How a Dorm Room Minecraft Scam Brought Down the Internet
It was a hard story to miss last year: In France last September, the telecom provider OVH was hit by a distributed denial-of-service (DDoS) attack a hundred times larger than most of its kind. Then, on a Friday afternoon in October 2016, the internet slowed or stopped for nearly the entire eastern United States, as the tech company Dyn, a key part of the internet’s backbone, came under a crippling assault.
As the 2016 US presidential election drew near, fears began to mount that the so-called Mirai botnet might be the work of a nation-state practicing for an attack that would cripple the country as voters went to the polls. The truth, as made clear in that Alaskan courtroom Friday—and unsealed by the Justice Department on Wednesday—was even stranger: The brains behind Mirai were a 21-year-old Rutgers college student from suburban New Jersey and his two college-age friends from outside Pittsburgh and New Orleans. All three—Paras Jha, Josiah White, and Dalton Norman, respectively—admitted their role in creating and launching Mirai into the world.
Originally, prosecutors say, the defendants hadn’t intended to bring down the internet—they had been trying to gain an advantage in the computer game Minecraft.
“They didn’t realize the power they were unleashing,” says FBI supervisory special agent Bill Walton. “This was the Manhattan Project.”
Unraveling the whodunit of one of the internet’s biggest security scares of 2016 led the FBI through a strange journey into the underground DDoS market, the modern incarnation of an old neighborhood mafia-protection racket, where the very guys offering to help today might actually be the ones who attacked you yesterday.
Then, once the FBI unraveled the case, they discovered that the perpetrators had already moved onto a new scheme—inventing a business model for online crime no one had ever seen before, and pointing to a new, looming botnet threat on the horizon.
‘They didn’t realize the power they were unleashing.’
Bill Walton, FBI
VDOS was an advanced botnet: a network of malware-infected, zombie devices that its masters could commandeer to execute DDoS attacks at will. And the teens were using it to run a lucrative version of a then-common scheme in the online gaming world—a so-called booter service, geared toward helping individual gamers attack an opponent while fighting head-to-head, knocking them offline to defeat them. Its tens of thousands of customers could pay small amounts, like $5 to $50, to rent small-scale denial-of-service attacks via an easy-to-use web interface.
Yet as that case proceeded, the investigators and the small community of security engineers who protect against denial-of-service attacks began to hear rumblings about a new botnet, one that eventually made vDOS seem small.
As Peterson and industry colleagues at companies like Cloudflare, Akamai, Flashpoint, Google, and Palo Alto Networks began to study the new malware, they realized they were looking at something entirely different from what they’d battled in the past. Whereas the vDOS botnet they’d been chasing was a variant of an older IoT zombie army—a 2014 botnet known as Qbot—this new botnet appeared to have been written from the ground up.
And it was good.
“From the initial attacks, we realized this was something very different from your normal DDoS,” says Doug Klein, Peterson’s partner on the case.
The new malware scanned the internet for dozens of different IoT devices that still used the manufacturers’ default security setting. Since most users rarely change default usernames or passwords, it quickly grew into a powerful assembly of weaponized electronics, almost all of which had been hijacked without their owners’ knowledge.
“The security industry was really not aware of this threat until about mid-September. Everyone was playing catch-up,” Peterson says. “It’s really powerful—they figured out how to stitch together multiple exploits with multiple processors. They crossed the artificial threshold of 100,000 bots that others had really struggled with.”
It didn’t take long for the incident to go from vague rumblings to global red alert.
Mirai shocked the internet—and its own creators, according to the FBI—with its power as it grew. Researchers later determined that it infected nearly 65,000 devices in its first 20 hours, doubling in size every 76 minutes, and ultimately built a sustained strength of between 200,000 and 300,000 infections.
“These kids are super smart, but they didn’t do anything high level—they just had a good idea,” the FBI’s Walton says. “It’s the most successful IoT botnet we’ve ever seen—and a sign that computer crime isn’t just about desktops anymore.”
Targeting cheap electronics with poor security, Mirai amassed much of its strength by infecting devices in Southeast Asia and South America; the four main countries with Mirai infections were Brazil, Colombia, Vietnam, and China, according to researchers. As a team of security professionals later concluded, dryly, “Some of the world’s top manufacturers of consumer electronics lacked sufficient security practices to mitigate threats like Mirai.”
At its peak, the self-replicating computer worm had enslaved some 600,000 devices around the world—which, combined with today’s high-speed broadband connections, allowed it to harness an unprecedented flood of network-clogging traffic against target websites. It proved particularly tough for companies to fight against and remediate, too, as the botnet used a variety of different nefarious traffic to overwhelm its target, attacking both servers and applications that ran on the servers, as well as even older techniques almost forgotten in modern DDoS attacks.
No one had any idea yet who its creators were, or what they were trying to accomplish.
On September 19, 2016, the botnet was used to launch crushing DDoS attacks against French hosting provider OVH. Like any large hosting company, OVH regularly saw small-scale DDoS attacks—it noted later that it normally faces 1,200 a day—but the Mirai attack was unlike anything anyone on the internet had ever seen, the first thermonuclear bomb of the DDoS world, topping out at 1.1 terabits per second as more than 145,000 infected devices bombarded OVH with unwanted traffic. The company’s CTO tweeted about the attacks afterward to warn others of the looming threat.
Until then, a large DDoS attack was often considered to be 10 to 20 gigibits per second; vDOS had been overwhelming targets with attacks in the range of 50 Gbps. A follow-on Mirai attack against OVH hit around 901 Gbps.
Mirai was particularly deadly, according to court documents, because it was able to target an entire range of IP addresses—not just one particular server or website—enabling it to crush a company’s entire network.
“Mirai was an insane amount of firepower,” Peterson says. And no one had any idea yet who its creators were, or what they were trying to accomplish.
Normally, companies fight a DDoS attack by filtering incoming web traffic or increasing their bandwidth, but at the scale Mirai operated, nearly all traditional DDoS mitigation techniques collapsed, in part because the tidal wave of nefarious traffic would crash so many sites and servers en route to its main target. “DDOS at a certain scale poses an existential threat to the internet,” Peterson says. “Mirai was the first botnet I’ve seen that hit that existential level.”
Through September, the inventors of Mirai tweaked their code—researchers were later able to assemble 24 iterations of the malware that appeared to be primarily the work of the three main defendants in the case—as the malware grew more sophisticated and virulent. They actively battled the hackers behind vDOS, fighting for control of IoT devices, and instituting kill procedures to wipe competing infections off compromised devices—natural selection playing out at internet speed. According to court documents, they also filed fraudulent abuse complaints with internet hosts associated with vDOS.
“They were trying to outmuscle each other. Mirai outperforms all of them,” Peterson says. “This crime was evolving through competition.”
Whoever was behind Mirai even bragged about it on hacker bulletin boards; someone using the moniker Anna-senpai claimed to be the creator, and someone named ChickenMelon talked it up as well, hinting that their competitors might be using malware from the NSA.
Days after OVH, Mirai struck again, this time against a high-profile technology target: security reporter Brian Krebs. The botnot blasted Krebs’ website, Krebs on Security, knocking it offline for more than four days with an attack that peaked at 623 Gbps. The assault was so effective—and sustained—that Krebs’ longtime DDoS mitigation service, Akamai, one of the largest bandwidth providers on the internet, announced it was dropping Krebs’ site because it couldn’t bear the cost of defending against such a massive barrage. The Krebs attack, Akamai said, was twice the size of the largest attack it had ever seen before.
Whereas the OVH attack overseas had been an online curiosity, the Krebs attack quickly pushed the Mirai botnet to the FBI’s front burner, especially as it seemed likely that it was retribution for an article Krebs had published just days earlier about another DDoS-mitigation firm that appeared to be engaged in nefarious practices, hijacking web addresses that it believed were being controlled by the vDOS team.
“This is strange development—a journalist being silenced because someone has figured out a tool powerful enough to silence him,” Peterson says. “That was worrisome.”
The IoT attacks began to make big headlines online and off; media reports and security experts speculated that Mirai might have the fingerprints of a looming attack on the internet’s core infrastructure.
“Someone has been probing the defenses of the companies that run critical pieces of the internet. These probes take the form of precisely calibrated attacks designed to determine exactly how well these companies can defend themselves, and what would be required to take them down,” wrote security expert Bruce Schneier in September 2016. “We don’t know who is doing this, but it feels like a large nation-state. China or Russia would be my first guesses.”
Behind the scenes, the FBI and industry researchers raced to unravel Mirai and zero in on its perpetrators. Network companies like Akamai created online honeypots, mimicking hackable devices, to observe how infected “zombie” devices communicated with Mirai’s command-and-control servers. As they began to study the attacks, they noticed that many of the Mirai assaults had appeared to target gaming servers. Peterson recalls asking, “Why are these Minecraft servers getting hit so often?”
