerful tool they built,” one FBI investigator told the publication. “Then it just became a challenge for them to make it as large as possible.”
Hosting and protecting Minecraft servers is competitive and big money
While Mirai eventually took down critical parts of the internet, alarming engineers tasked with keeping the infrastructure running smoothly, it had humbler beginnings.
The game Minecraft is massively popular, with 55 million players a month. Users construct blocky 3D worlds by “mining” blocks. The entire effect is cartoonish, and the game is popular with kids.
Those who want to play multiplayer must sign up to a Minecraft server, which can often have tens of thousands of users who pay money to rent “space” or buy tools. According to Wired, the FBI investigators found that people were making big money by hosting Minecraft servers. “These people at the peak of summer were making $100,000 a month,” one investigator said.
Microsoft
That, in turn, has resulted in rival Minecraft server hosts trying to one-up each other with DDoS attacks. Indeed, the arms race in DDoS attacks is directly linked to Minecraft, an agent said. The goal of DDoS in Minecraft is to try and frustrate users on a rival server with slow service — so that they end up switching to yours.
Mirai’s creators wanted both to knock out rival servers, but also potentially make money by offering protection against DDoS attacks. The trio had set up their own DDoS mitigation company and used Mirai to take out a competitor, French web hosting firm OVH. OVH offers Minecraft DDoS mitigation services and, in September 2016, it suffered a crushing DDoS attack unlike anything it had seen before.
“This was a calculated business decision to shut down a competitor,” one of the investigators said.
Eventually, Mirai’s creators decided to publish its source code online, to try and throw any investigators off the trail. That opened up the tool for wider use, and variants of Mirai — apparently not created by the three original hackers — took out performance management company Dyn. That meant outages for Dyn customers including Reddit, Github, and Twitter, and gave Mirai greater attention. According to Wired, an FBI investigation into Dyn is still ongoing.
The three left enough fingerprints for both the FBI and security journalist Brian Krebs, victim of a Mirai attack, to track them down.
Minecraft was the reason the Mirai botnet was created
“These kids are super smart, but they didn’t do anything high level—they just had a good idea. It’s the most successful IoT botnet we’ve ever seen—and a sign that computer crime isn’t just about desktops anymore.”
– FBI supervisory special agent Bill Walton on the creators of the Mirai botnet.
Wired recently published a piece interviewing several people who were involved in analyzing and investigating the biggest cyber security breach of 2016, caused by three college-aged individuals who were looking to gain an advantage in Minecraft by creating the Mirai botnet malware.
FBI supervisory special agent Bill Walton describes how the trio didn’t intend to create this sort of chaos. “Mirai was originally developed to help them corner the Minecraft market, but then they realized what a powerful tool they built,” he explains. “Then it just became a challenge for them to make it as large as possible.”
The creators of Mirai targeted French Internet provider OVH because it offered Minecraft DDoS mitigation tools and certain servers. “Why are these Minecraft servers getting hit so often?” FBI special agent Elliott Peterson remembers asking.
The piece also dives into how investigators tracked down the main culprit behind Mirai, as well as highlighting other servers and companies the malware infected during its reign.
How a Dorm Room Minecraft Scam Brought Down the Internet
It was a hard story to miss last year: In France last September, the telecom provider OVH was hit by a distributed denial-of-service (DDoS) attack a hundred times larger than most of its kind. Then, on a Friday afternoon in October 2016, the internet slowed or stopped for nearly the entire eastern United States, as the tech company Dyn, a key part of the internet’s backbone, came under a crippling assault.
As the 2016 US presidential election drew near, fears began to mount that the so-called Mirai botnet might be the work of a nation-state practicing for an attack that would cripple the country as voters went to the polls. The truth, as made clear in that Alaskan courtroom Friday—and unsealed by the Justice Department on Wednesday—was even stranger: The brains behind Mirai were a 21-year-old Rutgers college student from suburban New Jersey and his two college-age friends from outside Pittsburgh and New Orleans. All three—Paras Jha, Josiah White, and Dalton Norman, respectively—admitted their role in creating and launching Mirai into the world.
