Spitballing IoT Security
bzs at TheWorld.com
bzs at TheWorld.com
Sat Oct 29 18:31:05 UTC 2016
On October 29, 2016 at 14:07 esr at thyrsus.com (Eric S. Raymond) wrote:
> bzs at TheWorld.com <bzs at TheWorld.com>:
> >
> > On October 28, 2016 at 22:27 list at satchell.net (Stephen Satchell) wrote:
> > > On 10/28/2016 10:14 PM, bzs at TheWorld.com wrote:
> > > > Thus far the goal just seems to be mayhem.
> > >
> > > Thus far, the goal on the part of the botnet opearators is to make
> > > money. The goal of the CUSTOMERS of the botnet operators? Who knows?
> >
> > You're speaking in general terms, right? We don't know much anything
> > about the perpetrators of these recent Krebs and Dyn attacks such as
> > whether there was any DDoS for hire involved.
>
> We can deduce a lot from what didn't happen.
>
> You don't build or hire a botnet on Mirai's scale with pocket change.
Do we know this or is this just a guess?
The infamous 1988 Morris worm was also thought to be something
similarly sinister for a short while until Bob Morris, Jr et al owned
up to it just being an experiment by a couple of students gone out of
control.
Back around 1986 I accidentally brought down at least half the net by
submitting a new hosts file (for Boston Univ) with an entry that
tickled a bug in the hosts.txt->/etc/hosts code which everyone ran at
midnight (whatever) causing a loop which filled /tmp (this would be
unix hosts but by count they were by far most of the connected
servers) and back then a full /tmp crashed unix and it often didn't
come back up until a human intervened.
Ok I doubt this was an accident, tho its scale could've been an
accident, a prank gone wild.
Anyhow what do we *know*?
That the effect was large doesn't necessarily imply that it required a
lot of resources.
We live in a world rife with asymmetric warfare. A few boxcutters and
3,000+ people dead.
> And the M.O. doesn't fit a criminal organization - no ransom demand,
> no attempt to steal data.
Same question. Would Dyn et al publicize ransom demands at this point?
And even if not how do we rule out a prank or similar?
Is there something specific about this attack which required
significant resources? How significant?
>
> That means the motive was prep for terrorism or cyberwar by a
> state-level actor. Bruce Schneier is right and is only saying what
> everybody else on the InfoSec side I've spoken with is thinking - the
> People's Liberation Army is the top suspect, with the Russian FSB
> operating through proxies in Bulgaria or Romania as a fairly distant
> second.
Well, barring further details one can go anywhere with a few
suppositions.
>
> Me, I think this fits the profile of a PLA probing attack perfectly.
> --
> <a href="http://www.catb.org/~esr/">Eric S. Raymond</a>
--
-Barry Shein
Software Tool & Die | bzs at TheWorld.com | http://www.TheWorld.com
Purveyors to the Trade | Voice: +1 617-STD-WRLD | 800-THE-WRLD
The World: Since 1989 | A Public Information Utility | *oo*
More information about the NANOG
mailing list