From: Kragen Sitaker (kragen@pobox.com)
Date: Thu Apr 20 2000 - 10:59:21 PDT
Greg quotes B. K. DeLong:
> I'm highly skeptical. I don't think they've found the person who did
> the attacks. I think law enforcement is stalling the press and public
> to keep them off their backs while they find the real person.
>
> -- B.K. DeLong, a member of Attrition.org on the recent arrest of
> 'Mafiaboy' for February's denial of service attacks.
I'm pretty skeptical, too.
On one hand, an inept person or a braggart certainly could have carried
these attacks off, and in that case they would be catchable. That's
the RCMP's story on how they caught the guy --- he bragged.
On the other hand, I would expect a braggart to seek pseudonymous
publicity by claiming the DDOSes as their doing. I haven't seen this,
although maybe I haven't been watching. Yet the sites chosen seemed to
be carefully chosen to get press.
Also, I don't recall any attacks against institutions or people who'd
personally wronged this guy.
The alleged evidence against this guy consists of timestamped IRC logs
--- presumably produced two months after the fact by one of his
cronies. What could have induced them to come forward now if they
didn't come forward in February? Are there reliable sources these logs
can be cross-checked with --- e.g. multiple sources for these logs, or
netsplits or other global events? Or are they fabrications by an
ex-friend bearing a grudge?
I think the evidence suggests that someone wanted publicity, but not
for themselves. Somebody wanted publicity for the sad state of
Internet security.
The kind of person who would do such a thing would likely be very
difficult to catch; they wouldn't tell a soul, and they'd operate
through a chain of five or more compromised Win98 (welll, possibly
Linux) machines on cable modems or in ResNets, and they would allow a
month or more to elapse between compromising their zombies and
launching the attack --- a month during which they would have no
contact with their slaves, perhaps even going on vacation in the
Canadian Rockies for a week or so before the attack.
-- <kragen@pobox.com> Kragen Sitaker <http://www.pobox.com/~kragen/> The Internet stock bubble didn't burst on 1999-11-08. Hurrah! <URL:http://www.pobox.com/~kragen/bubble.html> The power didn't go out on 2000-01-01 either. :)
This archive was generated by hypermail 2b29 : Thu Apr 20 2000 - 11:00:26 PDT