Botnet Takes Over Twitch Install and Partially Installs Gentoo

← Back to Stories (view on slashdot.org)

Botnet Takes Over Twitch Install and Partially Installs Gentoo

Posted by timothy on Sunday November 1, 2015 @04:48PM from the nerd-rage-best-kind-of-rage dept.

WarJolt writes: The plug was pulled on the attempt to crowd-source an Arch Linux install after a botnet threatened to take over the process. Twitch Installs has been rebooted by the twitchintheshell community and Twitch Installs users managed to reinstall Arch only to be thwarted by the botnet. The botnet managed to partially install Gentoo. Users are currently in the process of reinstalling Arch.

52 of 101 comments (clear)

Min score:

Reason:

Sort:

I can't be the only one who saw this coming... by damn_registrars · 2015-11-01 16:52 · Score: 4, Insightful

On Friday I suggested that it was highly likely we would see this:

I expect some people are trying to figure out a way to install another OS on top of (or somehow in place of) Arch Linux.
And I suspect others saw this as coming as well. I will say though, I see gentoo as being somewhat snippy and uninspired for this. I would have been really impressed had they managed to install OS X or Windows through this manner (likely the only time in my life I've said that about the latter).

--
Damn_registrars has no butt-hole. Damn_registrars has no use for a butt-hole.
1. Re:I can't be the only one who saw this coming... by Anonymous Coward · 2015-11-01 17:05 · Score: 1
  
  With "short links" a wget to an obscure tld wouldn't be hard to pull off during off-hours where most people are bored/asleep. This isn't twitch plays pokemon with 10,000s of people participating.
  Combined with the ability to spamflood the API with coordinated attacks and this doesn't seem too surprising. This does make for an interesting variation of "capture the flag" though. :P
  If I was the sysadmin here: I would want to sleep with one eye open!
2. Re:I can't be the only one who saw this coming... by stephanruby · 2015-11-01 17:22 · Score: 4, Funny
  
  I would have been really impressed had they managed to install OS X or Windows through this manner.
  They probably didn't want to be classified as malicious.
3. Re:I can't be the only one who saw this coming... by Anonymous Coward · 2015-11-01 17:40 · Score: 1
  
  The problem is that it was one person with an army of bots doing what they pleased, rather than a collaborative clusterfuck like pokemon was, so nobody was having any fun except the botnet owner.
4. Re:I can't be the only one who saw this coming... by arglebargle_xiv · 2015-11-01 18:03 · Score: 1, Troll
  
  Numerous friends of mine have been a victim of a similar botnet, the massive WindowsUpdate botnet, that installed Windows 10 on their machines when they were perfectly happy with Windows 7. Luckily you can upgrade back to Windows 7, but its still a worrying development. I've heard that as of early next year, the botnet will get even more aggressive in pushing out its malware.
5. Re: I can't be the only one who saw this coming... by jonwil · 2015-11-01 22:07 · Score: 1
  
  Naah, the kiwis would have been too busy partying after their win in some kind of sporting contest (I am a little fuzzy on the details but aparently whatever sport it was is the national game over there and its considered un-kiwi to not follow the relavent national team)
6. Re:I can't be the only one who saw this coming... by Provocateur · 2015-11-01 22:43 · Score: 2, Funny
  
  Luckily you can upgrade back to Windows 7
  You know we're a long long way from Mars when the future of computing technology is summarized like that, right there
  
  --
  WARNING: Smartphones have side effects--most of them undocumented.
7. Re:I can't be the only one who saw this coming... by damn_registrars · 2015-11-02 00:44 · Score: 2
  
  The problem is that it was one person with an army of bots doing what they pleased, rather than a collaborative clusterfuck like pokemon was, so nobody was having any fun except the botnet owner.
  Sure, but as I recall, it was only going to take one keystroke (including space or enter) per 10 minutes. Hence
  
  wget a
  
  would take an hour to enter. I'm surprised they got this far in so little time.
  
  --
  Damn_registrars has no butt-hole. Damn_registrars has no use for a butt-hole.
8. Re:I can't be the only one who saw this coming... by dos1 · 2015-11-02 02:49 · Score: 1
  
  10 seconds, not minutes.
9. Re:I can't be the only one who saw this coming... by damn_registrars · 2015-11-02 04:17 · Score: 1
  
  That did seem really, really, slow; I must have misread something along the way. Indeed the previous entry here says 10 seconds, thank you for the correction.
  
