On Thu, Sep 15, 2016 at 12:25:56PM +0300, Cari Machet wrote:
https://www.schneier.com/blog/archives/2016/09/someone_is_lear.html
lol, Russia and China. Did he miss the Norks? Also where the resources and bandwidth come from, there is no mention of it, especially botnets. Long ago someone claimed BGP amplification from a single ISP can get large ddos factor, don't know if this scales exponentially.
On 09/15/2016 03:49 AM, Georgi Guninski wrote:
On Thu, Sep 15, 2016 at 12:25:56PM +0300, Cari Machet wrote:
https://www.schneier.com/blog/archives/2016/09/someone_is_lear.html
lol, Russia and China. Did he miss the Norks?
Also where the resources and bandwidth come from, there is no mention of it, especially botnets. Long ago someone claimed BGP amplification from a single ISP can get large ddos factor, don't know if this scales exponentially.
Protonmail never got really specific about who took them down a while back but they did say it was at first an effort by 'criminal elements' which they staunched, followed by an onslaught from a national actor in collusion with that criminal element. It was very effective. They never got very specific about the method used except to describe it as dDos. Rr
Whoever did this, U.S. says of latest hacks, we’re coming after you With linkage @ Mcclatchy http://www.mcclatchydc.com/news/nation-world/national/article101838132.html By Tim Johnson mcclatchydc.com Top White House and Justice Department officials asked for patience from the public Wednesday as they refused to say whether Russia or another nation may be behind a new series of headline-grabbing hacks affecting the realms of politics and sports. But they promised that the hacks will not go unpunished – once they are certain who is responsible for them. “Whether you are a rogue hacker or a uniformed soldier, the shadowy corners of the internet will not provide respite for long,” Attorney General Loretta Lynch said. A top Lynch deputy, John P. Carlin of the Justice Department’s National Security Division, said the Obama administration would go after whoever was responsible, even if they were operating as part of a foreign government’s institutions. “The message should be clear: You are not safe because you are operating under another nation’s flag,” Carlin said. “We can figure out who did it. It won’t remain anonymous.” The warnings came as the interim chair of the Democratic National Committee, Donna Brazile, blamed agents in Russia for the release of new hacked DNC documents that she said were intended to influence the outcome of November’s presidential election. “There’s one person who stands to benefit from these criminal acts, and that’s Donald Trump,” Brazile said in a statement. “Not only has Trump embraced (Russian President Vladimir) Putin, he publicly encouraged further Russian espionage to help his campaign.” Whoever hacked the DNC, an act first reported in June, provided some 20,000 internal DNC emails to WikiLeaks, which released them a month later. The hack has fueled concern that foreign cyber-agents might also meddle directly in the November U.S. election. Earlier this week, the World Anti-Doping Agency reported that its database had been penetrated by a Russian espionage group, known as Fancy Bear, that released information on four U.S. athletes – gymnast Simone Biles, tennis stars Serena and Venus Williams, and basketball player Elena Delle Donne. The confidential medical data showed that the four had used medicines that usually are banned but that may be used with approval from the International Olympic Committee to treat certain medical conditions. All four had received permission. Hundreds of Russian athletes were barred from competing in last month’s Summer Olympic Games in Rio de Janeiro due to suspicions of widespread doping. Lisa O. Monaco, President Barack Obama’s top aide on homeland security and counterterrorism, declined to blame Russia for the latest hacks but said finger-pointing would come soon enough. “Folks should stay tuned,” Monaco said at a forum at the Center for Strategic & International Studies to honor the Justice Department’s Division of National Security. “We know Russia is a bad actor in cyberspace, just as China has been, just as Iran has been,” Monaco said. “Nobody should think that there is a free pass when you’re conducting malicious cyber-activity.” “Our reach is long,” added Monaco, a former assistant attorney general. “Sometimes it takes a long time to build a case but it doesn’t deter us from pursuing it.” Lynch noted that U.S. prosecutors in 2014 had charged five members of China’s People’s Liberation Army with hacking U.S. companies to benefit Chinese industry. Last year, prosecutors charged seven Iranians, allegedly linked to the elite Islamic Revolutionary Guard Corps, with planning to hack U.S. banks and a New York State dam in an attempt to disrupt its operation. Before the indictments of the Chinese army members, Carlin said, few thought the U.S. government would seriously go after hackers linked to foreign governments. “There was a period of time when folks said, ‘Cyber-espionage, Chinese espionage, there’s nothing you can do about it. It’s too hard. They’re going to be able to remain anonymous, and this is just the world we have to accept as the status quo,’ ” Carlin said. But he said indictments against foreign hackers had proved otherwise. “For those who think that, be it Russia or any other country, that there’s going to be a free pass, that we can’t figure out what they are doing in cyber-enabled espionage, the message should be clear,” he said. --30--
On 09/15/16 13:49 +0300, Georgi Guninski wrote:
On Thu, Sep 15, 2016 at 12:25:56PM +0300, Cari Machet wrote:
https://www.schneier.com/blog/archives/2016/09/someone_is_lear.html
lol, Russia and China. Did he miss the Norks?