The game, a three-dimensional sandbox with no particular goals, allows players to construct entire worlds by “mining” and building with cartoonish pixelated blocks. Its comparatively basic visual appeal—it has more in common with the first-generation videogames of the 1970s and 1980s than it does the polygon-intense lushness of Halo or Assassin’s Creed—belies a depth of imaginative exploration and experimentation that has propelled it to be the second-best-selling videogame ever, behind only Tetris. The game and its virtual worlds were acquired by Microsoft in 2014 as part of a deal worth nearly $2.5 billion, and it has spawned numerous fan sites, explanatory wikis, and YouTube tutorials—even a real-life collection of Minecraft-themed Lego bricks.
‘They were trying to outmuscle each other. Mirai outperforms all of them.’
Elliott Peterson, FBI
It has also become a lucrative platform for Minecraft entrepreneurs: Inside the game, individual hosted-servers allow users to link together in multiplayer mode, and as the game has grown, hosting those servers has turned into big business—players pay real money both to rent “space” in Minecraft as well as purchase in-game tools. Unlike many massive multiplayer games where every player experiences the game similarly, these individual servers are integral to the Minecraft experience, as each host can set different rules and install different plug-ins to subtly shape and personalize the user experience; a particular server, for instance, might not allow players to destroy one another’s creations.
As Peterson and Klein explored the Minecraft economy, interviewing server hosts and reviewing financial records, they came to realize how amazingly financially successful a well-run, popular Minecraft server could be. “I went into my boss’s office and said, ‘Am I crazy? It looks like people are making a ton of money,’” he recalls. “These people at the peak of summer were making $100,000 a month.”
The huge income from successful servers had also spawned a mini cottage industry of launching DDoS attacks on competitors’ servers, in an attempt to woo away players frustrated at a slow connection. (There are even YouTube tutorials specifically aimed at teaching Minecraft DDoS, and free DDoS tools available at Github.) Similarly, Minecraft DDoS-mitigation services have sprung up as a way to protect a host’s server investment.
The digital arms race in DDoS is inexorably linked to Minecraft, Klein says.
“We see so many attacks on Minecraft. I’d be more surprised sometimes if I didn’t see a Minecraft connection in a DDoS case,” he says. “You look at the servers—those guys are making huge money, so it’s in my benefit to knock your server offline and steal your customers. The vast majority of these Minecraft servers are being run by kids—you don’t necessarily have the astute business judgment in the quote-unquote ‘executives’ running these servers.”
As it turned out, French internet host OVH was well-known for offering a service called VAC, one of the industry’s top Minecraft DDoS-mitigation tools. The Mirai authors attacked it not as part of some grand nation-state plot but rather to undermine the protection it offered key Minecraft servers. “For a while, OVH was too much, but then they figured out how to even beat OVH,” Peterson says.
This was something new. Whereas gamers had become familiar with one-off DDoS attacks by booter services, the idea of DDoS as a business model for server hosts was startling. “This was a calculated business decision to shut down a competitor,” Peterson says.
“They just got greedy—they thought, ‘If we can knock off our competitors, we can corner the market on both servers and mitigation,’” Walton says.
In fact, according to court documents, the primary driver behind the original creation of Mirai was creating “a weapon capable of initiating powerful denial-of-service attacks against business competitors and others against whom White and his coconspirators held grudges.”
Once investigators knew what to look for, they found Minecraft links all over Mirai: In an less-noticed attack just after the OVH incident, the botnet had targeted ProxyPipe.com, a company in San Francisco that specializes in protecting Minecraft servers from DDoS attacks.
“Mirai was originally developed to help them corner the Minecraft market, but then they realized what a powerful tool they built,” Walton says. “Then it just became a challenge for them to make it as large as possible.”
On September 30, 2016, as public attention piqued following the Krebs attack, the maker of Mirai posted the malware’s source code to the website Hack Forum, in an attempt to deflect possible suspicions if he was caught. The release also included the default credentials for 46 IoT devices central to its growth. (Malware authors will sometimes release their code online to muddy investigators’ trail, ensuring that even if they’re found to possess the source code, authorities can’t necessarily identify them as the original author.)
That release opened the tool for use by a wide audience, as competing DDoS groups adopted it and created their own botnets. All told, over five months from September 2016 through February 2017, variations of Mirai were responsible for upwards of 15,194 DDoS attacks, according to an after-action report published in August.
As the attacks spread, the FBI worked with private-industry researchers to develop tools that allowed them to watch DDoS attacks as they unfolded, and track where the hijacked traffic was being directed—the online equivalent of the Shotspotter system that urban police departments use to detect the location of gunshots and dispatch themselves toward trouble. With the new tools, the FBI and private industry were able to see a looming DDoS attack unfold and help mitigate it in real time. “We really depended on the generosity of the private sector,” Peterson says.
The decision to open source Mirai also led to its most high-profile attack. The FBI says Jha, White, and Dalton were not responsible for last October’s DDoS of the domain name server Dyn, a critical piece of internet infrastructure that helps web browsers translate written addresses, like Wired.com, into specific numbered IP addresses online. (The FBI declined to comment on the Dyn investigation; there have been no arrests publicly reported in that case.)
‘I’d be more surprised sometimes if I didn’t see a Minecraft connection in a DDoS case.’
Doug Klein, FBI
The Dyn attack paralyzed millions of computer users, slowing or stopping internet connections up and down the East Coast and interrupting service across North America and parts of Europe to major sites like Amazon, Netflix, Paypal, and Reddit. Dyn later announced that it might never be able to calculate the full weight of the assault it faced: “There have been some reports of a magnitude in the 1.2 Tbps range; at this time we are unable to verify that claim.”
Justin Paine, the director of trust and safety for Cloudflare, one of the industry’s leading DDoS mitigation companies, says that the Dyn attack by Mirai immediately got the attention of engineers across the internet. “When Mirai really came on the scene, the people who run the internet behind the scenes, we all came together,” he says “We all realized that this isn’t something that just affects my company or my network—this could put the entire internet at risk. Dyn affected the entire internet.”
“The concept of unsecured devices to be repurposed by bad guys to do bad things, that’s always been there,” says Paine, “but the sheer scale of insecure modems, DVRs, and webcams in combination with how horribly insecure they were as device really did a present a different kind of challenge.”
The tech industry began intensively sharing information, both to help mitigate ongoing attacks as well as working to backtrack and to identify infected devices to begin remediation efforts. Network engineers from multiple companies convened an always-running Slack channel to compare notes on Mirai. As Paine says, “It was real-time, we were using Slack, sharing, ‘Hey, I’m on this network seeing this, what are you seeing?’”
The power of the botnet was made even more clear as the fall unfolded and Mirai attacks targeted the African country of Liberia, effectively cutting off the entire country from the internet.
Many of these follow-on attacks also appeared to have a gaming angle: A Brazilian internet service provider saw its Minecraft servers targeted; the Dyn attacks also appeared to target gaming servers, as well as servers hosting Microsoft Xbox Live and Playstation servers and those associated with gaming hosting company called Nuclear Fallout Enterprises. “The attacker was likely targeting gaming infrastructure that incidentally disrupted service to Dyn’s broader customer base,” researchers later declared.
“Dyn got everyone’s attention,” says Peterson, especially as it represented a new evolution—and a new unknown player fiddling with Anna-senpai’s code. “It was the first truly effective post-Mirai variant.”
The Dyn attack catapulted Mirai to the front pages—and brought immense national pressure down on the agents chasing the case. Coming just weeks before the presidential election—one in which US intelligence officials had already warned about attempts by Russia to interfere—the Dyn and Mirai attacks led officials to worry that Mirai could be harnessed to affect voting and media coverage of the election. The FBI team scrambled for a week afterward with private-industry partners to secure critical online infrastructure and ensure that a botnet DDoS couldn’t disrupt Election Day.
The plague unleashed by Mirai’s source code continued to unfold across the internet last winter. In November, the German company Deutsche Telekom saw more than 900,000 routers knocked offline when a bug-filled variant of Mirai accidentally targeted them. (German police eventually arrested a 29-year-old British hacker in that incident.) Yet the various competing Mirai botnets undercut their own effectiveness, as an increasing number of botnets fought over the same number of devices, eventually leading to smaller and smaller—and therefore less effective and troubling—DDoS attacks.
That one of the big internet stories of 2016 would end up in an Anchorage courtroom last Friday—guided by assistant US attorney Adam Alexander to a guilty plea barely a year after the original offense, a remarkably rapid pace for cybercrimes—was a signal moment itself, marking an important maturation in the FBI’s national approach to cybercrimes.
