One of the most devastating attacks on the internet in recent years was motivated by the online computer game Minecraft, court documents have revealed.
The cyberattacks in October 2016 knocked dozens of major websites offline, including Netflix, Reddit and Twitter.
Three U.S.-based men—Paras Jha, Dalton Norman and Josiah White—admitted their role in creating and using the Mirai botnet to carry out the attacks, though prosecutors say the defendants had not originally intended to take down large swathes of the internet, only gain an advantage in Minecraft.
The Mirai botnet worked by hijacking vulnerable internet-connected devices, such as webcams, and forming them into a network that could be used to carry out distributed denial of service (DDoS) attacks that overload websites and servers with massive amounts of web traffic.
By overloading internal Minecraft servers, the defendants hoped to lure players to their own servers in order to make money from them.
At its peak, Mirai controlled more than 300,000 hacked devices, while research estimated that up to 185 million devices were vulnerable.
"Working together, Jha and his co-conspirators successfully infected hundreds of thousand of internet-connected computing devices, including computers in Alaska and other states, with malicious software known as Mirai and enlisted these devices into a large botnet," court documents unsealed by the Justice Department on Tuesday state.
Read more: 185 million devices may be vulnerable to hackers
The link between Mirai and Minecraft was first publicly disclosed by security researcher Brian Krebs, whose website was one of the victims of the botnet.
After "hundreds of hours" spent investigating the botnet, Krebs revealed in a blogpost January that Minecraft servers were targeted by an early version of Mirai.
In a new blogpost on Wednesday, Krebs wrote that Mirai's creators ran an anti-DDoS company that was set up to extort money from companies that they targeted with the botnet.
"Like firemen getting paid to put out the fires they started, Jha and White would target organizations with DDoS attacks and then either extort them for money to call off the attacks, or try to sell those companies services they claimed could uniquely help fend off the attacks," Krebs wrote.
Jha and White also admitting to leasing out the Mirai botnet to other cybercriminals, who would use it to either carry out their own attacks or commit something called click fraud, whereby organizations would generate fraudulent advertising revenue.
"In this scheme, victim devices were used to transmit high volumes of requests to view web addresses associated with affiliate advertising content," the court documents state.
"Because the victim activity resembled legitimate views of these websites, the activity generated fraudulent profits through the sites hosting the advertising content, at the expense of the online advertising companies."
The defendants are yet to be sentenced.
