Large DDoS, small extortion

Larry Sheldon LarrySheldon at
Sun May 25 00:09:06 UTC 2014

On 5/24/2014 11:29 AM, Anne P. Mitchell, Esq. wrote:
>> Law enforcement and victims have different objectives.  Law
>> enforcement wants to find the criminal, gather sufficient evidence
>> to prove their guilt, then prosecute them.  More attacks helps law
>> enforcement.
>> The victims, in general, want the attacks to stop.
> Actually, our experience in this particular case  (it is the same
> person(s) hitting all of the targets, even using the same email
> addresses, etc.) is that the victims want to find the guy too.  In
> fact, I can say with a fair degree of certainty that the coordinated
> efforts of a dedicated group of "victims", who have come together
> without regards to the fact that they are otherwise 'competitors' in
> business, and who have furnished the agencies with useable technical
> information about the attacks, have given the agencies a substantial
> leg up in the investigation.

All that from a far greater authority than I.

But lest my weak words be misunderstood, I have no objection what ever 
to providing technical information (and facilities, even)--it is ONLY 
the paying of ransom that I object to.  And I think I would say that if 
I were the captive.

I think over the long haul the odds are that if you DO pay the ransom, 
the victim will be dead anyway.

Requiescas in pace o email           Two identifying characteristics
                                         of System Administrators:
Ex turpi causa non oritur actio      Infallibility, and the ability to
                                         learn from their mistakes.
                                           (Adapted from Stephen Pinker)

More information about the NANOG mailing list