Until recently, nearly all of the FBI’s major cybercrime prosecutions came out of just a handful of offices like Washington, New York, Pittsburgh, and Atlanta. Now, though, an increasing number of offices are gaining the sophistication and understanding to piece together time-consuming and technically complex internet cases.
Peterson is a veteran of the FBI’s most famous cyber team, a pioneering squad in Pittsburgh that has put together groundbreaking cases, like that against five Chinese PLA hackers. On that squad, Peterson—an energetic, hard-charging, college computer science major and Marine Corps adjutant who deployed twice to Iraq before joining the bureau, and now serves on the FBI Alaska SWAT team—helped lead the investigation into the GameOver Zeus botnet that targeted Russian hacker Evgeny Bogachev, who remains at large with a $3 million reward for his capture.
Often, FBI agents end up being pulled away from their core specialties as their career advances; in the years after 9/11, one of the bureau’s few dozen Arabic-speaking agents ended up running a squad investigating white supremacists. But Peterson stayed focused on cyber cases even as he transferred nearly two years ago back to his home state of Alaska, where he joined the FBI’s smallest cyber squad—just four agents, overseen by Walton, a longtime Russian counterintelligence agent, and partnering with Klein, a former UNIX systems administrator.
The tiny team, though, has come to take on an outsized role in the country’s cybersecurity battles, specializing in DDoS attacks and botnets. Earlier this year, the Anchorage squad was instrumental in the take-down of the long-running Kelihos botnet, run by Peter Yuryevich Levashov, aka “Peter of the North,” a hacker arrested in Spain in April.
In part, says Marlin Ritzman, the special-agent-in-charge of the FBI’s Anchorage Field Office, that’s because Alaska’s geography makes denial-of-service attacks particularly personal.
“Alaska’s uniquely positioned with our internet services—a lot of rural communities depend on the internet to reach the outside world,” Ritzman says. “A denial-of-service attack could shut down communications to entire communities up here, it’s not just one business or another. It’s important for us to attack that threat.”
Putting together the Mirai case was slow going for the four-agent Anchorage squad, even while they worked closely with dozens of companies and private sector researchers to piece together a global portrait of an unprecedented threat.
Before they could solve an international case, the FBI squad first—given the decentralized way that federal courts and the Justice Department work—had to prove that Mirai existed in their particular jurisdiction, Alaska.
To establish the grounds for a criminal case, the squad painstakingly located infected IoT devices with IP addresses across Alaska, then issued subpoenas to the state’s main telecom company, GCI, to attach a name and physical location. Agents then criss-crossed the state to interview the owners of the devices and establish that they hadn’t given permission for their IoT purchases to be hijacked by the Mirai malware.
While some infected devices were close by in Anchorage, others were further afield; given Alaska’s remoteness, collecting some devices required plane trips to rural communities. At one rural public utility that also provided internet services, agents found an enthusiastic network engineer who helped track down compromised devices.
‘I’ve run against some really hard guys, and these guys were as good or better than some of the Eastern Europe teams I’ve gone against.’
Elliott Peterson, FBI
After seizing the infected devices and transporting them to the FBI field office—a low-slung building just a few blocks from the water in Alaska’s most populous city—agents, counterintuitively, then had to plug them back in. Since Mirai malware exists only in flash memory, it was deleted every time the device was powered off or restarted. The agents had to wait for the device to be reinfected by Mirai; luckily, the botnet was so infectious and spread so rapidly that it didn’t take long for the devices to be reinfected.
From there, the team worked to trace the botnet’s connections back to the main Mirai control server. Then, armed with court orders, they were able to track down associated email addresses and cell phone numbers used for those accounts, establishing and linking names to the boxes.
“It was a lot of six degrees of Kevin Bacon,” Walton explains. “We just kept stepping down that chain.”
At one point, the case bogged down because the Mirai authors had established in France a so-called popped box, a compromised device that they used as an exit VPN node from the internet, thereby cloaking the actual location and physical computers used by Mirai’s creators.
As it turned out, they’d hijacked a computer that belonged to a French kid interested in Japanese anime. Given that Mirai had, according to a leaked chat, been named after a 2011 anime series, Mirai Nikki, and that the author’s pseudonym was Anna-Senpai, the French boy was an immediate suspect.
“The profile lined up with someone we’d expect to be involved in the development of Mirai,” Walton says; throughout the case, given the OVH connection, the FBI worked closely with French authorities, who were present as some of the search warrants were conducted.
“The actors were very sophisticated in their online security,” Peterson says. “I’ve run against some really hard guys, and these guys were as good or better than some of the Eastern Europe teams I’ve gone against.”
Adding to the complexity, DDoS itself is a notoriously difficult crime to prove—even simply proving the crime ever happened can be extraordinarily challenging after the fact. “DDoS can happen in a vacuum, unless a company captures logs in the right way,” Peterson says. Klein, a former UNIX administrator who grew up playing with Linux, spent weeks piecing together evidence and reassembling data to show how the DDoS attacks unfolded.
On the compromised devices, they had to carefully reconstruct the network traffic data, and study how the Mirai code launched so-called “packets” against its targets—a little-understood forensic process, known as analyzing PCAP (packet capture) data. Think of it as the digital equivalent of testing for fingerprints or gunshot residue. “It was the most complex DDoS software I’ve run across,” Klein says.
The FBI zeroed in on the suspects by the end of the year: Photos of the three hung for months on the wall in the Anchorage field office, where agents dubbed them the “Cub Scout Pack,” a nod to their youthfulness. (Another older female suspect in an unrelated case, whose photo also hung on the board, was nicknamed the “Den Mother.”)
Security journalist Brian Krebs, an early Mirai victim, publicly fingered Jha and White in January 2017. Jha’s family initially denied his involvement, but on Friday he, White, and Norman all pleaded guilty to conspiracy to violate the Computer Fraud and Abuse Act, the government’s main criminal charge for cybercrime. The pleas were unsealed Wednesday, and announced by the Justice Department’s computer crimes unit in Washington, DC.
Jha was also accused of—and pleaded guilty to—a bizarre set of DDoS attacks that had disrupted the computer networks on the Rutgers campus for two years. Beginning in the first year Jha was a student there, Rutgers began to suffer from what would ultimately be a dozen DDoS attacks that disrupted networks, all timed to midterms. At the time, an unnamed individual online pushed the university to purchase better DDoS mitigation services—which, as it turns out, was exactly the business Jha himself was trying to build.
In a Trenton courtroom Wednesday, Jha—wearing a conservative suit and the dark-rimmed glasses familiar from his old LinkedIn portrait—told the court that he aimed attacks against at his own campus when they would be most disruptive—specifically during midterms, finals, and when students were trying to register for class.
“In fact, you timed your attacks because you wanted to overload the central authentication server when it would be the most devastating to Rutgers, right?” the federal prosecutor queried.
“Yes,” Jha said.
Indeed, that the three computer savants ended up building a better DDoS mousetrap isn’t necessarily surprising; it was an area of intense intellectual interest for them. According to their online profiles, Jha and White had actually been working together to build a DDoS-mitigation firm; the month before Mirai appeared, Jha’s email signature described him as “President, ProTraf Solutions, LLC, Enterprise DDoS Mitigation.”
As part of building Mirai, each member of the group had his own role, according to the court documents. Jha wrote much of the original code and served as the main online point of contact on hacking forums, using the Anna-senpai moniker.
White, who used the online monikers Lightspeed and thegenius, ran much of the botnet infrastructure, designing the powerful internet scanner that helped identify potential devices to infect. The scanner’s speed and effectiveness was a key driver behind Mirai’s ability to outcompete other botnets like vDOS last fall; at the peak of Mirai, an experiment by The Atlantic found that a fake IoT device the publication created online was compromised within an hour.
According to court documents, Dalton Norman—whose role in the Mirai botnet was unknown until the plea agreements were unsealed—worked to identify the so-called zero-day exploits that made Mirai so powerful. According to court documents, he identified and implemented four such vulnerabilities unknown to device manufacturers as part of Mirai’s operating code, and then, as Mirai grew, he worked to adapt the code to run a vastly more powerful network than they’d ever imagined.
‘We all realized that this isn’t something that just affects my company or my network—this could put the entire internet at risk.’
Justin Paine, Cloudflare
Jha came to his interest in technology early; according to his now deleted LinkedIn page, he described himself as “highly self-motivated” and explained that he began to teach himself programming in seventh grade. His interest in science and technology ranged widely: The following year, he won second prize in the eighth-grade science fair at Park Middle School in Fanwood, New Jersey, for his engineering project studying the impact of earthquakes on bridges. By 2016, he listed himself as proficient in “C#, Java, Golang, C, C++, PHP, x86 ASM, not to mention web ‘browser languages’ such as Javascript and HTML/CSS.” (One early clue for Krebs that Jha was likely involved in Mirai was that the person calling themself Anna-Senpai had listed their skills by saying, “I’m very familiar with programming in a variety of languages, including ASM, C, Go, Java, C#, and PHP.)