  --
  Damn_registrars has no butt-hole. Damn_registrars has no use for a butt-hole.
10. Re:I can't be the only one who saw this coming... by JustAnotherOldGuy · 2015-11-02 04:29 · Score: 1
  
  On Friday I suggested that it was highly likely we would see this
  
  Yep.
  Personally I'm surprised that rm -r /* hasn't been forced through...a lot fewer keystrokes to succeed with that one.
  
  --
  Just cruising through this digital world at 33 1/3 rpm...
11. Re:I can't be the only one who saw this coming... by KGIII · 2015-11-02 09:04 · Score: 1
  
  What's funny is this is being claimed as a botnet. It wasn't. They're the dumbasses that allow an IRC connection. It just needs a few like-minded individuals and a handful of proxies. Botnet... *sighs* They'll make anything seem worse than it is.
  
  --
  "So long and thanks for all the fish."
12. Re:I can't be the only one who saw this coming... by morgauxo · 2015-11-04 08:55 · Score: 1
  
  Agreed. Installing Gentoo instead of Arch might have just been a TFTFY sort of favor, not a malicious hack.
I'm torn on this. by MAXOMENOS · 2015-11-01 17:08 · Score: 3, Insightful

On the one hand, I'm not fond of black hats. On the other, that's really, really funny.

--
Finding God in a Dog
1. Re:I'm torn on this. by Aighearach · 2015-11-01 17:35 · Score: 4, Interesting
  
  I'm not convinced they are black hats. It is a normal outcome that when a random user tries to install a linux distro, they end up with a different one installed than they had first begun installing. If it is a crowd-sourced effort, who is to say which outcome is more deserving? If there was no intended range of possible outcomes, what exactly was the crowd's involvement supposed to be? If the crowd was supposed to simply replace some of the software, it is hard to call the experiment a success or failure; maybe somebody made a wrong predication about the outcome. I guess the failure was that they pulled the plug without discovering the outcome?
2. Re:I'm torn on this. by quantaman · 2015-11-01 17:47 · Score: 4, Informative
  
  On the one hand, I'm not fond of black hats. On the other, that's really, really funny.
  The summary said it was a botnet, which suggests a lot of hijacked computers (and illegal unethical activity), but unless there's evidence that wasn't mentioned it could just have easily been a bunch of bots running on the person's own laptop.
  
  --
  I stole this Sig
3. Re:I'm torn on this. by Anonymous Coward · 2015-11-01 19:14 · Score: 5, Funny
  
  That's SchrÃdinger Linux.
  It installs both Gentoo and Arch into a superpartition.
4. Re: I'm torn on this. by zidium · 2015-11-02 01:33 · Score: 1
  
  Yeah?? I just wish Slashdot had UTF-8 support so close to 2016!!
  
  --
  Slashdot Valentines Beta Massacre: iT WORKED! The boycotts killed Beta!!
5. Re:I'm torn on this. by KGIII · 2015-11-02 09:10 · Score: 1
  
  This was not some sort of black hat hacking group. Well, not really. Someone kindly pointed out that IRC is allowed. The rest took care of itself. See the prior thread. It was done for lulz, not for black hat type of things. There wasn't even really a botnet, that I know of. Just a few people with big ol' list of proxies and a refresher in IRC scripting.
  
  --
  "So long and thanks for all the fish."
6. Re: I'm torn on this. by lokedhs · 2015-11-02 21:15 · Score: 1
  
  ASCII is 7-bit. It has no code 148. You must be confusing it with ISO 8859-1 which was a popular encoding in western Europe before UTF-8 took over.
7. Re:I'm torn on this. by Aighearach · 2015-11-03 18:14 · Score: 1
  
  Wait, wait, are you telling me you actually thought that random users could tell filenames apart? And get from the start to the end of a set of instructions without having switched in the middle to a completely different set of instructions?
  Yeah, "users are a myth," right?
What language is this written in? by Anonymous Coward · 2015-11-01 17:51 · Score: 1, Insightful

This is painful to read. Are the moderators sleeping?
1. Re:What language is this written in? by blavallee · 2015-11-01 18:05 · Score: 3, Informative
  
  Yeah, it discusses a strange experiment, assuming everyone understands the details.
  