Originally, prosecutors say, the defendants hadn’t intended to bring down the internet—they had been trying to gain an advantage in the computer game Minecraft.
“They didn’t realize the power they were unleashing,” says FBI supervisory special agent Bill Walton. “This was the Manhattan Project.”
Unraveling the whodunit of one of the internet’s biggest security scares of 2016 led the FBI through a strange journey into the underground DDoS market, the modern incarnation of an old neighborhood mafia-protection racket, where the very guys offering to help today might actually be the ones who attacked you yesterday.
Then, once the FBI unraveled the case, they discovered that the perpetrators had already moved onto a new scheme—inventing a business model for online crime no one had ever seen before, and pointing to a new, looming botnet threat on the horizon.
‘They didn’t realize the power they were unleashing.’
Bill Walton, FBI
VDOS was an advanced botnet: a network of malware-infected, zombie devices that its masters could commandeer to execute DDoS attacks at will. And the teens were using it to run a lucrative version of a then-common scheme in the online gaming world—a so-called booter service, geared toward helping individual gamers attack an opponent while fighting head-to-head, knocking them offline to defeat them. Its tens of thousands of customers could pay small amounts, like $5 to $50, to rent small-scale denial-of-service attacks via an easy-to-use web interface.
Yet as that case proceeded, the investigators and the small community of security engineers who protect against denial-of-service attacks began to hear rumblings about a new botnet, one that eventually made vDOS seem small.
As Peterson and industry colleagues at companies like Cloudflare, Akamai, Flashpoint, Google, and Palo Alto Networks began to study the new malware, they realized they were looking at something entirely different from what they’d battled in the past. Whereas the vDOS botnet they’d been chasing was a variant of an older IoT zombie army—a 2014 botnet known as Qbot—this new botnet appeared to have been written from the ground up.
And it was good.
“From the initial attacks, we realized this was something very different from your normal DDoS,” says Doug Klein, Peterson’s partner on the case.
The new malware scanned the internet for dozens of different IoT devices that still used the manufacturers’ default security setting. Since most users rarely change default usernames or passwords, it quickly grew into a powerful assembly of weaponized electronics, almost all of which had been hijacked without their owners’ knowledge.
“The security industry was really not aware of this threat until about mid-September. Everyone was playing catch-up,” Peterson says. “It’s really powerful—they figured out how to stitch together multiple exploits with multiple processors. They crossed the artificial threshold of 100,000 bots that others had really struggled with.”
It didn’t take long for the incident to go from vague rumblings to global red alert.
Mirai shocked the internet—and its own creators, according to the FBI—with its power as it grew. Researchers later determined that it infected nearly 65,000 devices in its first 20 hours, doubling in size every 76 minutes, and ultimately built a sustained strength of between 200,000 and 300,000 infections.
“These kids are super smart, but they didn’t do anything high level—they just had a good idea,” the FBI’s Walton says. “It’s the most successful IoT botnet we’ve ever seen—and a sign that computer crime isn’t just about desktops anymore.”
Targeting cheap electronics with poor security, Mirai amassed much of its strength by infecting devices in Southeast Asia and South America; the four main countries with Mirai infections were Brazil, Colombia, Vietnam, and China, according to researchers. As a team of security professionals later concluded, dryly, “Some of the world’s top manufacturers of consumer electronics lacked sufficient security practices to mitigate threats like Mirai.”
At its peak, the self-replicating computer worm had enslaved some 600,000 devices around the world—which, combined with today’s high-speed broadband connections, allowed it to harness an unprecedented flood of network-clogging traffic against target websites. It proved particularly tough for companies to fight against and remediate, too, as the botnet used a variety of different nefarious traffic to overwhelm its target, attacking both servers and applications that ran on the servers, as well as even older techniques almost forgotten in modern DDoS attacks.
No one had any idea yet who its creators were, or what they were trying to accomplish.
