Systems like Dyn handle a lot of requests every day without problems, so it takes a massive effort to overwhelm them. That effort came from the sheer scale of the Mirai network. Mirai was able to pull off its attack – one of the largest in history – because the software wasn’t infecting the usual culprits. Traditionally, botnets have consisted of computers or internet routers, but Mirai had spread through the ‘internet of things’; as well as kitchenware, it had infected devices like smart TVs and baby monitors. These items have a clear advantage when it comes to organising mass cyber-attacks: people turn off their computers at night, but often leave other electronics on. ‘Mirai was an insane amount of firepower,’ one FBI agent later told Wired magazine.[2]
The scale of the Mirai attack showed just how easily artificial infections can spread. Another high-profile example would emerge a few months later, on 12 May 2017, when a piece of software called ‘WannaCry’ started holding thousands of computers to ransom. First it locked users out of their files, then displayed a message telling users they had three days to transfer $300 worth of Bitcoin to an anonymous account. If people refused to pay up, their files would be permanently locked. WannaCry would end up causing widespread disruption. When it hit the computers of the UK National Health Service, it resulted in the cancellation of 19,000 appointments. In a matter of days, over a hundred countries would be affected, leading to over $1bn worth of damage.[3]
Unlike outbreaks of social contagion or biological infections, which may take days or weeks to grow, artificial infections can operate on much faster timescales. Outbreaks of malicious software – or ‘malware’ for short – can spread widely within a matter of hours. In their early stages, the Mirai and WannaCry outbreaks were both doubling in size every 80 minutes. Other malware can spread even faster, with some outbreaks doubling in a matter of seconds.[4] However, computational contagion hasn’t always been so rapid.
The first ever computer virus to spread ‘in the wild’ outside of a laboratory network started as a practical joke. In February 1982, Rich Skrenta wrote a virus that targeted Apple II home computers. A fifteen-year-old high school student in Pennsylvania, Skrenta had designed the virus to be annoying rather than harmful. Infected machines would occasionally display a short poem he’d written.[5]
The virus, which he called ‘Elk Cloner’, spread when people swapped games between computers. According to network scientist Alessandro Vespignani, most early computers weren’t networked, so computer viruses were much like biological infections. ‘They were spreading on floppy disks. It was a matter of contact patterns and social networks.’[6] This transmission process meant that Elk Cloner didn’t get much further than Skrenta’s wider friendship group. Although it reached his cousins in Baltimore and made its way onto the computer of a friend in the US Navy, these longer journeys were rare.
Yet the era of localised, relatively harmless viruses wouldn’t last long. ‘Computer viruses quickly drifted into a completely different world,’ said Vespignani. ‘They were mutating. The transmission routes were different.’ Rather than relying on human interactions, malware adapted to spread directly from machine to machine. As malware became more common, the new threats needed some new terminology. In 1984, computer scientist Fred Cohen came up with the first definition of a computer virus, describing it as a program that replicates by infecting other programs, just as a biological virus needs to infect host cells to reproduce.[7] Continuing the biological analogy, Cohen contrasted viruses with ‘computer worms’, which could multiply and spread without latching onto other programs.
Online worms first came to public attention in 1988 thanks to the ‘Morris worm’, created by Cornell student Robert Morris. Released on 2 November, it spread quickly through ARPANET, an early version of the Internet. Morris claimed that the worm was meant to transmit silently, in an effort to estimate the size of the network. But a small tweak in its code would cause some big problems.
Morris had originally coded the program so that when it reached a new computer, it would start by checking whether the machine was already infected, to avoid installing multiple worms. The problem with this approach is that it made it easy for users to block the worm; they could in essence ‘vaccinate’ their computer against it by mimicking an infection. To get around this issue, Morris had the worm sometimes duplicate itself on a machine that was already infected. But he underestimated the effect this would have. When it was released, the worm spread and replicated far too quickly, causing many machines to crash.[8]
The story goes that the Morris worm eventually infected 6,000 computers, around 10 per cent of the internet at the time. According to Morris’s contemporary Paul Graham, however, this was just a guess, which soon spread. ‘People like numbers,’ he later recalled. ‘And so this one is now replicated all over the Internet, like a little worm of its own.’[9]
Even if the morris outbreak number were true, it would pale in comparison to modern malware. Within a day of the Mirai outbreak starting in August 2016, almost 65,000 devices had been infected. At its peak, the resulting botnet consisted of over half a million machines, before shrinking in size in early 2017.
Yet Mirai did share a similarity with the Morris worm, in that its creators hadn’t expected the outbreak to get so out of hand. Although Mirai would hit headlines when it affected websites like Amazon and Netflix in October 2016, the botnet was initially designed for a more niche reason. When the FBI traced its origins, they discovered it had started with a twenty-one-year-old college student named Paras Jha, his two friends, and the computer game Minecraft.
Minecraft has over fifty million active users globally, who play together in vast online worlds. The game has been hugely profitable for its creator, who bought a $70m mansion after selling Minecraft to Microsoft in 2014.[10]