This is not the first time that teens and college students have exposed key weaknesses in the internet: The first major computer worm was unleashed in November 1988 by Robert Morris, then a student at Cornell, and the first major intrusion into the Pentagon’s computer networks—a case known as Solar Sunrise—came a decade later, in 1998; it was the work of two California teens in concert with an Israeli contemporary. DDoS itself emerged in 2000, unleashed by a Quebec teen, Michael Calce, who went online by the moniker Mafiaboy. On February 7, 2000, Calce turned a network of zombie computers he’d assembled from university networks against Yahoo, then the web’s largest search engine. By mid-morning it had all but crippled the tech giant, slowing the site to a crawl, and in the days following, Calce targeted other top websites like Amazon, CNN, eBay, and ZDNet.
On a conference call announcing the guilty pleas Wednesday, Justice Department Acting Deputy Assistant Attorney General Richard Downing said that the Mirai case underscored the perils of young computer users who lose their way online—and said that the Justice Department planned to expand its youth outreach efforts.
“I’ve certainly been made to feel very old and unable to keep up,” prosecutor Adam Alexander joked Wednesday.
What really surprised investigators, though, was that once they had Jha, White, and Norman in their sights, they discovered that the creators of Mirai had already found a new use for their powerful botnet: They’d given up DDoS attacks for something lower-profile—but also lucrative.
They were using their botnet to run an elaborate click-fraud scheme—directing about 100,000 compromised IoT devices, mostly home routers and modems, to visit advertising links en masse, making it appear that they were regular computer users. They were making thousands of dollars a month defrauding US and European advertisers, entirely off the radar, with no one the wiser. It was, as far as investigators could tell, a groundbreaking business model for an IoT botnet.
As Peterson says, “Here was a whole new crime that industry was blind to. We all missed it.”
Even as the case in Alaska and New Jersey wraps up—the three defendants will face sentencing later on—the Mirai plague that Jha, White, and Dalton unleashed continues online. “This particular saga is over, but Mirai still lives,” Cloudflare’s Paine says. “There’s a significant ongoing risk that’s continued, as the open source code has been repurposed by new actors. All these new updated versions are still out there.”
Two weeks ago, at the beginning of December, a new IoT botnet appeared online using aspects of Mirai’s code.
Known as Satori, the botnet infected a quarter million devices in its first 12 hours.
These MINECRAFT Low-Res Pixelated Funko POP!s Are Amazing
We often fawn over the intricate design elements of Funko’s vinyl figurines and really can’t fathom the journey one of these collectibles takes from initial drawing to their final home on our shelves. Yet, every so often we’re floored by how awesome some of the simpler designs end up looking. Case in point, these Minecraft Pops!
Funko’s done low-res figures before but there’s something about these Minecraft characters that works so perfectly. Their blocky design transfers perfectly into the tangible third dimension that it’s like they jumped right out of the screen.
As with most Funko lines, they’ve planned a bit of an “exclusive” hunt in order to get your hands on all these beauties. Once they hit stores in February of 2018, a glow version of Creeper can be found at FYE, a Charged Creeper at Gamestop, Walmart will have Steve in Gold Armor and Alex in Enchanted Armor, and you’ll have to head to Target to find the Skeleton with Fire.
A real-life quest for these to adorn our shelves seems perfect for any Minecraft fan and is substantially easier than some of the accomplishments in the game. When players are so dedicated to a game they can create functional clocks, calculators, and accurate recreations of Westerosi locations from Game of Thrones—headed to a few different stores seems like a breeze.
What do you think of these new Pop! figures? Which Minecraft elements would you like to see them produce in the future? Let’s discuss in the comments below!
After Two Years Minecraft Finally Gets A New World Record
Ender Dragon is Minecraft’s final boss, a serpentine collection of dark blocks that launches fireballs at the player. Minecraft speedrunners have long struggled with it, but this week speedrunners finally discovered how to bypass the Dragon altogether. It’s already led to a world record.
Part of what makes the fight against the Ender Dragon time consuming is a series of End Crystals that sit atop pillars and heal the Dragon when it flies near. However, players can also craft their own End Crystals and bring them into the final level to wreak havoc. Originally players were trying to place extra End Crystals in specific places to influence the Dragon’s path during the fight and also deal some extra damage (they can be exploded like land mines).
Recently, experimenting with this strategy yielded an even better discovery. Placing an End Crystal as soon as the player enters the Dragon’s level causes it to glitch and never spawn while still yielding the portal to the end credits that marks the completion of a run.
Placing Crystals after the Dragon has already been defeated summons a new Dragon. If this happens, the game checks to see if the end portal that spawns after the battle is already there, in which case it doesn’t create one. However, timing things right can confuse the game. By placing the crystal before the battle starts, the player is able to trick the game into skipping the fight entirely. “Because we place the crystal before the Dragon fight is fully loaded, it fails to find evidence of another portal, and so it creates one,” explained the MineCraft glitch hunter Matthew Bolan.
A player by the name of Geosquare discovered the glitch by accident while researching a tool-assisted speedrun for the fight. His findings in turn helped one of the game’s most prolific speedrunners, Illumina, to break the world record of 4:07:400, held by Joshgaming4 and which had previously stood for over two years, with a 3:20.9 run.
“It was from mid 2015,” Illumina said in an email. “It was a very daunting time to beat and that’s why it stood for so long.” Illumina thinks the run still has room for improvement.
There’s a lot of randomness in a Minecraft speedrun, and speedrunners try to find the ideal parameters for spawning a new world. In Minecraft these parameters are known as seeds. Players select a seed at the beginning of a run, and they determine what flavor of map will be generated by the game. In Illumina’s case, using the new Ender Dragon glitch meant finding a seed that would give him a world conducive to crafting the necessary End Crystal. In addition to discovering the glitch, Geosquare also helped find the best seed for executing it.
“The seed was found by Geosquare by writing a program using variables that would make the seed optimal,” Illumina said. “He ran the program for about 5 minutes and they spent a couple hours looking through the seeds that came up. There is probably a better seed than the current one as it only took a couple hours to find, but when there are 2^64 seeds, it is not easy to go through all of them.”
Illumina’s world record was specifically in Minecraft’s “seeded” category. There are other categories that prohibit both glitches and seed optimization, but Illumina thinks that misses half the fun. “A benefit from [seeds] is that it keeps the category more interesting as you never know when a new seed would be found,” he said. “Some runners said that we should just stick to one seed to make one route consistent but I disagree in doing that.”
“Every category of this game is too RNG and takes a lot of grinding to get a great run,” said Illumina who’s been running the game since 2011. “But it’s always fun to see if you will get lucky in a run, kind of like gambling. It’s definitely much different of a game to run from any other I’ve seen. Things like the Dragon skip and seed optimization programs help marry the chaos of the game to the practiced skill expert players want to bring to it.”
Xbox One X gets off to a strong sales start in the UK
The Xbox One X has been on shelves for just under a week (well, shelves that aren’t here), and it’s a little difficult to gauge its success without hard sales figures. Microsoft haven’t come out of the gates with glorious tales of how their new console has been selling like hotcakes, and some data in from the UK might make you curious as to why. Because the Xbox One X is selling pretty damn well there. Better than Sony’s PS4 Pro did during its own launch window.
According to GamesIndustry.biz, the Xbox One X has seen over 80,000 sales (adjusted by 20% from raw data) in the United Kingdom alone, which is a pretty significant figure for the singular region. The sales figures eclipse that of the PS4 Pro, which only hit 50,000 in the same time and took a full month to reach 80,000 in total. The lack of exclusives at the launch seem to have been a moot point too, with third-party titles such as Call of Duty: WWII and Assassin’s Creed Origins proving to be solid sales companions with the Xbox One X during the last week.
This bodes well for Microsoft, who have been facing an uphill battle ever since this generation started. Out of the gates the Xbox One was the weaker of the two core consoles, and over the years that battle has changed the rules of combat. Sony and its extensive exclusives library now outweighs many arguments over the Xbox One X’s superior power, but it seems evident that in the UK that’s still a large factor in purchasing decisions.
It’s still early says for the console though, and Microsoft’s toughest days are still ahead. As Sony continues peppering their future with great looking exclusives, Microsoft is hunting for new developers to bring under their wing. A process that might only see fruit in many years to come.