On September 19, 2016, the botnet was used to launch crushing DDoS attacks against French hosting provider OVH. Like any large hosting company, OVH regularly saw small-scale DDoS attacks—it noted later that it normally faces 1,200 a day—but the Mirai attack was unlike anything anyone on the internet had ever seen, the first thermonuclear bomb of the DDoS world, topping out at 1.1 terabits per second as more than 145,000 infected devices bombarded OVH with unwanted traffic. The company’s CTO tweeted about the attacks afterward to warn others of the looming threat.
Until then, a large DDoS attack was often considered to be 10 to 20 gigibits per second; vDOS had been overwhelming targets with attacks in the range of 50 Gbps. A follow-on Mirai attack against OVH hit around 901 Gbps.
Mirai was particularly deadly, according to court documents, because it was able to target an entire range of IP addresses—not just one particular server or website—enabling it to crush a company’s entire network.
“Mirai was an insane amount of firepower,” Peterson says. And no one had any idea yet who its creators were, or what they were trying to accomplish.
Normally, companies fight a DDoS attack by filtering incoming web traffic or increasing their bandwidth, but at the scale Mirai operated, nearly all traditional DDoS mitigation techniques collapsed, in part because the tidal wave of nefarious traffic would crash so many sites and servers en route to its main target. “DDOS at a certain scale poses an existential threat to the internet,” Peterson says. “Mirai was the first botnet I’ve seen that hit that existential level.”
Through September, the inventors of Mirai tweaked their code—researchers were later able to assemble 24 iterations of the malware that appeared to be primarily the work of the three main defendants in the case—as the malware grew more sophisticated and virulent. They actively battled the hackers behind vDOS, fighting for control of IoT devices, and instituting kill procedures to wipe competing infections off compromised devices—natural selection playing out at internet speed. According to court documents, they also filed fraudulent abuse complaints with internet hosts associated with vDOS.
“They were trying to outmuscle each other. Mirai outperforms all of them,” Peterson says. “This crime was evolving through competition.”
Whoever was behind Mirai even bragged about it on hacker bulletin boards; someone using the moniker Anna-senpai claimed to be the creator, and someone named ChickenMelon talked it up as well, hinting that their competitors might be using malware from the NSA.
Days after OVH, Mirai struck again, this time against a high-profile technology target: security reporter Brian Krebs. The botnot blasted Krebs’ website, Krebs on Security, knocking it offline for more than four days with an attack that peaked at 623 Gbps. The assault was so effective—and sustained—that Krebs’ longtime DDoS mitigation service, Akamai, one of the largest bandwidth providers on the internet, announced it was dropping Krebs’ site because it couldn’t bear the cost of defending against such a massive barrage. The Krebs attack, Akamai said, was twice the size of the largest attack it had ever seen before.
Whereas the OVH attack overseas had been an online curiosity, the Krebs attack quickly pushed the Mirai botnet to the FBI’s front burner, especially as it seemed likely that it was retribution for an article Krebs had published just days earlier about another DDoS-mitigation firm that appeared to be engaged in nefarious practices, hijacking web addresses that it believed were being controlled by the vDOS team.
“This is strange development—a journalist being silenced because someone has figured out a tool powerful enough to silence him,” Peterson says. “That was worrisome.”
The IoT attacks began to make big headlines online and off; media reports and security experts speculated that Mirai might have the fingerprints of a looming attack on the internet’s core infrastructure.
“Someone has been probing the defenses of the companies that run critical pieces of the internet. These probes take the form of precisely calibrated attacks designed to determine exactly how well these companies can defend themselves, and what would be required to take them down,” wrote security expert Bruce Schneier in September 2016. “We don’t know who is doing this, but it feels like a large nation-state. China or Russia would be my first guesses.”
Behind the scenes, the FBI and industry researchers raced to unravel Mirai and zero in on its perpetrators. Network companies like Akamai created online honeypots, mimicking hackable devices, to observe how infected “zombie” devices communicated with Mirai’s command-and-control servers. As they began to study the attacks, they noticed that many of the Mirai assaults had appeared to target gaming servers. Peterson recalls asking, “Why are these Minecraft servers getting hit so often?”
