Toys from the Pram

We have seen an increase in hostile activity and attacks over the last few weeks. More over we have seen a change in behaviour. An influx of sign ups trying to pass themselves off as kosher.

This comes on the back of a swathe of dodgy sign ups - mostly from the usual suspects of the dream that is OVH and ["a-nother party" which quite frankly comes as no surprise] - where it is clear that the income comes before abuse requests... or they are encouraged to allow the questionable behaviour as a safe haven for foul play for 'the man' and monitoring purposes ("Difficult decisions", "bigger picture", "You would not understand" ...#justsaying #allegedly).

It would appear there has been a drive by either organised groups, or individuals, some of which threatening multi hour DoS on twitter following the removal of dodgy accounts, card details and so on, and blocking sign ups from certain ranges.

From the point of view of an engineer it is very hard to tell what is the work of a single person, a group, or what have you - however above and beyond the standard background-hum-of-the-internet that is automated opportunist compromises of low focus low skill - there has certainly been a drive for more of a land grab through August and early September. This shit happens. It is a given. You stick it out there - someone is going to have a pop at it.

There seems to be this land grab for genuine accounts that slip under the radar. Hell, they are even following up with support tickets as to why a given service has not gone live yet. This is personal, this is pretty ballsy. However - the response to a real push to neuter this through more checks, account suspensions, and blocks of ranges they are coming from appears to have triggered a toys from pram response.

So I am guessing this was an individual or small group - more emotive than usual. Unwilling to just move along to the next opportunity.

That sits badly with me.

Badly enough to mention.

These are interesting times.

Below is a DDoS that was publicised on twitter as a threat - hitting our mitigation appliances. The red showing dropped traffic, the green showing business as usual - essentially cutting it off at the legs.

However what is important here is a change of tack, by an individual or group, emotional, committed, unwilling to let it go or move on (...heh, having read that it's like I just described myself... maybe I should not be so surprised!) - lets hope this is a one off or a patch we are going through, because it's obvious and uncomfortable to watch panning out in-front of you.

Leave a Reply

Your email address will not be published. Required fields are marked *