... ...
Did you understand a single phrase of what I was talking about?
I don't know for certain.
Were you offering that, in general, an awareness of the usefulness and effectiveness of
DDoS attacks could benefit people?
Were you suggesting that it's a realistic approach that
reboot.pro could itself employ in order to help protect the web-site?
Were you suggesting that the reason why reboot.pro was under attack is because reboot.pro is (unbeknownst to its users, perhaps) involved in a campaign against some entity and hackers are fighting back on behalf of that entity?
Were you simply sharing a story about hackers and DDoS? That's honestly what I thought you were doing, and I'm sorry if my response didn't come off as a criticism against the hackers in that story. It was supposed to.
Did you grasp my point of view or you just criticize my words for criticism sake?
I don't know, you tell me. I didn't mean to criticize
you, I meant to criticize the strategy of stealing resources and the strategy of aggressively pursuing agendas using vast resources.
I am simply trying to layout the building blocks of a framework to solve a serious issue.
Ok. But if I ever found rogue software running on my computer, I'd be boiling-hot mad that someone took advantage of whatever vulnerability let the software in, instead of discretely alerting the relevant vendors in order to help them to address the vulnerability.
Even if a wealthy benefactor was donating prizes to reboot.pro users and I got a non-web-browser pop-up window to inform me of my entitlement to such a prize, I'd still be just as boiling-hot mad; it's not the channel that I expect (and
want) such a communication to come through.
If you don't know or care to know what they do and what they are capable of doing,
then you really seem to have no intention of trying to stop them.
If we're discussing people who take advantage of security vulnerabilities to further their agenda without authorization, then feel free to tell me: Why do they do that? Is it because the results are more effective than some other, less upsetting, means?
If we're discussing people that
DoS or DDoS one or more web-sites to further their agenda (be that raising awareness of a conflict, or any other agenda), feel free to tell me: Why do they do that? Is it because the results are more effective than some other, less upsetting, means?
You typed about "what they do and what they are capable of doing." I'd just assume that the most skillful people can do whatever they want and can bring any computer resources of any adversary they might perceive to total destruction. If you're simply pointing out a specific instance of possible behaviour with your story, thanks for that. But when you say,
Sometimes, your enemies may understand you better than your friends and team-up with you for a better tomorrow.
I'll say, "thanks, but not so fast... Is means XXX to achieve goal YYY effective
and civil behaviour?"
You seem to know little about cyberwar and cybersecurity.
I'm not sure why you've concluded that.
I believe ideas should be analyzed from different points of view to make them mature
rather than just for criticism sake.
Fully agreed! And that's why
I've asked questions to "hackers" I've caught before, and they've become irritated or bored with my questions and ended the discussion. I guess my questions aren't for everybody.
Sure I'd like to understand their perspective(s) better. But my personal experience so far has been as above. Too bad for me!
I thought we could be discussing hacking and cybersecurity techniques in order to
converge to a certain goal.
Obviously, I'm in the wrong place for such a discussion. Not your fault!
I haven't yet seen a moderator step in and end the discussion or suggest that it's off-topic. Maybe that will happen. But I'm certainly going to share my opinion that taking advantage of security vulnerabilities to "do good" warrants some extra careful consideration and carries some strong risks.
...
Honest people and businesses have limited resources, hacktivists DON'T! A strike-back or a decent work-around may or may not need a wealth of resources. Depends on your technical skills and your imagination.
Are you typing above that "honest people" != "hacktivists"? I'm under the impression that some people honestly believe that attacking some entity's computer resources is for a "greater good." The biggest problem I have with that approach is the lack of balance. As skillful as someone might be, their great scope of influence carries a proportional risk of damage.
Please consider, if you will, the Wikipedia story for
Netsky worms (whether or not you believe it), suggesting that one virus writer included code for removing other viruses. And consider the story for
Sasser.E, which attempted the same. Perhaps that could be considered a noble intention? But note that a coding error caused
LSASS.EXE to crash! (Apparently.)
You just hit the point! Thousands and thousands of poorly shielded computers and networks around the globe are silently been hijacked by trojan horses and scams to serve a dynamic cloud. ...then uses them to build up a virtual super computer...
And imagine the associated costs and risks to the unknowing users.
Some spyware go further to rip info from their victims and perform a bunch of public operations. A well programmed trojan horse, may not be perceived by even good antivirus software.
0-day viruses cannot be prevented by lookup in virus signature databases that don't yet have the associated signatures, so sure.
So, you imagine how serious a DDoS attack can be. If at a certain predefined time, each of such infected terminals starts to fire tens or hundreds of concurrent connections towards a specific target.
Please consider
I2P. Here is a project and efforts to produce something like an "anonymous Internet." One might still have some concerns about using it (I'm
certainly not claiming that any of these points are true):
- It might be a social engineering attempt to actually keep a close watch on "sneaky people"
- The vast majority of the nodes might actually belong to a single entity, who can then try to identify you
- The algorithms used might be vulnerable to expertise that is not publicly known to exist
If you can review the codebase and if you know your cryptology, you might be in a better position to draw conclusions.
Now assuming that it
works and becomes
immensely popular, what happens when someone takes advantage of a vulnerability, but causes damage? Maybe you get an
Irish Potato Famine. Most terrible!
Educating computer users of the importance of network security, driving TV and internet campaigns for informative security, promoting the birth and growth of decent antivirus software, supporting anti-spyware, anti-cyberfraud, etc. may be a gigantic step towards confining exploitable hactivists resources. For the moment, they have plenty of exploitable resources.
...
Some people might think that Microsoft products are popular targets for attacks because hackers dislike Microsoft or are trying to re-balance a perceived monopoly. Some people might think that they're targets due to exceedingly poor design. Some people might think that they're targets due to their popularity and the proportional scope of influence that successful attacks could achieve. Yeah, there're plenty of exploitable resources. I agree that education is a good thing, and so is: Stop doing it. Blah, blah, blah... (me)