The game, a three-dimensional sandbox with no particular goals, allows players to construct entire worlds by “mining” and building with cartoonish pixelated blocks. Its comparatively basic visual appeal—it has more in common with the first-generation videogames of the 1970s and 1980s than it does the polygon-intense lushness of Halo or Assassin’s Creed—belies a depth of imaginative exploration and experimentation that has propelled it to be the second-best-selling videogame ever, behind only Tetris. The game and its virtual worlds were acquired by Microsoft in 2014 as part of a deal worth nearly $2.5 billion, and it has spawned numerous fan sites, explanatory wikis, and YouTube tutorials—even a real-life collection of Minecraft-themed Lego bricks.
‘They were trying to outmuscle each other. Mirai outperforms all of them.’
Elliott Peterson, FBI
It has also become a lucrative platform for Minecraft entrepreneurs: Inside the game, individual hosted-servers allow users to link together in multiplayer mode, and as the game has grown, hosting those servers has turned into big business—players pay real money both to rent “space” in Minecraft as well as purchase in-game tools. Unlike many massive multiplayer games where every player experiences the game similarly, these individual servers are integral to the Minecraft experience, as each host can set different rules and install different plug-ins to subtly shape and personalize the user experience; a particular server, for instance, might not allow players to destroy one another’s creations.
As Peterson and Klein explored the Minecraft economy, interviewing server hosts and reviewing financial records, they came to realize how amazingly financially successful a well-run, popular Minecraft server could be. “I went into my boss’s office and said, ‘Am I crazy? It looks like people are making a ton of money,’” he recalls. “These people at the peak of summer were making $100,000 a month.”
The huge income from successful servers had also spawned a mini cottage industry of launching DDoS attacks on competitors’ servers, in an attempt to woo away players frustrated at a slow connection. (There are even YouTube tutorials specifically aimed at teaching Minecraft DDoS, and free DDoS tools available at Github.) Similarly, Minecraft DDoS-mitigation services have sprung up as a way to protect a host’s server investment.
The digital arms race in DDoS is inexorably linked to Minecraft, Klein says.
“We see so many attacks on Minecraft. I’d be more surprised sometimes if I didn’t see a Minecraft connection in a DDoS case,” he says. “You look at the servers—those guys are making huge money, so it’s in my benefit to knock your server offline and steal your customers. The vast majority of these Minecraft servers are being run by kids—you don’t necessarily have the astute business judgment in the quote-unquote ‘executives’ running these servers.”
As it turned out, French internet host OVH was well-known for offering a service called VAC, one of the industry’s top Minecraft DDoS-mitigation tools. The Mirai authors attacked it not as part of some grand nation-state plot but rather to undermine the protection it offered key Minecraft servers. “For a while, OVH was too much, but then they figured out how to even beat OVH,” Peterson says.
This was something new. Whereas gamers had become familiar with one-off DDoS attacks by booter services, the idea of DDoS as a business model for server hosts was startling. “This was a calculated business decision to shut down a competitor,” Peterson says.
“They just got greedy—they thought, ‘If we can knock off our competitors, we can corner the market on both servers and mitigation,’” Walton says.
In fact, according to court documents, the primary driver behind the original creation of Mirai was creating “a weapon capable of initiating powerful denial-of-service attacks against business competitors and others against whom White and his coconspirators held grudges.”
Once investigators knew what to look for, they found Minecraft links all over Mirai: In an less-noticed attack just after the OVH incident, the botnet had targeted ProxyPipe.com, a company in San Francisco that specializes in protecting Minecraft servers from DDoS attacks.
“Mirai was originally developed to help them corner the Minecraft market, but then they realized what a powerful tool they built,” Walton says. “Then it just became a challenge for them to make it as large as possible.”
On September 30, 2016, as public attention piqued following the Krebs attack, the maker of Mirai posted the malware’s source code to the website Hack Forum, in an attempt to deflect possible suspicions if he was caught. The release also included the default credentials for 46 IoT devices central to its growth. (Malware authors will sometimes release their code online to muddy investigators’ trail, ensuring that even if they’re found to possess the source code, authorities can’t necessarily identify them as the original author.)
