On 2016-10-29 14:07, Eric S. Raymond wrote:
You don't build or hire a botnet on Mirai's scale with pocket change. And the M.O. doesn't fit a criminal organization - no ransom demand, no attempt to steal data.
it is wrong to underestimate script kiddies and open source code. It is wrong to underestimate a community that shares their own experiences with different devices. One contributes default password for brand X camera, one gives the defaults for brand Y router etc. Imagine someone writes code for university project to scan the network for improperly protected devices. That code, while designed as a security audit, could be integrated into something far nastier. At the end of the day, you may have plenty of open source information available to assemble this into something like Mirai. Yeah, there may be more sinister forces out there. The DYN attack may have been a "demo" of capabilities that will be part of threats/balckmail against other large players on the Internet.
everybody else on the InfoSec side I've spoken with is thinking - the People's Liberation Army is the top suspect, with the Russian FSB operating through proxies in Bulgaria or Romania as a fairly distant second.
Or some guy in Arkansas starting a new blackmail/extortion business, hoping to cash in on the software he put together. And if we're gonna talk conspiracies, include Trump. he publishes a "policy" on cyber attacks on a day, a couple days later a major cyber attack happens. Coincidence ? :-) I think the focus should be on preventing such attacks, and reducing their impacts when they happen and improving traceability tools as they happen. Speculating on who is reponsible doesn't do much to proect the internet against such attacks.