The Minecraft Wars: How a Gamer Almost Shut Down the Internet

On October 21, 2016, the internet had a full-blown digital apocalypse. Major websites like Twitter and Reddit, as well as Netflix, went dark for millions across the US and Europe. Engineers scrambled, wondering whether it was a glitch, a hack, or something worse. The truth, however, was far more astonishing than anything anyone could have imagined, the internet broke because of Minecraft. Due to a feud between gamers, caused by a 20 year old college student in New Jersey named Paras. This isn’t just a story about a video game it’s a tale about the fragile nature of our globalized world and the unexpected sources of modern cyber warfare.

The Lucrative World of Minecraft Servers

On its surface, Minecraft is a blocky, simple kids’ game, but below that lies an nonline universe where players connect to thousands of independently run Minecraft servers to build, compete, and socialize. Running the servers is a lucrative business. Players spend real money on game perks or access to exclusive servers. If a server is well-run, it can earn serious cash; some operators say they make upwards of $100,000 a month from virtual blocks.

This booming underground economy creates a very competitive environment. When a server lags or goes down, frustrated players quickly move to another one and take their money with them. This dog-eat-dog environment encouraged some operators to sabotage the competition by using cyberattacks to take rivals offline and steal players and profits. These attacks often take the form of Distributed Denial of Service, or DDoS, attacks, which overwhelm a target’s network with so much fake traffic that it crashes.

Anna-Senpai and the Rise of Mirai

In 2016, Paras was majoring in computer science and running a small company selling DDoS protection to Minecraft servers. That put him in the middle of the continuous online fire-fights. Taking on the online alias “Anna-Senpai,” Paras and a few online friends decided to take this arms race to a whole different level. His fight wasn’t about server dominance alone; he was after control, affirmation, and maybe even power.

They quietly started building a cyberweapon to dominate the Minecraft server scene. It was a type of malware that crawled across the internet, hijacking hundreds of thousands of internet-connected devices like webcams, routers, and DVRs, turning them into an army of “zombie” gadgets-a botnet-that obeyed a master computer. They called their creation Mirai, Japanese for “future,” a fitting name for a new kind of threat that few foresaw. At its peak, Mirai compromised an estimated 300,000 to 600,000 machines worldwide, each capable of firing garbage data at any target on command.

Mirai’s First Strikes and the Internet Meltdown

That first big test came in September 2016. Instead of going after rival Minecraft servers, Paras and his friends set their sights on major tech infrastructure providers in an effort to demonstrate the firepower of Mirai and take down services protecting their Minecraft enemies. At the end of September, they pointed it at OVH, a French cloud company that was hosting a popular Minecraft server protection service. Mirai swarmed the networks with more than 1 terabit per second of fake traffic-an absolutely staggering volume-and at the time, the largest DDoS attack ever. OVH’s advanced DDoS mitigation system was overwhelmed, and its services buckled.

A few days later, Paras unleashed Mirai on KrebsOnSecurity.com, the website of prominent cybersecurity journalist Brian Krebs, who had recently published exposés on cybercriminal networks. It hit the site with 665 gigabits per second of traffic, instantly knocking it offline. The assault was so big that Krebs’s longtime DDoS protection provider had to drop him, and his site went dark. The message was clear: Mirai was the new beast on the block, and no one was out of reach.

Then…

Just three weeks later, someone fired Mirai again, targeting Dyn, a company that operates critical DNS—basically the internet’s phonebook—servers. The attack came in waves throughout the day, rolling across the US East Coast and then into parts of Europe. More than 100,000 malicious devices blasted Dyn with possibly over 1 terabit per second of data, an even bigger flood than the record-setting OVH attack. Twitter, Netflix, Reddit, Spotify, and many other popular sites became unresponsive.

The attack against Dyn was different—bigger, smarter, and global. It was one of the largest outages in internet history, all caused by a weapon that just weeks earlier had been aimed at petty Minecraft squabbles. Panic and confusion spread, with many fearing this was the start of a cyberwar.

The Hunt for Anna-Senpai

As the FBI and cybersecurity experts from companies like Google and Cloudflare tracked the mysterious botnet, they noticed a connection, many of Mirai’s targets had links to Minecraft. This led investigators into the strange world of Minecraft server wars and DDoS schemes. Meanwhile, Brian Krebs, the cybersecurity journalist, had a name: Paras Jha, a 21-year-old college student and Minecraft player. With intelligence from researchers and Krebs’s findings, authorities closed in. In late 2017, a year after the internet outage, Paras Jha and two co-conspirators pleaded guilty in an Alaskan court to federal charges for creating and operating the Mirai botnet. For the most part, they received relatively lenient punishments, avoiding prison time and serving their sentences on probation and community service due to their cooperating with the FBI on other cybersecurity investigations.

The Enduring Legacy of Mirai

The Mirai case sent shockwaves into the cybersecurity world. It proved that a few tech-savvy kids with bad intentions could disrupt the lives of millions. Mirai became a stark wake-up call, revealing alarming vulnerabilities in our connected world. Millions of ordinary IoT gadgets—security cameras, baby monitors, home routers—had been quietly hijacked by using default passwords and turned into unwilling accomplices in a cyberattack. The strength of our digital world is also its weakness-everything is connected. A petty gamer dispute should not take whole countries offline, but Mirai proved otherwise. Paras did not devise the scheme to break the internet, but once Mirai was out in the open, even he could no longer stop it. The attacks emerged as one of the greatest wake-up calls in the history of cybersecurity, forcing a worldwide reassessment of our priorities related to digital security.