They do it..
...because they can?
Sometimes there is no 'why'
The Central Intelligence Agency, PayPal, and hundreds of other organizations are under an unexplained assault that's bombarding their websites with millions of compute-intensive requests. The "massive" flood of requests is made over the websites' SSL, or secure-sockets layer, port, causing them to consume more resources than …
I'd say they're probing for something on the remote boxes, but it doesn't sound like an attack to me, it's probably a prelude to one though.
They could be sitting on some crypto exploit code and want to know who's vulnerable before they make their pay run.
Maybe DDOS the strong encryption servers so that fraudulent requests are handled by systems with the weak encryption that they have an exploit for?
Sorry, I'll put down the William Gibson book now ;)
is that they hoped the attack would be more successful, I guess you don't know before hand how successful attacks will be, how many machines will remain in the botnet, the amount of requests that cause issues for the site.
Maybe they just figured that the SSL negotiation over and over would cause a DDOS if there was enough requests?
It seems strange to go for such high profile sites with an attack that hasn't proved successful or been tested elsewhere first, that is what is odd about this.
"Shadowserver has identified 315 websites that are the recipients of the SSL assault. In addition to cia.gov and paypal.com, other sites include yahoo.com, americanexpress.com, and sans.org."
Let me see: CIA, Paypal, yahoo (with their infernal webmail system).
They're targeting the most evil web sites of da Internet, maybe ?
Biting the hand that feeds IT © 1998–2021