World's Largest DDOS Motives Come Clear

[FrgMstr]

The world's largest DDOS against Github (now measured at 1.7TB) has now been found to be an extortion attempt to be paid in Monero cryptocurrency. Thankfully, the attack vector can be fairly easily secured to stop this from happening.

​

The extortion note, which occurs in a line of Python code delivered by the compromised Memcached servers, demands payment of 50 XMR (the symbol for the Monero cryptocurrency). This would have been approximately $15,000.

"It is a pretty clever trick to embed the ransom demand inside the DOS payload," Nick Bilogorskiy, cybersecurity strategist at Juniper Networks, told SecurityWeek. "It is also fitting with the times that attackers are asking for Monero rather than Bitcoin because Monero disguises the origin, destination and amount of each transaction, making it more suitable for ransoms."

 

[Deleted member 93354]

But crypto is used mainly for legitimate purposes right?/sarcasm

 

[Imhotep]

and paper currency is used only for legal and clean purchases....Some of you people .....

 

[Lakados]

and paper currency is used only for legal and clean purchases....Some of you people .....

Well none of these extortion attempts over the last few years have been asking for Cash and most illegal purchases are now made in precious Stones, Metals and Art.

 

[Biznatch]

I’m still incredibly impressed that GitHub stayed up over that. Granted, I’m sure an attack longer than 10 minutes would have crippled them. Does anyone know how much cash ended up getting spent to stop 1.7Tb?

They didn't stay up. They had a small downtime, then had to bring in a DDOS protection service to mitigate the attack. After that, the attack stopped. Guess the 'attackers' realized it wasn't causing the damage they thought it would.

Although, github probably spent a LOT more than 15k to get help from that DDOS service, especially for that size of attack.

 

[DeathFromBelow]

and paper currency is used only for legal and clean purchases....Some of you people .....

I have yet to see an actual real world use of a blockchain outside of extortion and speculation/gambling. Seems like a traditional database is cheaper, faster, and more secure for most tasks.

Even in situations where it should make sense, like where you have multiple companies dealing with various machine parts or farmers/butchers/transporters involved with packaged meat or whatever I have yet to see it used successfully.

 

[TheSoldier]

They didn't stay up. They had a small downtime, then had to bring in a DDOS protection service to mitigate the attack. After that, the attack stopped. Guess the 'attackers' realized it wasn't causing the damage they thought it would.

Although, github probably spent a LOT more than 15k to get help from that DDOS service, especially for that size of attack.

And that’s really the crux of the problem. These attacker’s ransom is cheaper than the solution to defend against it. I remember the whole cryptoware and hospitals and how paying 25-50k was cheaper than recovery. It’s a chicken and egg problem.

 

[KazeoHin]

Well none of these extortion attempts over the last few years have been asking for Cash and most illegal purchases are now made in precious Stones, Metals and Art.

*citation needed

 

[Gottfried Leibnizzle]

Back in my day we stored bullion in our mattresses. Y'all whippersnappers can stick this newfangled e-bucks crap up your arses.

 

[janis2018]

and paper currency is used only for legal and clean purchases....Some of you people .....

Half of the paper money is stolen whit unfair trading techniques.

 

[deton8]

Half of the paper money is stolen whit unfair trading techniques.

Technically that wouldn't be paper money, it would be bits on a hard drive.

Or I guess zeros in a bank account.

 

[Retronym]

Always pay attention to what crypto the criminals want.

Those are the best coins.

They have the most to lose. It's not a decision they make lightly.

 

[Lakados]

*citation needed

http://www.nytimes.com/2013/05/13/arts/design/art-proves-attractive-refuge-for-money-launderers.html
http://www.antimoneylaunderinglaw.c...ing-and-terrorist-financing-report-finds.html
http://f3magazine.unicri.it/?p=598

These are the ones I could find from my phone, but I remember a good one from what I remember as the BBC from a few years back but I can't find it right now.

 

[Ehren8879]

Dont negotiate with terrorists. It's 101.

Github made the right call on this one, even if it cost them $100k

 

[Orddie]

Well none of these extortion attempts over the last few years have been asking for Cash and most illegal purchases are now made in precious Stones, Metals and Art.

right! i can hack your shit and ask for payment all without getting my gay ass out of my chair. This. Is. Fucking. Merica.

b/c ya know... asking a bank for 15k.. you will do it wrong which means it will be reported and someone will ask you some questions, which will lead to a sting OP where i go to jail. IF i'm better than the Russians and o not leave a trace which leads back to me.. im golden.

also.. 15k for the largest DDOS? someone is doing something wrong.