[192488] in North American Network Operators' Group
Re: Spitballing IoT Security
daemon@ATHENA.MIT.EDU (Eric S. Raymond)
Sat Oct 29 14:07:35 2016
X-Original-To: nanog@nanog.org
Date: Sat, 29 Oct 2016 14:07:30 -0400
From: "Eric S. Raymond" <esr@thyrsus.com>
To: bzs@TheWorld.com
In-Reply-To: <22548.56340.234379.456600@gargle.gargle.HOWL>
Reply-To: esr@thyrsus.com
Cc: nanog@nanog.org
Errors-To: nanog-bounces@nanog.org
bzs@TheWorld.com <bzs@TheWorld.com>:
>
> On October 28, 2016 at 22:27 list@satchell.net (Stephen Satchell) wrote:
> > On 10/28/2016 10:14 PM, bzs@TheWorld.com wrote:
> > > Thus far the goal just seems to be mayhem.
> >
> > Thus far, the goal on the part of the botnet opearators is to make
> > money. The goal of the CUSTOMERS of the botnet operators? Who knows?
>
> You're speaking in general terms, right? We don't know much anything
> about the perpetrators of these recent Krebs and Dyn attacks such as
> whether there was any DDoS for hire involved.
We can deduce a lot from what didn't happen.
You don't build or hire a botnet on Mirai's scale with pocket change.
And the M.O. doesn't fit a criminal organization - no ransom demand,
no attempt to steal data.
That means the motive was prep for terrorism or cyberwar by a
state-level actor. Bruce Schneier is right and is only saying what
everybody else on the InfoSec side I've spoken with is thinking - the
People's Liberation Army is the top suspect, with the Russian FSB
operating through proxies in Bulgaria or Romania as a fairly distant
second.
Me, I think this fits the profile of a PLA probing attack perfectly.
--
<a href="http://www.catb.org/~esr/">Eric S. Raymond</a>