  Basically, it's a democratic attempt to enter commands into the CLI.
  With the end goal of installing the Arch Linux OS.
  
  Because the most popular command entered, wins. The experiment was hijacked by someone using a botnet, resulting in a majority.
  Nothing malicious, most likely a prank. Since the hijack was installing an alternative distro (Gentoo).
  
  If the organizers don't want to see something like this happen again, pehaps they should check out the Electoral College
2. Re:What language is this written in? by ttucker · 2015-11-01 18:18 · Score: 1
  
  But what about how the Slashdot article text has no semantic meaning?
3. Re:What language is this written in? by gl4ss · 2015-11-01 18:36 · Score: 1
  
  was the install broadcasted on twitch? you'd think that users were trying to install arch linux on twitch's servers and some strange botnet showed up or some shit like that
  
  --
  world was created 5 seconds before this post as it is.
4. Re:What language is this written in? by Cederic · 2015-11-01 19:39 · Score: 1
  
  Oh! That makes far more sense.
  I was interpreting it as some fucked up twitch based interactive tutorial on how to install a linux distro on your own PC.
  Tuning in to crowdsource screwing over someone else's PC is equally odd, but seems a perfectly legit target for an IRC bot.
5. Re:What language is this written in? by Hognoxious · 2015-11-01 20:29 · Score: 1
  
  Does it have an unsemantic meaning?
  
  --
  Confucius say, "Find worm in apple - bad. Find half a worm - worse."
6. Re:What language is this written in? by ttucker · 2015-11-01 20:32 · Score: 1
  
  Evidently to whoever wrote that collection of words.
7. Re:What language is this written in? by tehcyder · 2015-11-02 03:23 · Score: 1
  
  But what about how the Slashdot article text has no semantic meaning?
  Slashdot have out-sourced their crowd-funded story-editing to a Chinese botnet.
  In a day or two I'm sure we'll see the improvements in grammar, spelling and general sense.
  
  --
  To have a right to do a thing is not at all the same as to be right in doing it
8. Re:What language is this written in? by ttucker · 2015-11-02 07:03 · Score: 1
  
  Upon further review, it appears that the article text was written by someone that was intimately familiar with some Twitch happening, and wrote something from that perspective. Not really written as news, or with any general appeal in mind at all. Combine that with the blog like ramblings of Bennett, and I seriously wonder why I keep coming here. Kind of a compulsion more than anything.
Where do I find this botnet? by whoever57 · 2015-11-01 18:15 · Score: 5, Funny

I have a partial install of Gentoo that I need to work on. The first clean Gentoo install that I have done for almost a decade.
How can I get this botnet to finish the job?

--
The real "Libtards" are the Libertarians!
For two more "really"s before the "funny" ... by Ungrounded+Lightning · 2015-11-01 18:20 · Score: 1

On the one hand, I'm not fond of black hats. On the other, that's really, really funny.
I'd have added a couple more "really"s if, instead of Gentoo, the bots switched 'em to OpenBSD
If they got it, they probably. needed a high security OS . B-)

--
Bantam Dominique roosters crow a four-note song. Once you've heard it as "Happy BIRTHday" you can't NOT hear it that way
Is it April Fool's already? by bytesex · 2015-11-01 18:55 · Score: 1

'The war of the Linux installers'?

--
Religion is what happens when nature strikes and groupthink goes wrong.
1. Re:Is it April Fool's already? by Anonymous Coward · 2015-11-01 19:21 · Score: 1
  
  AI bot nets arise and the first thing they do is fight over which Linux distribution to use ? Surely they know by now the only winning move is not playing
Could there be anything more useless by Anonymous Coward · 2015-11-01 19:39 · Score: 1

than this concept?
I mean, I can get behind almost anything with no point other than "because it would be cool".
But to attempt to "crowd source" the install of a fucking linux by taking semi-random keystrokes from a chat feed? What's the fucking point? How's that even "cool"?
Heh heh by cfalcon · 2015-11-01 21:22 · Score: 4, Funny

I wonder what plot will next.... emerge?
Sorry.
1. Re:Heh heh by smallfries · 2015-11-02 06:31 · Score: 1
  
  On the contrary your pun seems quite... apt.
  Sorry I'll apt-get my-coat.
  
