Lizard Squad...
And their point is...?
No better than any yob in any high street.
The developers of Tor, the software that tries to mask netizens' identities on the internet, have downplayed the arrival of 3,000 new relays – which are courtesy of a gang of mischief-makers. Tor Project members say the flood of nodes will largely be ignored by the network. The relays were seemingly introduced by Lizard Squad …
"They'll get caught."
A pawn will get caught and paraded round in front of the media as if he were a criminal mastermind instead of some pathetic little script kiddie who was stupid enough to get caught. That's what's normal.
The idiot who gets caught won't be able to finger the rest of the Lizards and they'll bounce back up again under another name a few weeks later. Of course the fact that the suspect can't name anybody else involved will be used by the feds to "prove" that s/he is in fact the mastermind.
The thing about these script kiddie gangs is that the media treat them as if they are criminal genii which of course encourages them. If the media reported them for what they are they'd probably run back into their bedrooms to hide. Nobody wants to be part of a gang that everybody laughs at.
Don't believe me when I say the media takes them too seriously? Look at the news reports from thursday night and friday. How many of them talk about the Lizard Squad "hacking" the xbox network rather than just running a DDOS attack?
Genii - mythological spirits associated with a particular person, place, or thing. Geniuses - really clever people. Same root but specifically different meaning in the plural forms.
Well this lot have a lot to be desired in both the spiritual and intellectual arenas. Need a damned good spanking and off to bed with no supper.
There are, roughly, 9000 nodes.
The percentages relate to capacity.
The article doesn't mention it, but it was also pointed out to the Lizards (on the mailing list) that they'd made something of an OpSec facepalm. I'll leave you to look over the publicly accessible data to work out what it is :)
They know how to run DDoS scripts from decentralised nodes (bought some time on a botnet) and run Tor nodes on some cloud hosts (bought some time on ... )
I'm sensing a pattern in these terrifying, unstoppable leet hax attacks, I just can't quite put my finger on it.
Hmmm. I'm not so sure. I'm no 1337 H4XX0R but surely for the "perfect" ddos you'd want as many distinct attack vectors as possible spread as far across the globe as you can get them. That's not how most cloud services work is it? (single badass data centre with enough cooling to start the next ice age). Actually "hacking" and poisoning the vm's being used would theoretically give you the volume, but not the spread. A few thousand "clever" fridges or toasters could do far more damage imho, especially if enterprising crims were to subvert the production process.
I can't see skiddies using daddy's credit card to set up their own VM farm for ddosing...
I can't see skiddies using daddy's credit card to set up their own VM farm for ddosing...
I can see some of them doing that.... Others will use stolen CC details, others will use stolen vouchers.
You do want your attack nodes spread out, but don't underestimate the benefit of using a server with a 1Gbps (or better, 10) connection over that of using something that manages 500Kb upstream.
The biggest benefit of using pawned consumer devices is that they (historically) aren't so easily noticed and shut down. You may get to run an attack from VMs for a while, but it's far easier for your host to shut you down than it is for 1000 home devices to be cleaned of your malware.
Cloud computing providers don't care what VMs are used for as long as there is a credit card to go with each one.
Not 100% true.
My servers recently came under an attack of some sort that I suspect was from a botnet. Not DOS levels by any means but several thousand more attempts to get in to SSH and other services than normal, ie rahter than the odd one or two per hour I was seeing hundreds, and all the same few login names (before security software closed the door on them) from many different ISP's.
These included some cloud providers. Often their IP's would show up in a close bunch as well, light I might get a dozen hits from one cloud company in a few mintues before things went back to random.
Anyway.. I made contact with several ISP's. A few responded, but a couple responded very well. I'm not sure if I should name one but I can say that from shortly after their people responded to my message, their IP's disappeared from my logs. Not just the IP's I'd identified either. (The NZ ISPs were appallingly unwilling to help! - yes, looking at pretty much al of you! Shame on you, if I could get my internet from another country I would. NK or China or Redmond would probably be more secure!)
Anyway.. Some at least will help, and it looks like certain ones will go to some good lengths to secure their systems (they won't tell me what they did sadly, I'd love to know even the basics).
claimed it was testing out an alleged zero-day vulnerability in the Tor service
So it's all a cunning plan then:
1) Run a load of DDOS scripts to screw over a couple of high-profile services.
2) Wait until tabloid press / TV screams about "hackers".
3) Talk cryptic bollocks about scary vulns wot only you know about.
Presto, script kiddy to l33t hax0r in three simple steps. It's what every sad little wanker wants for Christmas.