Last Updated: November 13, 2017
Marvel Heroes Omega is officially dead
Marvel Heroes and its Omega upgrade, were a grand effort. When developer Gazillion Entertainment first launched it as a PC-exclusive several years ago, it was a diamond in the rough. It wasn’t perfect by any stretch of the imagination, but it still had a solid foundation that could be used for further enhancements.
Said enhancements were slotted in aplenty, with Marvel Heroes growing with new gameplay additions on a monthly basis at one point. Free to play, offering a taste of everything that it had before it asked for some cash in return, Marvel Heroes was a great game to spend a few idle hours on. Marvel Heroes omega was meant to be the start of a new chapter for the game, one that brought its action to consoles with some handy dandy control schemes that simplified the action.
Instead, it was a swansong as Disney pulled the plug on Gazillion Entertainment and their access to the pantheon of heroes and villains. Originally scheduled for demolition at the end of December, giving players time to say goodbye and experience the game without the need to purchase anything else, Gazillion has instead closed up shop sooner than expected.
All of the staff has been dismissed, and the servers have been switched off, as Gazillion made the closure official:
A damn shame, that’s what it is. The fact that this was done to the staff before they could celebrate the Thanksgiving holiday properly is bad enough, but when you factor in that the crew got zero severance payments as well? If there’s any anger to be directed at Marvel Heroes Omega, it needs to be channelled at the people in charge who were responsible for mismanaging the title and letting their crew of hard-working developers take the brunt of this monumental stuff-up.
Last Updated: November 28, 2017
Gambit movie gets a new working title; could be starting production soon
Gambit, arguably one of the most popular X-Men characters, is one who has still not appeared in an X-Men movie to date. We are of course completely erasing that X-Men Origins: Wolverine movie from our minds. It didn’t happen, I tell you.
So, I guess it’s surprising that it has taken this long for 20th Century Fox to finally start moving forward on the troubled production of this iconic hero’s solo movie, but with Channing Tatum firmly set for the lead role and Gore Verbinski on board to direct the film, it is finally scheduled to get made. It even has a release date for Valentine’s Day, 2019, which will serve as a personal love letter for all of those fans desperate to finally see Gambit come to life.
Such is the despair and frustration around the stop-start nature of the troubled production though that some fans don’t want to get their hopes too high until they actually see pictures of the film actually getting started before they will believe that it will actually get made. And while I do not have such evidence to bring you today, a new report from Omega Underground reveals that casting work on a film titled ‘Forevermore’ is due to start soon for a film to be shot in New Orleans.
Now ‘Forevermore’ might not sound like much, but the article goes on to reveal that it is the new working title for the Gambit film, which was formerly called ‘Chess’ by the studio in previous plans. Those unfamiliar with working titles, it’s usually named that studios use in development to try and keep actual details of films secret – though as you can see, it doesn’t help with today’s modern world where the slightest of changes can be easily picked up by fans and journalists anyway.
Along with the title change, there are also reports of a role being cast for a character called Mariya, which they believe refers to Bella Donna and another casting for a role titled Lewis which is believed to be for the film’s villain. If these rumours are true, we should be hearing some new casting announcements for the film soon.
We still don’t know much about the Gambit film, but at least it looks like production should start soon. With next year bringing a total of three big X-Men movies with New Mutants, Deadpool 2 and X-Men: Dark Phoenix, Gambit will also hopefully bring something different with it to set it itself apart from those films and potentially usher yet another exciting character in the otherwise mostly disappointing X-Men film franchise.
Last Updated: November 21, 2017
Gambit movie gets a new working title; could be starting production soon
It’s time for some father and son bonding in a new God of War trailer
WAR! GOOD GOD Y’ALL! What is it good for? Father and son bonding apparently, as Kratos’ war against the pantheons that ruled mankind ended with plenty of deicide and a quest to find peace. What does a former god of war do in his off-time then? Apparently sire a child, as Kratos is coming back not only with a vengeance but with his son Atreus as well.
In a new chapter for the series that looks far more emotional and narrative-driven than ever before, Kratos has to juggle severed heads and parenthood in a world where mythology is both brutal and fierce. A world where plenty of old gods and beasts still have a bone to pick with the legendary warrior, who now no longer wields the chains of Olympus but rather simpler and more visceral death-dealing tools.
Which you can see Kratos put to good use in this latest trailer for God of War.
Dammit, still no release date.
Last Updated: October 30, 2017
It’s time for some father and son bonding in a new God of War trailer
Disney could close $60 billion deal to buy Fox by next week
When the story first broke a few weeks back that Disney was potentially looking at acquiring a huge chunk of Fox’s film and TV properties, for many fans – who realized this meant that the X-Men and Fantastic Four franchises could now be brought into the Marvel fold – it seemed like a dream. Now that dream seems to be becoming reality. A very, very expensive reality.
Following on from reports that Disney was back at the negotiating table with Fox and had gone radio silent – usually meaning that things were getting serious and they didn’t want details leaking out – it now looks as if the two studios could come to an agreement as early as 15 December. That’s next week. As previously reported, Fox would look to hold onto their lucrative news, sports and broadcast network divisions, while Disney snaps up their film and TV properties which will undoubtedly be used to heavily bolster their own digital streaming platform which is set to launch in 2019.
Along with those film and TV properties, Disney would also acquire Fox’s stake in Hulu (to supplement the portion they already own alongside Comcast), Nat Geo and Sky, the distribution rights still owned by Fox for some of the early Star Wars films, and partial ownership of comic publisher Boom! Studios. Current Fox shareholders would retain a stake in the newly trimmed down studio while acquiring shares in Disney in a fixed exchange ratio.
And according to CNBC – the ones who actually broke this rumour initially – all of this could come at an eye-watering price tag upwards of $60 billion. That’s an incredible amount of money, but consider Disney’s most recent history of massive purchases. They bought Lucasfilm for $4 billion in 2012 and have already made $3 billion of that back off just two Star Wars movies in two years. Similarly, they also acquired Marvel in 2009 for $4 billion, and the Marvel Cinematic Universe alone – ignoring the actual comics publishing side of things or any merchandising – has already earned over $5 billion for them. Forgetting the comic book movie franchises and other properties they would acquire, Fox’s gigantic slate of TV dramas alone would probably help Disney to make a sizeable dent on that $60 billion investment, so this is definitely not bad business.
This is not a done deal though. CNBC reports that its own parent company, Comcast, is also in negotiations with Fox as a potential buyer along with Sony and Verizon Communications. However, it appears that the talks with Disney have moved along the furthest and are the closest to being finalized. This would without a doubt be a massive game-changer in the entertainment business, and some would even say that Disney could be flirting with anti-trust laws with this proposed monopoly. Not that it would dissuade them. Disney has been known to make legislators in Washington look the other way in the past, and with it being rumoured that current Disney CEO Bob Iger is looking to make a run for US President in the near future, it looks like only a matter of time before the House of Mouse actually does rule the world.
Last Updated: December 6, 2017
Watch the spectacular first trailer for Phil Lord and Chris Miller’s animated Spider-Man movie!
Way back in February 2015, Marvel and Sony blew fans’ minds when they revealed that they had struck a surprising co-production deal that would allow Spider-Man (whose film rights were owned by Sony) to appear in the Marvel Cinematic Universe. After the failed reboot of Amazing Spider-Man, fans were overjoyed at the prospect of Spider-Man finally getting done right on the big screen. As amazing as that sounded though, there was a problem: These same fans were all Peter Parkered out. After an original trilogy starring Tobey Maguire then another two film reboot with Andrew Garfield, many were calling for a different Spider-Man to be given his cinematic due. An Ultimate Spider-Man, to be exact.
In the Marvel Comics universe, their Ultimate imprint was an alternate universe that featured younger, more contemporary versions of their classic characters. It also had its own young Peter Parker… “HAD”, as the young hero would eventually die at the hands of his archnemesis Green Goblin, unmasked and in full view of the public. His death though would inspire Miles Morales, a young boy who also had spider-like abilities thanks to the very same experiment that gave Peter his. Donning his own costume, Miles would become the new Spider-Man to fill the gap left behind by Peter Parker.
Created by writer Brian Michael Bendis as a character his mixed-race daughter could identify with, the half black/half Hispanic Miles Morales would become a beacon of representation in the Marvel universe… and also just one really amazing Spider-Man. His popularity would lead to him being one of the few heroes brought into the mainstream Marvel universe when the Ultimate Universe was destroyed in the Secret Wars event, and he’s even landed his very own cartoon TV series on Disney XD. But still, no movie talk as Tom Holland was cast to play Peter Parker again in Captain America: Civil War and Spider-Man: Homecoming.