That release opened the tool for use by a wide audience, as competing DDoS groups adopted it and created their own botnets. All told, over five months from September 2016 through February 2017, variations of Mirai were responsible for upwards of 15,194 DDoS attacks, according to an after-action report published in August.
As the attacks spread, the FBI worked with private-industry researchers to develop tools that allowed them to watch DDoS attacks as they unfolded, and track where the hijacked traffic was being directed—the online equivalent of the Shotspotter system that urban police departments use to detect the location of gunshots and dispatch themselves toward trouble. With the new tools, the FBI and private industry were able to see a looming DDoS attack unfold and help mitigate it in real time. “We really depended on the generosity of the private sector,” Peterson says.
The decision to open source Mirai also led to its most high-profile attack. The FBI says Jha, White, and Dalton were not responsible for last October’s DDoS of the domain name server Dyn, a critical piece of internet infrastructure that helps web browsers translate written addresses, like Wired.com, into specific numbered IP addresses online. (The FBI declined to comment on the Dyn investigation; there have been no arrests publicly reported in that case.)
‘I’d be more surprised sometimes if I didn’t see a Minecraft connection in a DDoS case.’
Doug Klein, FBI
The Dyn attack paralyzed millions of computer users, slowing or stopping internet connections up and down the East Coast and interrupting service across North America and parts of Europe to major sites like Amazon, Netflix, Paypal, and Reddit. Dyn later announced that it might never be able to calculate the full weight of the assault it faced: “There have been some reports of a magnitude in the 1.2 Tbps range; at this time we are unable to verify that claim.”
Justin Paine, the director of trust and safety for Cloudflare, one of the industry’s leading DDoS mitigation companies, says that the Dyn attack by Mirai immediately got the attention of engineers across the internet. “When Mirai really came on the scene, the people who run the internet behind the scenes, we all came together,” he says “We all realized that this isn’t something that just affects my company or my network—this could put the entire internet at risk. Dyn affected the entire internet.”
“The concept of unsecured devices to be repurposed by bad guys to do bad things, that’s always been there,” says Paine, “but the sheer scale of insecure modems, DVRs, and webcams in combination with how horribly insecure they were as device really did a present a different kind of challenge.”
The tech industry began intensively sharing information, both to help mitigate ongoing attacks as well as working to backtrack and to identify infected devices to begin remediation efforts. Network engineers from multiple companies convened an always-running Slack channel to compare notes on Mirai. As Paine says, “It was real-time, we were using Slack, sharing, ‘Hey, I’m on this network seeing this, what are you seeing?’”
The power of the botnet was made even more clear as the fall unfolded and Mirai attacks targeted the African country of Liberia, effectively cutting off the entire country from the internet.
Many of these follow-on attacks also appeared to have a gaming angle: A Brazilian internet service provider saw its Minecraft servers targeted; the Dyn attacks also appeared to target gaming servers, as well as servers hosting Microsoft Xbox Live and Playstation servers and those associated with gaming hosting company called Nuclear Fallout Enterprises. “The attacker was likely targeting gaming infrastructure that incidentally disrupted service to Dyn’s broader customer base,” researchers later declared.
“Dyn got everyone’s attention,” says Peterson, especially as it represented a new evolution—and a new unknown player fiddling with Anna-senpai’s code. “It was the first truly effective post-Mirai variant.”
The Dyn attack catapulted Mirai to the front pages—and brought immense national pressure down on the agents chasing the case. Coming just weeks before the presidential election—one in which US intelligence officials had already warned about attempts by Russia to interfere—the Dyn and Mirai attacks led officials to worry that Mirai could be harnessed to affect voting and media coverage of the election. The FBI team scrambled for a week afterward with private-industry partners to secure critical online infrastructure and ensure that a botnet DDoS couldn’t disrupt Election Day.
