> I am sorry, but am I the only one who read through this, and wondered
> what do they have to back up their claims? This story offers up a zing
> bang topic with no facts or anything backing up ISS claims. What editor
> let this story out?
>
> This reminds me of all the tiny start-up security companies that popped
> up after the last DDoS attacks with claims of another trojan, or some
> other attack looming in the near future, so that they could get some free
> media coverage and make it on the morning talk shows. Hey, right or wrong,
> they got press for their company. Who cares if they spread more FUD and
> scared a lot of AOL users and tiny ISPs across the world... :/
No, you weren't the only one. Over the last year there have been many
press releases from many companies that exploited FUD or otherwise
claimed more than is just. I'll just say that more responsibility is
warranted and that the truth eventually comes out. I've spent my own
time at the center of the DDoS cyclone, and assembled a timeline of
events that will help anyone who wishes to understand what really
happened before February 8, 2000 and to understand what has happened
since:
http://staff.washington.edu/dittrich/misc/ddos/timeline.html
> Welcome to just one of the many things that suck about the 'industry'
> that's developed around info ops and info assurance. You're obviously
> correct about the lack of editorial control... but look at the
> 'journalism' and the assertions by the sources, and it's absurd on the
> face. How do they 'know' when an attack is planned? The usual
> confusion about capabilities an intentions. The coupling of the claim
> with the press release (honest guys, PR newswire isn't that expensive,
> just use it an be honest).
I don't doubt that ISS learned of DDoS networks. We deal with DDoS
attack networks all the time. You just don't get press releases from
universities. I also don't doubt that ISS heard rumors or witnessed
exchanges on IRC. Most DDoS attacks are centered around IRC, and were
born of online battles on IRC. Spend time in the right IRC channels and
you'll hear people brag or threaten. Should everything heard on IRC be
believed, though? That is another question, but I don't think these
are the relevant points.
If anyone has information about computer crime -- being committed or
about to be committed -- the place to deliver this information is to
incident response agencies and law enforcement first and foremost, not
the media. Being first with an advisory or first with a press release
is not what is important.
--
Dave Dittrich Computing & Communications
dittrich@cac.washington.edu Client Services
http://staff.washington.edu/dittrich University of Washington
PGP key http://staff.washington.edu/dittrich/pgpkey.txt
Fingerprint FE 97 0C 57 08 43 F3 EB 49 A1 0C D0 8E 0C D0 BE C8 38 CC B5
ISN is hosted by SecurityFocus.com
---
To unsubscribe email LISTSERV@SecurityFocus.com with a message body of
"SIGNOFF ISN".
Received on Wed Nov 22 04:58 CST 2000