Luckily though, Marvel had a plan. Coming off mega-successes like The Lego Movie and 21 Jump Street, filmmaking duo Phil Lord and Chris Miller were tapped to write/produce a new feature-length animated film focusing on Miles Morales. Well, him and a whole lot of other Spider-Men as Spider-Man: Into the Spider-Verse was revealed to follow Miles Morales as he somehow discovered of the existence of the many alternate universes in the Marvel universe and all their respective webheads. And thanks to the first trailer for the film dropping at Brazil’s Comic Con Experience (CCXP) over the weekend, we now know that it looks spectacular!
The film features some jaw-dropping visuals and I absolutely love the little touches of the classic comic frames jammed into the action. For now, this film is a completely standalone entity. However, we don’t know which Peter Parker it is that shows up at the end of the trailer, and with the whole multiverse angle I wouldn’t be surprised if Spider-Man: Into the Spider-Verse teased some connection to Tom Holland’s live-action MCU version at some point. Can you imagine how fans would lose their minds if this movie proves popular enough to have Miles make the transition from animated to live-action to show up next Holland’s webslinger and the rest of the Avengers somewhere down the line? We have been told that after the still-untitled Avengers 4 that the MCU was getting shook up in a big way, and the existence of alternate universes would definitely do that.
Spider-Man: Into the Spider-Verse will be directed by Bob Perschietti (Puss in Boots, The Little Prince) and stars the voice talents of Shameik Moore, Liev Schreiber, Mahershala Ali and Brian Tyree Henry. It is scheduled for release on 14 December 2018.
Watch the spectacular first trailer for Phil Lord and Chris Miller’s animated Spider-Man movie!
All the announcements and trailers from the Game Awards 2017
I’m starting to think that the Game Awards might rival the Critical Hits awards, what with the show having access to an amazing online infrastructure, oodles of cash and developers who don’t leave flaming bags of dog crap on their front porch whenever we ask for interview opportunities. Maybe, but not really. Nice try Geoff Keighly, but you have a long way to go before you’re taken as seriously as we are over here in the Critical Hit awards show kitchen where we hand out dodgy Chinese chocolates to the biggest winners of the year.
That being said, this year’s Game Awards was a great show. Plenty of announcements, plenty of trailers and at least one instance of a game developer telling the Oscars to go f*** themselves. Our kind of show! In case you missed the show, worry not. Here’s a list of trailers from the various announcements, in case you weren’t ready to wake up at 3 in the AM to stream the event:
World War Z
Vacation Simulator
Accounting +
From Software’s Shadows Die Twice
In The Valley Of The Gods
The Legend of Zelda: Breath Of The Wild – The Champion’s Ballad
SoulCaliber VI
Fortnite Battle Royale 50 v 50 team mode
Bayonetta 1 and 2 for Nintendo Switch
Bayonetta 3
Death Stranding
Witchfire
Sea of Thieves release date trailer
Dreams
GTFO
Metro: Exodus
PlayerUnknown’s Battlegrounds
So…2018 looks fun, right?
Last Updated: December 8, 2017
All the announcements and trailers from the Game Awards 2017
Media Molecule’s Dreams had plenty to show at the Game Awards
If there’s one game that I’m looking forward to in 2018, it’s a title which doesn’t revel in blood, guts and gore. Rather, it’s a game of creation, fuzzy logic and fleeting glimpses of imagination. Media Molecule’s Dreams is that game, a project whose hefty ambitions have resulted in it spending plenty of time in development.
I’m not exactly surprised. Little Big Planet from Media Molecules was an absolute behemoth when it came to giving fans options to create their own content within the confines of that game, and that was years ago. Time has passed, technology has improved and the software injected into these machines is more malleable than ever.
Dreams is all about creation. It’s about shaping your dreamscape, of using the power of the mind to create new worlds to explore. At the 2017 Game Awards, Media Molecule had a new look at Dreams debut. Check it out below:
That’s a lot more surreal than I was expecting, even more so than the original E3 2016 reveal of Dreams. It looks like Media Molecules is aiming to create a game for everyone, by giving players the tools to create interactive experiences within Dreams that range from Galaxian simulators to good ol’ PLEASE HUG ME DAMMIT games for its main character who craves a decent night’s escape from reality.
I kinda dig that. A PlayStation 4 exclusive, Dreams can be played with a regular controller or the PS Move controllers.
Last Updated: December 8, 2017
Media Molecule’s Dreams had plenty to show at the Game Awards
A new Devil May Cry HD Collection is on its way to PC and console
Guys! GUYS! GUUUUUUUUUUUUUYS! A new Devil May Cry is coming! Glorious day! Fantabulous! Splendifferictacular! I can’t wait to play a new Devil May Cry…
…HD Collection.
DAMMIT I GOT ALL HYPED UP FOR NOTHING. Apologies to all three of my nipples, we’ll have to save the excitement-rubbing for later. Back to the meat of the story then: Devil May Cry, a franchise that redefined action on various consoles, is coming back with a vengeance. Next year March 13 according to VG247, the original trilogy of Demons with tear ducts will hit PC, PS4 and Xbox One.
That means that players will get to play 2001’s Devil May Cry originale and it’s superb super-awesome 2006 demon-slaying sequel Devil May Cry 3, which introduced Dante’s blood brother Vergil and the meme that launched a thousand ships. That also means that players will have a chance to play Devil May Cry 2, a game which usually elicits howls of anguish from fans.
I’ve personally never played the middle game in the first trilogy, although most fans regard it as a middling bastard child that almost killed one of Capcom’s best franchises thanks to its sheer awfulness. Hold my root beer while I get my gimp suit, because I need to experience this pain for myself so that I can understand what y’all have gone through.
It’s not the first time that Devil May Cry popped it original trilogy onto a newer console, as the first HD Collection hit PlayStation 3 and Xbox 360 way back in the dark ages of 2012. A more innocent time, before loot boxes and one wherein the only true problem in in the industry was EA’s propensity to make online portions of its game locked to a console thanks to a special code that came with each new purchase of a hot game.
Ah, the good ol’ days. Anyway, March 13 then for anyone who has an interest in achieving S-rank scores in bludgeoning demonic beasties. That’ll set you back an RRP of $29.99. I’ll update with local pricing as soon as I get it.
Last Updated: December 8, 2017
A new Devil May Cry HD Collection is on its way to PC and console
Xbox One Minecraft players are not happy with the “Better Together” version
Minecraft, the cleverly named blocky game that’s about both mining and crafting is still unfathomably popular. Millions of people play the game regularly, including my own children who’ve made it so that I’ve bought the game half a dozen times on a number of platforms.
That was meant to become moot with the new Minecraft Bedrock Edition, which was supposed to unify the games across platforms. Ditching the series convoluted naming scheme, and known plainly and simply as Minecraft, the new version was supposed to make everything better, allowing people from different platforms to play together. It’s done that, but it’s also split the community on Xbox One.
On that platform, the game is available in two flavours: The original now deprecated Minecraft: Xbox One Edition, and the newer Minecraft based on the Bedrock Edition. Only it seems that people vastly prefer the older version. One of the biggest problems for most is that the new Bedrock version appears to be a straight port of the Windows 10 version of the game, without the console-specific control tweaks that made the game manageable on the Xbox One.
A look at the reviews of the new version of the game on the Xbox One shows that people are very, very unhappy with Minecraft. (via USgamer)
Says one unhappy player:
“The UI is atrocious. Commands have been added, but are limited. Some items aren’t in the creative inventory. The big servers are laggy. You get no starting coins for microtransactions. Sprint flying is much slower. I lost all my skins, textures, and mash-up packs. EXTREMELY buggy. All wooden tools and crafting tables require oak wood. IT’S JUST PE MINECRAFT ON XBOX!!!! IT IS SUPER BUGGY!!! I CAN’T CONNECT WITH FRIENDS!!! Over all, it feels like an unfinished game. Mojang should have just updated the first Xbone edition to have new textures, servers, realms, infinite world size, and microtransactions with earnable or starting coins. Big downgrade in many areas.”
And another:
“I played this version in beta and it was NOT ready for a public release. There are numerous problems that went unaddressed or were flat out ignored. To list a few: -Frame rate is extremely unstable and drops considerably -This version is not optimized for redstone and more complicated devices produce massive amounts of lag. I also want to point out that redstone in general received a HUGE downgrade in this version compared to the previoua console version with the engine seemingly unable to handle lots of redstone activating at once, odd timing bugs, and various other removed features. -The new crafting interface is unoptimized for a controller and cumbersome to move through because you have to go through each square individually. -Movement and block placement are somewhat laggy and nowhere near the standard that the original console version set. Overall, this version is a rushed and massive downgrade from the previous console.”
