- This is a developing story...
This is just more prodding the weak points of the infrastructure by a state-sponsored group. Someone is testing the IP stack, from top to bottom, and looking for weak spots. (Which is, admittedly, a bit self-defeating, because once these weak spots are exposed, sysadmins generally try to harden them. But, those who do NOT harden their defenses after being "poked" like this, are all the more weaker the next time. So someone may simply be testing to see which parts of the internet infrastructure are being actively maintained, and which aren't. This is also extremely valuable information if your goal is to really damage an organization/group and take them completely offline for more than a couple of hours.) Of course, if you wanna go all conspiracy theory, I have another take on KB's comment: USCYBERCOM is basically hardening the US internet infrastructure by sticking its fingers in these holes, and causing companies to strengthen their security. You can pass any law and regulation you want, and make recommendations for how companies need to secure their shit... but until you actually take their system down, the bean counters at Generic US Company, Inc are never going to approve those budget expenditures. But when your web site is down? Oh yeah... they'll authorize the spending to fix the problems. So maybe USCYBERCOM is delicately forcing US companies to harden their security...?
DDOS = too much traffic for your _________ to process. So your _______ is unreachable by regular customers. The (blank) can be filled with "web server" or "email server" or "load balancer" or "ADC" or "DNS server" or "firewall" or "ISP" or "backbone provider", etc, etc, etc. Distributed Denial of Service. The "Distributed" part is really the interesting bit. It means that the traffic that is overloading your service is coming from a LOT of different places, so it is hard to tell who is sending you legitimate traffic, and who is sending crap data that is just trying to knock your servers offline. This is where botnets, the IoT, and hacked Windows PCs come into play. If you have 500,000 of these things all trying to access one web page thousands of times a second... then legit traffic can't get in either, and your service is effectively taken offline. (I could go on about the types of DDoS attacks for hours... but I won't. You are welcome.)
It looks like this current DDOS was pulled off in part by The Internet of Things. The world is getting weird again.
See, you're giving too much credo to people who want to scare you. Bruce Schnier: "The Internet of Things Will Turn Large-Scale Hacks into Real World Disasters" PBS: "Sophisticated Attack Takes Down Key Internet Servers" Reality: Anonymous said "Waaaah! They cut of Assange's Internet! Flail around like babies with that exploit we found and throw a tantrum!" and fuckin' Etsy was down for like 4 hours. That's part of the problem here: EVERYBODY is eager to see "sophisticated state actors" "exploiting the Internet of Things" leading to "Large scale disasters" and they don't see a bunch of neckbeards with an axe to grind throwing shit like monkeys. A "sophisticated state actor" phishes John Podesta's gmail. A hacker throwing a tantrum phishes Jennifer Lawrence's. In both cases, it's gmail. An actual attack wouldn't affect Github, it would affect the air traffic control system.
Well, I know a DDOS isn't sophisticated by itself, it's about as sophisticated as ramming your car through the wall of a jewelry store to get in and rob it (that's why I pointed out in my comment I didn't write the headline). That said, using a bunch of cameras and such to assist in the DDOS does sound pretty fancy to me. Also, I think anybody that's "everybody" that wants to see something big and damaging happen to the internet is crazy. To me it's like saying "I want to see people do things that turns me from an observer to a potential victim."
By itself, no. As part of a greater attack, sure. But who's planting a backdoor at Github or Spotify? Here's the thing about IoT: it's a bunch of unsophisticated devices with rudimentary interactions with the world. That's the thing about webcams: they can't do much, but they can upload a video stream to a web address. If nobody changes the default password (or if it can't be changed), that means that anybody can scan ports looking for webcams and then send commands to them changing where that video gets uploaded. Figuratively speaking, it's the "let's everybody flush the toilets all at once and see if we can break a pipe" approach to mayhem. So, "fancy?" Well, not by my sense anyway. Fancy looks different. BTW, if this stuff interests you at all, even from a lay perspective, allow me to recommend Mark Bowden's Worm. It's the guy who wrote Black Hawk Down's take on the hunt for Conficker and it's a really accessible, really entertaining read.
You Twitter wrong. I'm pretty sure you've badged at least two things of mine that I found on Twitter. I follow half a dozen people who are broad minded and have odd ball interests. A few of them are writers or journalist that have moved on to non journalism jobs. I liked them when they were journalist because they had wide ranging interests. I may not get to read or listen to them anymore but I get to access to content that they think in worthwhile. What ever it is that you hate about twitter I'm fairly certain that I use it in a way that I don't have to rub up against it. That is unless you hat pictures of guys in wolf costumes peeing on themselves, in which case you might hate my Tiwtter.
You have only two link posts that I have even upvoted, and one that I have badged. I would absolutely badge it again. The overwhelming preponderance of your badges, however, are for long, thoughtful text posts... while your defense of Twitter involved Furry porn.
I'm wondering if he has been in the weeds for so damn long that he sees the monster everywhere now. If I was not rolling into my first multiplayer Civ6 game I'd probably expand on this. But yea. Looking into the abyss too long messes with your perspective. The world would be a significantly better place if the people who actively use twitter went into reeducation camps. There is nothing about Twitter and the people using it that I can praise.I am so fucking over Bruce Schnier.
POSIT: The world would be a significantly better place if Twitter went away forever.
The group that stands to benefit the most by repeatedly probing large US infrastructure and forcing it to adapt is USCYBERCOM. An actual antagonist would not force their targets through selective, progressive hardening. 90% of Twitter is bots. 9% is trolls. The last 1% are those with more than 100 followers. One need only spend a morning in Hootsuite to discover what an information-poor, invective-heavy channel Twitter truly is. It primarily serves for journalists to fellate each other and for hundreds of robots to retweet their shit. My wife's company has a Twitter account. I've used it twice. It has 27 followers, all of whom are robots. I know four active twitter users. Three of them use it to post to Facebook. The other uses it to harangue the coach of the San Diego Chargers and spam Deadspin articles to no one in particular.