The plague unleashed by Mirai’s source code continued to unfold across the internet last winter. In November, the German company Deutsche Telekom saw more than 900,000 routers knocked offline when a bug-filled variant of Mirai accidentally targeted them. (German police eventually arrested a 29-year-old British hacker in that incident.) Yet the various competing Mirai botnets undercut their own effectiveness, as an increasing number of botnets fought over the same number of devices, eventually leading to smaller and smaller—and therefore less effective and troubling—DDoS attacks.
That one of the big internet stories of 2016 would end up in an Anchorage courtroom last Friday—guided by assistant US attorney Adam Alexander to a guilty plea barely a year after the original offense, a remarkably rapid pace for cybercrimes—was a signal moment itself, marking an important maturation in the FBI’s national approach to cybercrimes.
Until recently, nearly all of the FBI’s major cybercrime prosecutions came out of just a handful of offices like Washington, New York, Pittsburgh, and Atlanta. Now, though, an increasing number of offices are gaining the sophistication and understanding to piece together time-consuming and technically complex internet cases.
Peterson is a veteran of the FBI’s most famous cyber team, a pioneering squad in Pittsburgh that has put together groundbreaking cases, like that against five Chinese PLA hackers. On that squad, Peterson—an energetic, hard-charging, college computer science major and Marine Corps adjutant who deployed twice to Iraq before joining the bureau, and now serves on the FBI Alaska SWAT team—helped lead the investigation into the GameOver Zeus botnet that targeted Russian hacker Evgeny Bogachev, who remains at large with a $3 million reward for his capture.
Often, FBI agents end up being pulled away from their core specialties as their career advances; in the years after 9/11, one of the bureau’s few dozen Arabic-speaking agents ended up running a squad investigating white supremacists. But Peterson stayed focused on cyber cases even as he transferred nearly two years ago back to his home state of Alaska, where he joined the FBI’s smallest cyber squad—just four agents, overseen by Walton, a longtime Russian counterintelligence agent, and partnering with Klein, a former UNIX systems administrator.
The tiny team, though, has come to take on an outsized role in the country’s cybersecurity battles, specializing in DDoS attacks and botnets. Earlier this year, the Anchorage squad was instrumental in the take-down of the long-running Kelihos botnet, run by Peter Yuryevich Levashov, aka “Peter of the North,” a hacker arrested in Spain in April.
In part, says Marlin Ritzman, the special-agent-in-charge of the FBI’s Anchorage Field Office, that’s because Alaska’s geography makes denial-of-service attacks particularly personal.
“Alaska’s uniquely positioned with our internet services—a lot of rural communities depend on the internet to reach the outside world,” Ritzman says. “A denial-of-service attack could shut down communications to entire communities up here, it’s not just one business or another. It’s important for us to attack that threat.”
Putting together the Mirai case was slow going for the four-agent Anchorage squad, even while they worked closely with dozens of companies and private sector researchers to piece together a global portrait of an unprecedented threat.
Before they could solve an international case, the FBI squad first—given the decentralized way that federal courts and the Justice Department work—had to prove that Mirai existed in their particular jurisdiction, Alaska.
To establish the grounds for a criminal case, the squad painstakingly located infected IoT devices with IP addresses across Alaska, then issued subpoenas to the state’s main telecom company, GCI, to attach a name and physical location. Agents then criss-crossed the state to interview the owners of the devices and establish that they hadn’t given permission for their IoT purchases to be hijacked by the Mirai malware.
While some infected devices were close by in Anchorage, others were further afield; given Alaska’s remoteness, collecting some devices required plane trips to rural communities. At one rural public utility that also provided internet services, agents found an enthusiastic network engineer who helped track down compromised devices.
‘I’ve run against some really hard guys, and these guys were as good or better than some of the Eastern Europe teams I’ve gone against.’
Elliott Peterson, FBI
After seizing the infected devices and transporting them to the FBI field office—a low-slung building just a few blocks from the water in Alaska’s most populous city—agents, counterintuitively, then had to plug them back in. Since Mirai malware exists only in flash memory, it was deleted every time the device was powered off or restarted. The agents had to wait for the device to be reinfected by Mirai; luckily, the botnet was so infectious and spread so rapidly that it didn’t take long for the devices to be reinfected.