And another:
“i had a survival world that ive spent atleast 400 hours in, and the transfer changed the terrain and the whole entire world itself and i lost all progress and it wont let me change it back…… and because i transfered it to this new version, i dont have that save anymore and im literaly thinking of just uninstalling this outrages game…..
the game itself is glitchy and has so many bugs that i cant even play the game…… it laggs and has at times delayed my screen….. unlike the xbox one edition that is smooth and not glitchy or laggy”
Reddit is equally awash with threads calling the game as it stands a mess. 4J Studios was responsible for the older versions of games, taking platform strengths and weaknesses into account when tailoring the game to each platform. It appears they are no longer involved in the process, and the Minecraft team is attempting to a one-size-fits-all approach.
At least Xbox players are able to play the older version of the game. The Nintendo Switch version is set to transition to the Bedrock version next year, allowing Switch, Xbox One and PC players to play together – but if it’s in the state it’s currently in, players may not want that update.
Xbox One Minecraft players are not happy with the “Better Together” version
Minecraft receives ’12 Days of Minecraft’ holiday event
Free DLC awaits players who log into Minecraft during an upcoming holiday event. Don’t miss out!
Microsoft has announced that it plans to team up with Minecraft community creators, bringing 12 brand new pieces of holiday-themed DLC to players as a gift for the holidays.
Any Minecraft player that wants to take advantage of this opportunity can do so by logging into Minecraft every 24 hours and heading to the Minecraft Marketplace to download free content. This event begins at midnight on December 21, 2017 and new DLC items will drop every subsequent 24 hours. The event will conclude on the night of January 1, 2018 at 11:59 PM. You’ll need to own the base Minecraft game in order to download the free content.
Though few details were shared on the majority of the DLC items, Microsoft provided a sneak peek for the first drop, which appears to be a special map built for snow sledding. Judging by the images provided in its announcement article, it looks like you’ll be able to race down a winding course against your friends. The author of the article, “Marsh Davies,” hinted that more news would be coming soon about other types of upcoming Marketplace content too.
Are you excited to see what Minecraft will bring its players during the event? Let us know what you think in the comments.
Minecraft is available now on Xbox One and Windows 10 for $19.99.
Did From Software Just Tease Bloodborne 2?
Tonight at the 2017 Game Awards, From Software offered up a very, very brief teaser of its next title. The teaser shows something bloody—an arm that’s also a weapon?—being tightly wound, with the tagline of “Shadows Die Twice”.
Whatever it is, the game is definitely not a new Armored Core. It could be another Souls game, but this brief showing feels like it would fit right at home in the universe of Bloodborne. Maybe we’ll see more at the 2017 PlayStation Experience keynote
Assassin’s Creed Origins’ Update Lets You Ride In Final Fantasy Style
Back in October, Square Enix put on the Assassin’s Festival in Final Fantasy 15, letting players pick up gear and costumes inspired by the Assassin’s Creed series for Noctis and crew. Now it’s time for Ubisoft to offer its side of the crossover.
Ubisoft recently released notes for Assassin’s Creed: Origins‘ December update. The update will add a brand-new quest that looks to offer up a Chocobo-inspired horse for Bayek to ride around Egypt.
The update adds the third of the Trials of the Gods, pitting Bayek against three Egyptian deities. Anubis and Sobek were in November, and the final fight is against Sekhmet, the warrior goddess. Players who missed the first two fights will also get the chance to take them down.
This patch also brings with it a new Nightmare difficulty mode, an enemy level-scaling option for the entire game, and a brand-new, gladiator-based Horde Mode.
“The event quest, Here Comes a New Challenger, will introduce you to Horde mode to satisfy your warrior longings. You can prove yourself in the Cyrene arena against unlimited waves of foes. We recommend Level 32 or higher,” says Ubisoft.
The Gladiator Items Pack comes on December 12 with some gladiator-theme gear for Bayek, while the Wacky Items Pack will fit right in with the game’s bath towel costume.
There is currently no set date for the December update to drop on any platform. Assassin’s Creed: Origins is currently available on PC, Xbox One, and PlayStation 4.
Assassin’s Creed Origins’ Update Lets You Ride In Final Fantasy Style
Minecraft Players Are Choosing The Xbox One Edition Over The Better Together Version
Back in September, Microsoft and Mojang launched the Better Together update for Minecraft on Windows 10, Xbox One, iOS, and Android. This update allowed players on those devices to play together and access the Marketplace on any of those platforms.
The new Better Together versions of Minecraft are known collectively as the Bedrock Edition. The Bedrock games avoid the “___ Edition” naming scheme on their respective platforms, being just “Minecraft” instead of “Minecraft: Pocket Edition” or “Minecraft: Windows 10 Edition”. This is the new foundation and codebase Mojang wants to build upon, hence the name.
In the case of Minecraft on Xbox One, if you purchase the game now on the Xbox Store, it’s the Bedrock Edition, called “Minecraft”. If you had the previous Minecraft: Xbox One Edition, you get the new version for free, but the old one remains installed on your console. This allows players to switch back and forth between both versions and players are finding they prefer the old Xbox One Edition.
If you go to the Microsoft Store page for Minecraft: Xbox One Edition, the game is rated at 4.5 stars out of 5 with 111,000 reviews. In contrast, the new Minecraft entry is rated at 2.5 stars out of 5, with 5,634 reviews as of this writing.
“The Xbox One Edition was designed for Xbox, this version is literally a port from PC. The creative inventory is a disarray and difficult to navigate, placing blocks is much slower as being precise is terribly difficult. The graphics are a disgrace, the game crashes every 30 mins, everything is laggy,” said one review. (Edited for spelling and formatting.)
“The new crafting and inventory menus are quite cumbersome and seem rushed. It now takes easily twice as long to perform trivial tasks like swapping items in these menus in creative mode. The previous setup was much more streamlined and easier to use,” added another review.
“I played this version in beta and it was not ready for a public release. There are numerous problems that went unaddressed or were flat out ignored. To list a few: Frame rate is extremely unstable and drops considerable. This version is not optimized for redstone and more complicated devices produce massive amounts of lag,” said one review from last month.
The previous Minecraft editions were customized for their specific platforms by 4J Studios, who no longer seem to be involved in the new versions. They took into account the technology behind each console or device, and tailored the releases to those platforms.
Players are saying that the Bedrock Edition represents a step back. There are lost features like large biomes, some players dislike the new UI and Creative mode controls, there are reported frame rate issues, lag, and crashes that didn’t occur in previous editions, and some players can’t even convert their worlds over to the new version. One of the top requests on the Minecraft support site is for a console UI for the Bedrock Editions on Xbox One.
Players on Xbox One have gone around the problem by simply playing the old Xbox One Edition, but Mojang isn’t updating that version anymore. If players want new features, they’ll need to upgrade eventually. Currently, the Nintendo Switch version is supposed to join the Better Together party at a later date, but some Switch players are hoping that update can be pushed down the line until the Bedrock codebase has seen some fixes. Hopefully, Mojang and Microsoft keep plugging away at the new unified Minecraft, because players aren’t happy.
Minecraft Players Are Choosing The Xbox One Edition Over The Better Together Version
What computer should I buy to run Minecraft?
Could you provide an update to your previous articles on the system requirements for Minecraft? I would love a recommendation on a laptop for my 10-year-old son. I have a £500 budget, and I would have no problem with a refurbished device. Craig
This is a frequently-asked question, and similar queries have come from Jo (seven-year-old son, £450 budget), Lauren (13-year-old son), Ronda (12-year-old daughter), and Natalie (11-year-old son, £200 to £250 budget). I answered much the same question in December last year (What’s the best cheap laptop for running Minecraft?), in December 2015 (What’s the best laptop for running Minecraft?) and earlier. The principles have not changed, so you may still find them useful. However, the products change, which is why the question keeps coming up.
PC or not?
The main edition of Minecraft is written in Java, so it runs on PCs running Microsoft Windows, Apple’s MacOS, and Linux. Most parents want the same machine to cover schoolwork and other requirements on a budget, so they generally opt for Windows.
There’s also a “pocket” or Bedrock Edition of Minecraft that runs on Windows 10, games consoles, tablets, Gear VR, Apple TV and Amazon’s Fire TV. Many players want the main edition because the Bedrock version does not support “mods” or modding platforms such as Pixelmon.
Mojang is still busy programming the Bedrock Edition to add many of the capabilities of the main version, but without its performance being sandbagged by Java. There are already Add-Ons, Resource Packs and Scenarios to change Minecraft’s appearance and behaviour.
Bedrock is still some way from the Java version. Nonetheless, running Minecraft as a Windows 10 app is one way to run it on a less powerful laptop while still having a machine that’s good for school work. The latest Windows 10 Minecraft is available as a free trial app on the Windows Store, so it’s worth a go. You can always install the full version later.
