[186205] in North American Network Operators' Group
Staring Down the Armada Collective
daemon@ATHENA.MIT.EDU (Lyndon Nerenberg)
Thu Dec 3 21:28:08 2015
X-Original-To: nanog@nanog.org
From: Lyndon Nerenberg <lyndon@orthanc.ca>
Date: Thu, 3 Dec 2015 18:28:58 -0800
To: "North American Network Operators' Group" <nanog@nanog.org>
Errors-To: nanog-bounces@nanog.org
--Apple-Mail=_05824279-339D-4DAA-BEF6-5ED648D99D24
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain;
charset=us-ascii
Typically, businesses hide from admitting they've been hit by drive-by =
attacks like Armada is trying to pull off. It has been interesting to =
see the public reaction from the post-Protonmail targets, many of whom =
are being very visible about 1) admitting they have been hit by the =
attacks, and 2) making it very clear the Armada crew can f*** right off =
as far as collecting ransom is concerned. (Also, 3) the amazing support =
from customers who understand why we are working on putting up defences =
instead of just paying, and therefore put up with the inevitable =
downtime as we reconfigure sometimes large chunks of our networks.)
The money asked for was a pittance (around USD$6K) for the attacks I'm =
personally aware of. The targeted were willing to spend far in excess =
of that to deploy the necessary wall of DDoS protection to keep their =
services running. If they didn't have it there, already.
What does that say for the business model of the botnet handlers? They =
can't up their ransom demands, because nobody is paying at the current =
rates. And they can't lower them, for the same reason. And if they =
change their targets to sites than might potentially pay a few hundred =
dollars at best, those sites will just shut down anyway.
Are we perhaps, finally, reaching the cusp where everyone has realized =
that if we all, collectively, tell the rodents to f*** off, they just =
might?
Happy Holidays!
--lyndon
--Apple-Mail=_05824279-339D-4DAA-BEF6-5ED648D99D24
Content-Transfer-Encoding: 7bit
Content-Disposition: attachment;
filename=signature.asc
Content-Type: application/pgp-signature;
name=signature.asc
Content-Description: Message signed with OpenPGP using GPGMail
-----BEGIN PGP SIGNATURE-----
iQIcBAEBCAAGBQJWYPpsAAoJEG8PnXiV/JnUhBUP/21ESJ16tQaNMDkt9vx9zDBw
q4Alpoks3/kvph7rxNSesqLPwIbJwkscN26NF+RJ/u86Zg3h8dxZCqVI6iZhLp6l
Z+trO5mMdhyNnW3AuXSDz/SOlMGg777meZ6AFBK5maPCc9E5Z1fIdqqn63WadNlh
GWf2VoaGBtgYfkDHbPADm5IqIFmtoXzHgwo5o/6++e6h18lg05WiJ4AGg8S8NzTW
2IPjKdQTgYLXD4efyEWDfejQanMVkpUZQT37W5oa318YvbsD1R8a5ZsBOThIzzJQ
p02DskjlBl9C4qhxYEdxZ2zrE84uu1Yz/acZ7ysp6QcP3zwhUOEcMpqMl+K85c36
9A8wLxvcxejA+qxvWdR7rPGmG7vkylD3wg9ABS4RXc49TLm6ISGEEYl4jpL0aGb+
6phpq0CYbrC+i4PAmiUt3aUfqxLPoAGxQhYUZBabJbvJ83aMpG9SPgIez44dIWtb
VjGItyMr1mKVHPKuiXAFYW5N9FkVYebciqpL+bibSUdQV08U5RMKKFY/wEuGKBSh
cJM8XsHzzpyOwAZdNfkI7xE6i2vsORRryfFQh2ePLqk4UY7+HJs3Y842CPHvLa/I
Jl0JRinMlymmo8cPphG02IeEGmWRXtnI3MP5NrLPuEveDfczz8K2VSSBtQrU6O/i
T0CdSQyZwWYGRlSaGXUj
=YPW9
-----END PGP SIGNATURE-----
--Apple-Mail=_05824279-339D-4DAA-BEF6-5ED648D99D24--
