"That means the motive was prep for terrorism or cyberwar by a state-level actor. " Or, quite possibly ( I would argue probably) it was marketing. Show off the capabilities of the botnet to garner more interest amongst those who pay for use of such things. On Sat, Oct 29, 2016 at 2:07 PM, Eric S. Raymond <esr@thyrsus.com> wrote:
bzs@TheWorld.com <bzs@TheWorld.com>:
On October 28, 2016 at 22:27 list@satchell.net (Stephen Satchell) wrote:
On 10/28/2016 10:14 PM, bzs@TheWorld.com wrote:
Thus far the goal just seems to be mayhem.
Thus far, the goal on the part of the botnet opearators is to make money. The goal of the CUSTOMERS of the botnet operators? Who knows?
You're speaking in general terms, right? We don't know much anything about the perpetrators of these recent Krebs and Dyn attacks such as whether there was any DDoS for hire involved.
We can deduce a lot from what didn't happen.
You don't build or hire a botnet on Mirai's scale with pocket change. And the M.O. doesn't fit a criminal organization - no ransom demand, no attempt to steal data.
That means the motive was prep for terrorism or cyberwar by a state-level actor. Bruce Schneier is right and is only saying what everybody else on the InfoSec side I've spoken with is thinking - the People's Liberation Army is the top suspect, with the Russian FSB operating through proxies in Bulgaria or Romania as a fairly distant second.
Me, I think this fits the profile of a PLA probing attack perfectly. -- <a href="http://www.catb.org/~esr/">Eric S. Raymond</a>