Running Minecraft
Most serious games can consume as many resources as you can throw at them, and Minecraft is no exception. Unfortunately, Minecraft also has to run the Java “virtual machine” (JVM) that runs the Minecraft code.
Today’s targets, for running Minecraft, are a relatively recent Intel Core i5 or i7 or equivalent processor, 8GB of memory, a 128GB SSD, and a 15.6in Full HD screen with a resolution of 1920 x 1080 pixels. By “relatively recent” I mean a 5th generation Core chip, or later. (We’re currently moving to 8th generation versions.)
In every case, more is better. Extra power will give you better frame rates, longer rendering distances, more textures etc, and the ability to run more mods.
You should still be able to run Minecraft pretty well on a recent Core i3 with 4GB of memory, either a 64GB SSD or a traditional hard drive, and a 1366 x 768 screen, though you may have to dial back some graphical effects.
However, you should still be able to run Minecraft on less powerful machines, if you use the lowest settings and install the Optifine mod to get a usable frame rate. (I assume everybody will install Optifine on whatever they buy.)
In previous years, I’ve looked for laptops with dedicated graphics cards with their own 2GB or more video RAM. Today’s mainstream laptops use the processor’s integrated graphics capabilities and the PC’s main memory instead. This makes it an even better idea to buy a desktop PC than a laptop for running Minecraft and other games.
Desktop towers have plenty of room for fans so they can use hotter processors that run faster than the laptop equivalents, and even cheap chips like the Intel Pentium G4560 become viable. Many desktops also have dedicated graphics cards, and if they don’t, you can probably install one in an empty expansion slot. (Check the upgrade options before you buy.)
Gaming laptops?
Most of the laptops that still have dedicated graphics cards are now described as “gaming laptops”, and they bust your budget. For example, Currys PC World has an HP Pavilion Power 15-bc350sa with a Core i7-7500U processor, 8GB of memory, a 1TB hard drive and an Nvidia GeForce GTX 950M for £679.99. That’s not a pocket money price. HP’s real “gaming laptop” is the Omen, which you can get with a GeForce GTX 1050 for £799.99.
Manufacturers used to sell reasonably affordable laptops with dedicated graphics cards, but those days appear to have gone.
You can hunt around for second-hand gaming laptops, but these are not the stock in trade of professional refurbishing companies. They mostly sell ex-corporate “fleet computers” such as ThinkPads, HP Elitebooks and Dell Latitudes. If you decide to go for a refurbished machine, an Elitebook might be the best bet.
Possible choices
Having eliminated games machines, we’re left with mainstream laptops. The usual suspects include Lenovo’s 110 and 320 models, HP Pavilions, and Asus VivoBooks. Take your pick …
The best specification I can find within a £500 budget is the Lenovo Ideapad 80XL035QUK, which has an i5-7200U, 8GB of memory, a 2TB hard drive and a 1920 x 1080 screen for £499.99.
There are lots of different Ideapad 310, 320 and 320S models around, and many of them have 128GB SSDs. Unfortunately, most of those only have 4GB memories and 1366 x 768 screens. You can increase the memory but they usually have only one memory slot. You have to remove the 4GB and insert an 8GB module (over £80), instead of simply adding 4GB (around £45). Switching to a 16GB module could cost roughly £165.
For someone on a smaller budget, the IdeaPad 310-15ISK is still good value at £329.95 from John Lewis. though you can find other sources by searching for 80SM01MAUK. It has a nippy Core i3-6100U processor, 4GB of memory, a 1TB hard drive and a 1366 x 768-pixel screen. The seventh-generation i3-7100U isn’t really any faster.
Currys PC World has a similar laptop with a slower Core i3-6006U processor for £299.98. This chip has a PassMark benchmark score of 3131, which is close to if not below the minimum required to run full Minecraft well. In fact, it’s better to have a chip that scores over 4000. For comparison, the latest Intel Core i7-8700K scores 16274.
There are a couple of 14in machines that are also worth considering for their 128GB SSDs. The HP Pavilion 14-bp070sa has a Core i5-7200U processor, 4GB of memory and a 1920 x 1080-pixel screen for £449. The Asus VivoBook X405 is a nicer laptop for £20 less, but it only offers a Core i3-7100U.
Low-end systems
Going below £300 involves a huge reduction in processing power, unless you can find a discounted bargain. The options include the slow AMD A6-9220 (PassMark 2368), the slower Intel Pentium N4200 (PassMark 2002), the Intel Celeron N3160 (PassMark 1695) and the Celeron N3060 (PassMark 990).
None of these processors is intended for gaming, or any serious computing.
The real problem is that if you stick to my recommended minimum of 4GB of memory, even low-end computers are not particularly cheap. For example, a 14in HP 14-bp066sa with a Celeron N3060 and 64GB of eMMC storage – which is slower than an SSD – costs £249 at Currys PC World. You are giving up a lot of processor speed and storage space to save £50. It’s really not worth it.
Dropping from an IdeaPad 320-14ISK with an i3-6006U processor (£299.98) to an IdeaPad 320-14IAP with a Pentium N4200 (£279.99) only saves £20.
The result is that I can’t recommend today’s low-end machines for playing the full version of Minecraft, even if – as mentioned above – they can run it at the lowest settings with Optifine. The “pocket” or Bedrock Edition would be a better bet, and even that would run better on a new or second-hand Xbox One.
If you can’t justify spending around £300, you could take a flyer on the Linx 12X64, which is now available for around £200. Eligible parents and students can get it for £179.99 from Microsoft.
The Linx 12X64 is a 12.5in tablet with a detachable keyboard and a slow Intel Atom x5-Z8350 processor (PassMark 1314), so it’s nobody’s idea of a games machine. However, at least it has 4GB of memory and 64GB of storage, so it’s not as cramping as most ultra-cheap machines, which have 2GB and 32GB. It even has a Full HD 1920 x 1080-pixel screen. I found it a decent and reliable machine at its original £299.99, so deducting £100 makes it a bit of a bargain.
Students can learn to code in Minecraft at workshops across Seattle this week
Hour of Code is a grassroots movement founded by national nonprofit Code.org to make coding more accessible.
For the third consecutive year, Minecraft and Microsoft have released a special Hour of Code tutorial in partnership with Code.org. The tutorial, Hero’s Journey, introduces a fun character called the Agent and 12 new challenges that teach core coding concepts like loops, debugging, and functions. So far, nearly 70 million Minecraft Hour of Code sessions have introduced coding concepts to learners in over 100 countries.
This week, museums and schools across Seattle are hosting special Hour of Code events for Computer Science Education Week. The Living Computers Museum + Labs is offering three Minecraft Hour of Code workshops, and Microsoft stores in Seattle, Bellevue and Redmond are hosting Hour of Code events for students and families.
In fact, the World Economic Forum predicts that 65 percent of children who enter primary school today will work in jobs later that don’t even exist yet. There is a growing need for students to build skills that will help them succeed in the 21st century workplace. Coding empowers students to go from simply interacting with technology to building their own creations, including apps and games, and exploring STEM careers.
“We do a lot of different types of programming related to Hour of Code,” says the Living Computer Museum’s Education Coordinator Nina Arens. “In our workshops and field trips we work a lot with Scratch, Command-line workshops, micro:bit and mini-controllers that you can program. Along the way students learn project management, history of computing, intellectual property and think about art and design, in addition to learning the coding, the basic command line, conditionals and loops it takes to build a basic game,” she says. These types of skills can transform the way students think critically, express themselves and solve complex problems – and Hour of Code is a great place to start.
The Minecraft team at Microsoft has partnered with Seattle area schools and educators to create the new Hour of Code tutorial and features in Minecraft: Education Edition. Get started coding for free today at code.org/minecraft.
Students can learn to code in Minecraft at workshops across Seattle this week
Minecraft launches Realms Clubs, a new online meeting place for Realms
The Minecraft team yesterday announced the launch of Realms Clubs, a new online meeting place for members of Realms to share and socialize. With Minecraft Realms Clubs, players can share posts, like videos, photos, and comments, and much more.
Minecraft players can find Realms Clubs now on Minecraft for Xbox One, Mobile, and Windows 10. Clubs will automatically be created for a Realm, and anyone who is invited to a Realm will also be added to the Club. Players can manage Realm Clubs from the Xbox App on PC, mobile, or console, or directly from the Realms menu in Minecraft.
Screenshots can be posted to a Realm Club by pausing the game and hitting the button with the Camera icon next to the feed button. This will add the screenshot to your list of saved screenshots and your Realms Clubs feed. Please keep in mind you can manage your Club and report comments or block players if necessary.
The experience should also be safe for kids, as kids need permission from a parent to adjust their permissions to use Realms. More details on Realms CLubs and all the FAQ’s are available here.
Minecraft launches Realms Clubs, a new online meeting place for Realms