Spitballing IoT Security

Eric S. Raymond esr at thyrsus.com
Sat Oct 29 18:07:30 UTC 2016

bzs at TheWorld.com <bzs at TheWorld.com>:
> On October 28, 2016 at 22:27 list at satchell.net (Stephen Satchell) wrote:
>  > On 10/28/2016 10:14 PM, bzs at TheWorld.com wrote:
>  > > Thus far the goal just seems to be mayhem.
>  > 
>  > Thus far, the goal on the part of the botnet opearators is to make
>  > money.  The goal of the CUSTOMERS of the botnet operators?  Who knows?
> You're speaking in general terms, right? We don't know much anything
> about the perpetrators of these recent Krebs and Dyn attacks such as
> whether there was any DDoS for hire involved.

We can deduce a lot from what didn't happen.

You don't build or hire a botnet on Mirai's scale with pocket change.
And the M.O. doesn't fit a criminal organization - no ransom demand,
no attempt to steal data.

That means the motive was prep for terrorism or cyberwar by a
state-level actor.  Bruce Schneier is right and is only saying what
everybody else on the InfoSec side I've spoken with is thinking - the
People's Liberation Army is the top suspect, with the Russian FSB
operating through proxies in Bulgaria or Romania as a fairly distant

Me, I think this fits the profile of a PLA probing attack perfectly.
		<a href="http://www.catb.org/~esr/">Eric S. Raymond</a>

More information about the NANOG mailing list