From there, the team worked to trace the botnet’s connections back to the main Mirai control server. Then, armed with court orders, they were able to track down associated email addresses and cell phone numbers used for those accounts, establishing and linking names to the boxes.
“It was a lot of six degrees of Kevin Bacon,” Walton explains. “We just kept stepping down that chain.”
At one point, the case bogged down because the Mirai authors had established in France a so-called popped box, a compromised device that they used as an exit VPN node from the internet, thereby cloaking the actual location and physical computers used by Mirai’s creators.
As it turned out, they’d hijacked a computer that belonged to a French kid interested in Japanese anime. Given that Mirai had, according to a leaked chat, been named after a 2011 anime series, Mirai Nikki, and that the author’s pseudonym was Anna-Senpai, the French boy was an immediate suspect.
“The profile lined up with someone we’d expect to be involved in the development of Mirai,” Walton says; throughout the case, given the OVH connection, the FBI worked closely with French authorities, who were present as some of the search warrants were conducted.
“The actors were very sophisticated in their online security,” Peterson says. “I’ve run against some really hard guys, and these guys were as good or better than some of the Eastern Europe teams I’ve gone against.”
Adding to the complexity, DDoS itself is a notoriously difficult crime to prove—even simply proving the crime ever happened can be extraordinarily challenging after the fact. “DDoS can happen in a vacuum, unless a company captures logs in the right way,” Peterson says. Klein, a former UNIX administrator who grew up playing with Linux, spent weeks piecing together evidence and reassembling data to show how the DDoS attacks unfolded.
On the compromised devices, they had to carefully reconstruct the network traffic data, and study how the Mirai code launched so-called “packets” against its targets—a little-understood forensic process, known as analyzing PCAP (packet capture) data. Think of it as the digital equivalent of testing for fingerprints or gunshot residue. “It was the most complex DDoS software I’ve run across,” Klein says.
The FBI zeroed in on the suspects by the end of the year: Photos of the three hung for months on the wall in the Anchorage field office, where agents dubbed them the “Cub Scout Pack,” a nod to their youthfulness. (Another older female suspect in an unrelated case, whose photo also hung on the board, was nicknamed the “Den Mother.”)
Security journalist Brian Krebs, an early Mirai victim, publicly fingered Jha and White in January 2017. Jha’s family initially denied his involvement, but on Friday he, White, and Norman all pleaded guilty to conspiracy to violate the Computer Fraud and Abuse Act, the government’s main criminal charge for cybercrime. The pleas were unsealed Wednesday, and announced by the Justice Department’s computer crimes unit in Washington, DC.
Jha was also accused of—and pleaded guilty to—a bizarre set of DDoS attacks that had disrupted the computer networks on the Rutgers campus for two years. Beginning in the first year Jha was a student there, Rutgers began to suffer from what would ultimately be a dozen DDoS attacks that disrupted networks, all timed to midterms. At the time, an unnamed individual online pushed the university to purchase better DDoS mitigation services—which, as it turns out, was exactly the business Jha himself was trying to build.
In a Trenton courtroom Wednesday, Jha—wearing a conservative suit and the dark-rimmed glasses familiar from his old LinkedIn portrait—told the court that he aimed attacks against at his own campus when they would be most disruptive—specifically during midterms, finals, and when students were trying to register for class.
“In fact, you timed your attacks because you wanted to overload the central authentication server when it would be the most devastating to Rutgers, right?” the federal prosecutor queried.
“Yes,” Jha said.
Indeed, that the three computer savants ended up building a better DDoS mousetrap isn’t necessarily surprising; it was an area of intense intellectual interest for them. According to their online profiles, Jha and White had actually been working together to build a DDoS-mitigation firm; the month before Mirai appeared, Jha’s email signature described him as “President, ProTraf Solutions, LLC, Enterprise DDoS Mitigation.”
As part of building Mirai, each member of the group had his own role, according to the court documents. Jha wrote much of the original code and served as the main online point of contact on hacking forums, using the Anna-senpai moniker.