Also where the resources and bandwidth come from, there is no mention of it, especially botnets. Long ago someone claimed BGP amplification from a single ISP can get large ddos factor, don't know if this scales exponentially.
In the ISP space, certainly botnets, driven by gamers, almost exclusively - in the enterprise and "critical infrastructure" space, driven by large monetary and technical resources where botnet use is likely used for obfuscation. I've never encountered BGP amplification, which sounds like a waste of time. In the ISP space, it's near all DNS and NTP. A more interesting discussion would be non-DDOS based attacks that are only briefly touched on in the article (DNS hijacking). The quite fragile voice network - SIPs embarrassingly poor security use in trunking configurations, BGP hijacking in the default free zone, and strategic attacks on provider transport links come to mind. -- Dan White
On Thu, 15 Sep 2016 13:49:39 +0300 Georgi Guninski <guninski@guninski.com> wrote:
On Thu, Sep 15, 2016 at 12:25:56PM +0300, Cari Machet wrote:
https://www.schneier.com/blog/archives/2016/09/someone_is_lear.html
lol, Russia and China. Did he miss the Norks?
Come on guys. Schneier is one of 'us' - he's a 'cypherpunk' at least according to wikipedia, and he's a ruler of the glorious tor project - what else can you ask?
Also where the resources and bandwidth come from, there is no mention of it, especially botnets. Long ago someone claimed BGP amplification from a single ISP can get large ddos factor, don't know if this scales exponentially.
On Thu, Sep 15, 2016 at 05:11:57PM -0300, juan wrote:
On Thu, 15 Sep 2016 13:49:39 +0300 Georgi Guninski <guninski@guninski.com> wrote:
On Thu, Sep 15, 2016 at 12:25:56PM +0300, Cari Machet wrote:
https://www.schneier.com/blog/archives/2016/09/someone_is_lear.html
lol, Russia and China. Did he miss the Norks?
Come on guys. Schneier is one of 'us' - he's a 'cypherpunk' at
"guys" is not very politically correct for the gal chix on the list.
On Fri, Sep 16, 2016 at 02:45:31PM +0300, Georgi Guninski wrote:
On Thu, Sep 15, 2016 at 05:11:57PM -0300, juan wrote:
On Thu, 15 Sep 2016 13:49:39 +0300 Georgi Guninski <guninski@guninski.com> wrote:
On Thu, Sep 15, 2016 at 12:25:56PM +0300, Cari Machet wrote:
https://www.schneier.com/blog/archives/2016/09/someone_is_lear.html
lol, Russia and China. Did he miss the Norks?
Come on guys. Schneier is one of 'us' - he's a 'cypherpunk' at
"guys" is not very politically correct for the gal chix on the list.
Didn't pick you for a trans.. guess I should have guessed from the name.
On Sep 16, 2016 4:52 PM, "James A. Donald" <jamesd@echeque.com> wrote:
On 9/16/2016 9:45 PM, Georgi Guninski wrote:
"guys" is not very politically correct for the gal chix on the list. There are no women on the internet. Unless they post tit pictures.
OK, already did it... ...but not in this list, hehe! :) Uff, I really hate to live in a so very "politically correct" world... If you call me "guy" or "princess", I will read and answer the same way. And yes, I have tits and they are pretty cute, ow! <3
On Fri, 16 Sep 2016 14:45:31 +0300 Georgi Guninski <guninski@guninski.com> wrote:
On Thu, Sep 15, 2016 at 05:11:57PM -0300, juan wrote:
On Thu, 15 Sep 2016 13:49:39 +0300 Georgi Guninski <guninski@guninski.com> wrote:
On Thu, Sep 15, 2016 at 12:25:56PM +0300, Cari Machet wrote:
https://www.schneier.com/blog/archives/2016/09/someone_is_lear.html
lol, Russia and China. Did he miss the Norks?
Come on guys. Schneier is one of 'us' - he's a 'cypherpunk' at
"guys" is not very politically correct for the gal chix on the list.
I thought "guys" was gender neutral. Then again, despite being a fed, english is not my first language, so I wasn't 100% sure. http://english.stackexchange.com/questions/11816/is-guy-gender-neutral "You guys" is a familiar, all-inclusive way of addressing a group of men or women directly." "The plural "guys" definitely is, at least here in San Francisco — I'm often hearing all-girl companies here being greeted with 'Hi guys, how are you doing?'. etc. So, I won't be executed, at least for that offense.
participants (8)
-
Cari Machet -
Cecilia Tanaka -
Dan White -
Georgi Guninski -
James A. Donald -
juan -
Razer -
Zenaan Harkness