On October 29, 2016 at 14:07 e...@thyrsus.com (Eric S. Raymond) wrote: > b...@theworld.com <b...@theworld.com>: > > > > On October 28, 2016 at 22:27 l...@satchell.net (Stephen Satchell) wrote: > > > On 10/28/2016 10:14 PM, b...@theworld.com wrote: > > > > Thus far the goal just seems to be mayhem. > > > > > > Thus far, the goal on the part of the botnet opearators is to make > > > money. The goal of the CUSTOMERS of the botnet operators? Who knows? > > > > You're speaking in general terms, right? We don't know much anything > > about the perpetrators of these recent Krebs and Dyn attacks such as > > whether there was any DDoS for hire involved. > > We can deduce a lot from what didn't happen. > > You don't build or hire a botnet on Mirai's scale with pocket change.
Do we know this or is this just a guess? The infamous 1988 Morris worm was also thought to be something similarly sinister for a short while until Bob Morris, Jr et al owned up to it just being an experiment by a couple of students gone out of control. Back around 1986 I accidentally brought down at least half the net by submitting a new hosts file (for Boston Univ) with an entry that tickled a bug in the hosts.txt->/etc/hosts code which everyone ran at midnight (whatever) causing a loop which filled /tmp (this would be unix hosts but by count they were by far most of the connected servers) and back then a full /tmp crashed unix and it often didn't come back up until a human intervened. Ok I doubt this was an accident, tho its scale could've been an accident, a prank gone wild. Anyhow what do we *know*? That the effect was large doesn't necessarily imply that it required a lot of resources. We live in a world rife with asymmetric warfare. A few boxcutters and 3,000+ people dead. > And the M.O. doesn't fit a criminal organization - no ransom demand, > no attempt to steal data. Same question. Would Dyn et al publicize ransom demands at this point? And even if not how do we rule out a prank or similar? Is there something specific about this attack which required significant resources? How significant? > > That means the motive was prep for terrorism or cyberwar by a > state-level actor. Bruce Schneier is right and is only saying what > everybody else on the InfoSec side I've spoken with is thinking - the > People's Liberation Army is the top suspect, with the Russian FSB > operating through proxies in Bulgaria or Romania as a fairly distant > second. Well, barring further details one can go anywhere with a few suppositions. > > Me, I think this fits the profile of a PLA probing attack perfectly. > -- > <a href="http://www.catb.org/~esr/">Eric S. Raymond</a> -- -Barry Shein Software Tool & Die | b...@theworld.com | http://www.TheWorld.com Purveyors to the Trade | Voice: +1 617-STD-WRLD | 800-THE-WRLD The World: Since 1989 | A Public Information Utility | *oo*