White, who used the online monikers Lightspeed and thegenius, ran much of the botnet infrastructure, designing the powerful internet scanner that helped identify potential devices to infect. The scanner’s speed and effectiveness was a key driver behind Mirai’s ability to outcompete other botnets like vDOS last fall; at the peak of Mirai, an experiment by The Atlantic found that a fake IoT device the publication created online was compromised within an hour.
According to court documents, Dalton Norman—whose role in the Mirai botnet was unknown until the plea agreements were unsealed—worked to identify the so-called zero-day exploits that made Mirai so powerful. According to court documents, he identified and implemented four such vulnerabilities unknown to device manufacturers as part of Mirai’s operating code, and then, as Mirai grew, he worked to adapt the code to run a vastly more powerful network than they’d ever imagined.
‘We all realized that this isn’t something that just affects my company or my network—this could put the entire internet at risk.’
Justin Paine, Cloudflare
Jha came to his interest in technology early; according to his now deleted LinkedIn page, he described himself as “highly self-motivated” and explained that he began to teach himself programming in seventh grade. His interest in science and technology ranged widely: The following year, he won second prize in the eighth-grade science fair at Park Middle School in Fanwood, New Jersey, for his engineering project studying the impact of earthquakes on bridges. By 2016, he listed himself as proficient in “C#, Java, Golang, C, C++, PHP, x86 ASM, not to mention web ‘browser languages’ such as Javascript and HTML/CSS.” (One early clue for Krebs that Jha was likely involved in Mirai was that the person calling themself Anna-Senpai had listed their skills by saying, “I’m very familiar with programming in a variety of languages, including ASM, C, Go, Java, C#, and PHP.)
This is not the first time that teens and college students have exposed key weaknesses in the internet: The first major computer worm was unleashed in November 1988 by Robert Morris, then a student at Cornell, and the first major intrusion into the Pentagon’s computer networks—a case known as Solar Sunrise—came a decade later, in 1998; it was the work of two California teens in concert with an Israeli contemporary. DDoS itself emerged in 2000, unleashed by a Quebec teen, Michael Calce, who went online by the moniker Mafiaboy. On February 7, 2000, Calce turned a network of zombie computers he’d assembled from university networks against Yahoo, then the web’s largest search engine. By mid-morning it had all but crippled the tech giant, slowing the site to a crawl, and in the days following, Calce targeted other top websites like Amazon, CNN, eBay, and ZDNet.
On a conference call announcing the guilty pleas Wednesday, Justice Department Acting Deputy Assistant Attorney General Richard Downing said that the Mirai case underscored the perils of young computer users who lose their way online—and said that the Justice Department planned to expand its youth outreach efforts.
“I’ve certainly been made to feel very old and unable to keep up,” prosecutor Adam Alexander joked Wednesday.
What really surprised investigators, though, was that once they had Jha, White, and Norman in their sights, they discovered that the creators of Mirai had already found a new use for their powerful botnet: They’d given up DDoS attacks for something lower-profile—but also lucrative.
They were using their botnet to run an elaborate click-fraud scheme—directing about 100,000 compromised IoT devices, mostly home routers and modems, to visit advertising links en masse, making it appear that they were regular computer users. They were making thousands of dollars a month defrauding US and European advertisers, entirely off the radar, with no one the wiser. It was, as far as investigators could tell, a groundbreaking business model for an IoT botnet.
As Peterson says, “Here was a whole new crime that industry was blind to. We all missed it.”
Even as the case in Alaska and New Jersey wraps up—the three defendants will face sentencing later on—the Mirai plague that Jha, White, and Dalton unleashed continues online. “This particular saga is over, but Mirai still lives,” Cloudflare’s Paine says. “There’s a significant ongoing risk that’s continued, as the open source code has been repurposed by new actors. All these new updated versions are still out there.”
Two weeks ago, at the beginning of December, a new IoT botnet appeared online using aspects of Mirai’s code.
Known as Satori, the botnet infected a quarter million devices in its first 12 hours.