  --
  Slashdot: where don knuth is an idiot because he cant grasp the awesome power of php
2. Re:Heh heh by MarkRose · 2015-11-02 14:12 · Score: 1
  
  I tried coming up with a follow up pun, but it was no USE.
  
  --
  Be relentless!
It's war by frup · 2015-11-01 21:43 · Score: 2

The war of the machines has begun. It really is the year of the Linux Desktop.
anyone else completely confused by the summary? by advocate_one · 2015-11-01 23:29 · Score: 3, Informative

what the fsck is 'twitch'? Does anyone really care?

--
Donald 'Duck' Dunn: We had a band powerful enough to turn goat piss into gasoline.
1. Re:anyone else completely confused by the summary? by fisted · 2015-11-01 23:58 · Score: 3, Informative
  
  It's basically a shitty stream provider with frequent outages and if you allow enough 3rd party javascripts and trackers, you get A Flash Based Video Player!
  
  --
  CLI paste? paste.pr0.tips!
2. Re:anyone else completely confused by the summary? by DrXym · 2015-11-02 01:51 · Score: 1
  
  Vanity TV basically. It livestreams people playing games.
3. Re:anyone else completely confused by the summary? by Coren22 · 2015-11-02 05:16 · Score: 1
  
  Because people are required to provide proof that they have produced something better before they are allowed to critique something? You are nuts.
  
  --
  APK likes to ask for responses to the same things over and over. Maybe he just likes the responses?
The War of the Distros is heating up... by sabbede · 2015-11-02 00:50 · Score: 1

Start locking up all the supplies you can get your hands on. It's going to be a bad one.
The good news is that there is a linux version of "This War of Mine", a handy guidebook to situations such as this.
GNU's Not UNIX, but it's even more not Android by tepples · 2015-11-02 02:07 · Score: 1

Easier to swallow:
Arch and Gentoo are distributions of GNU/Linux. GNU/Linux systems run the GNU userland on the Linux kernel to reproduce the functionality of the UNIX system. GNU/Linux can be distinguished from other operating environments that use Linux, such as Android or embedded Linux.
Waka waka waka by tepples · 2015-11-02 02:09 · Score: 1

You both will be eaten by Pacman for that pun. *yum yum*
1. Re:Waka waka waka by Dragonslicer · 2015-11-02 03:54 · Score: 1
  
  Someone should compile a list of all of these puns.
Re:install gentoo by CronoCloud · 2015-11-02 02:24 · Score: 1

No really cares much about how RMS has that autistic-spectrum excessive focus on the terminology, when everyone else just wants a snappy and short and easy to pronounce name.
So "Normal" people call it Linux, and they outnumber bearded autistic people who use computers like it was 1971 or something, by a HUGE number.
There's no imminent danger by Progman3K · 2015-11-02 03:54 · Score: 1

It'll take a few weeks to compile, at least

--
I don't know the meaning of the word 'don't' - J
Re:install gentoo by KGIII · 2015-11-02 09:22 · Score: 1

Look, the other option was to get cowsay installed early and then make it moo and do a barrel role. (Or sl - everyone likes trains, right?) What's funny is that people think it was a botnet. *sighs* Drama on top of drama. Screenshots of the IRC commands are up on 4chan every once in a while - still. Post and someone may deliver. Or not... It was for the lulz, not for the hacking. This was discussed in the last thread. This was the absolute certain outcome - they would deny lulz for they are the killers of lulz.
y u no liek lulz?

--
"So long and thanks for all the fish."
Best Gentoo Install Method by neurovish · 2015-11-02 11:22 · Score: 1

So, there's a way to get somebody else to install Gentoo for me? That sounds pretty awesome. I'm going to go and install this "Twitch". I recently went from Gentoo to Arch since my Gentoo was frighteningly out of date and the only way to fix it was a complete reinstall. I figured I would give Arch a shot, but so far I still prefer Gentoo.
Botnet is still at it by mykro76 · 2015-11-02 14:31 · Score: 1

At time of this posting the botnet is still trying to punch through the same Gentoo install that it was doing yesterday.