[192493] in North American Network Operators' Group
Re: Spitballing IoT Security
daemon@ATHENA.MIT.EDU (Tom Beecher)
Sat Oct 29 15:35:20 2016
X-Original-To: nanog@nanog.org
In-Reply-To: <20161029180730.GA10801@thyrsus.com>
From: Tom Beecher <beecher@beecher.cc>
Date: Sat, 29 Oct 2016 15:35:15 -0400
To: esr@thyrsus.com
Cc: NANOG <nanog@nanog.org>, bzs@theworld.com
Errors-To: nanog-bounces@nanog.org
"That means the motive was prep for terrorism or cyberwar by a
state-level actor. "
Or, quite possibly ( I would argue probably) it was marketing. Show off the
capabilities of the botnet to garner more interest amongst those who pay
for use of such things.
On Sat, Oct 29, 2016 at 2:07 PM, Eric S. Raymond <esr@thyrsus.com> wrote:
> bzs@TheWorld.com <bzs@TheWorld.com>:
> >
> > On October 28, 2016 at 22:27 list@satchell.net (Stephen Satchell) wrote:
> > > On 10/28/2016 10:14 PM, bzs@TheWorld.com wrote:
> > > > Thus far the goal just seems to be mayhem.
> > >
> > > Thus far, the goal on the part of the botnet opearators is to make
> > > money. The goal of the CUSTOMERS of the botnet operators? Who knows?
> >
> > You're speaking in general terms, right? We don't know much anything
> > about the perpetrators of these recent Krebs and Dyn attacks such as
> > whether there was any DDoS for hire involved.
>
> We can deduce a lot from what didn't happen.
>
> You don't build or hire a botnet on Mirai's scale with pocket change.
> And the M.O. doesn't fit a criminal organization - no ransom demand,
> no attempt to steal data.
>
> That means the motive was prep for terrorism or cyberwar by a
> state-level actor. Bruce Schneier is right and is only saying what
> everybody else on the InfoSec side I've spoken with is thinking - the
> People's Liberation Army is the top suspect, with the Russian FSB
> operating through proxies in Bulgaria or Romania as a fairly distant
> second.
>
> Me, I think this fits the profile of a PLA probing attack perfectly.
> --
> <a href="http://www.catb.org/~esr/">Eric S. Raymond</a>
>
