Mad salt. Imagine a fully grown man having a toddler tantrum. "If I can't play/win/get my way, nobody can" type mentality. It's also a method of coercion. Give me mod status or I'll DDOS your server and destroy your community.

The other half comes from sever operators ddosing their competition. There is a lot of money to be made from paid cosmetics, ranks, moderator (demi-tyrant) status, etc on custom servers.

It depends on the game, but for those with some kind of marketplace or transferable currency, I'm guessing market manipulation is one possible reason.

For other games, maybe trying to interrupt some time limited event or tournament. Going all the way down the rabbit hole, if you're not already familiar take a look at how crazy things get in a game like EVE: Online.

Then of course there are the bored trolls and/or people who feel wronged by the game's developers or other players.

Probably it has to do with all the gambling sites associated with gaming not the games itself.

Taking a competitor offline for a few hours is a lot of money in a market business I expect.

there seems to be lot of weird stuff going on with gaming casinos the recent CoffeeZilla episode comes to mind, so wouldn’t be surprised if botnets are used

They get banned for trolling, griefing, cheating, breaking rules etc. and want revenge. Every game operator has to deal with idiots like this

the ddos market has been somewhat centered around gaming for a while now, mainly to take down game server competition, or as an attempt to sell big players on "ddos protection" services.

well, gaming and Krebs's blog: https://krebsonsecurity.com/2025/05/krebsonsecurity-hit-with...

I'm surprised no one has mentioned duping. Selling items and currency for real world money is big bucks and IME, server crashes reliably enable duping exploits.

Not saying that's the case in this particular incident though.

The results are very public, it's the same way IRC is often targeted. They're easy targets, thousands of users are affected and the results are immediately noticeable.

A game I work with got hit by ~10Tbps earlier this year. It's likely because someone got mad they were banned.

> So why? Like why would someone pay to take a game down? I see this all over reddit with different games but I just don't get the point. What's the benefit of taking down an online game for a couple of hours.

Most of the time crime groups are running extortion campaigns, amplification campaigns, etc. For example, if a competitor can benefit from them being down you may be able to sell that. Eventually we will probably see the invention of crowd-funded randsomware, where everyone must submit one verification can of crypto to unlock the hacked game servers.

A satisfying theory for a lot of DDoS would be extortion or protection rackets. Pay up or we will DDoS you, or pay up or 'someone else' will DDoS you.

That's enough to explain it. But if you wanted to go more full shadowy conspiracy theory, someone arranged for a protection service that just so happens to work by giving some entity cleartext surveillance over much of the internet. Perhaps as a response to HTTPS everywhere being annoying.

I'm not suggesting that's the situation, but that it's the kind of possibility to keep in mind, intellectually, and it would be consistent with history.

What is even more interesting why attack Azure? It's not possible to extort anything from Microsoft, so what's the rationale?

competitors might want to drive users to move away if they think a platform is broken

Gamers, am I right?

Uh I used to get DDoSed by “booter” services whenever I would login to one of my Skype accounts. The script kiddie scene is that petty. In the private server scene one guy would DDoS competing servers that way everyone would funnel to his own.

Its just toxic behavior.

Depends on How much does it cost to hire it

I've always imagined somebody will get pissed-off at me one day for banning them for bad behavior, or because I said something wrong online.

Most of the time its just blackmail/extortion - pay us or we do the thing.

Extortion. You got a nice little game server there. Would be a shame if anything happened to it.

Why, OpenWRT firmware and packages are both signed, of course. You can manually and independently check the image signature before flashing an update.

The build infrastructure is, of course, a juicy target: infect the artifact after building but before signing, and pwn millions of boxes before this is detected.

This is why bit-perfect reproducible builds are so important. OpenWRT in particular have that: https://openwrt.org/docs/guide-developer/security#reproducib...

I don't follow.

> run an army of security people

Do you think these private companies do this? They don't. They pay as little as humanly possible to cover their ass.

Botnets comprised of compromised routers is common and commercial/consumer routers are a far juicer target than openwrt.

This is exactly why OpenWRT has no unattended updates by default )

The post is nothing more than "but what about security" meant to deflect away from the discussion at hand and towards OpenWRT

As always, hundreds watch the open repositories, maybe one watches a company's build servers, if they're lucky. :-)

Digital signing wouldn't defend you from a compromised build server.

I don't doubt there will have been sporadic examples of this, but what points to this "often" being the case? It seems like a tactic that wouldn't often pay off, since DDoS mitigation rarely involves relaxing security systems

Mistakes can be made during reconfigurations but you'd have to catch those while the issue is still live. Sounds like an advanced threat actor and not the run of the mill ransomware people (not that they're necessarily unsophisticated, but why'd they bother with these odds when there's low-hanging fruit to reliably exploit)

It was interesting to read that the record breaking attack caused no glitch whatsoever in the service MS provides. Which is so slow normally that I start to wonder if that is a strategy, having headroom for these kind of situations, no-one realizes slowdown when it is already slow. ;)

This is just a crazy thought, tangential to what are happening during an attack.

The "S" in IoT stands for "security".

> There's gotta be a better way.

Until then... There's gonna be a bigger wave.

fun fact, part of the reason this botnet exists is because europe required the ability to install security updates unattended that you cannot disable and they compromised one of the servers that had the capability to push these updates compromising hundreds of thousands of routers.

An regular user would associate 4k is premium / expensive and difficult to use without better phones/network/plans/signal strength etc so the idea would be to be signal it is 1M times with a somewhat challenging thing for them.

Non-tech savy users know how live streams crash with sports like with Netflix recently during boxing etc or on Twitter last year and usually those come with some n Million users in kind of headlines or the like, so they have some reference to that scale.

As analogies go, there are worse examples. BleepingComputer is hardly the New Yorker or Atlantic, best we can hope for these days is a human is writing the article I suppose.

Yeah. That falls in the same bin as number of Olympic swimming pools or distance to the moon.

The best, meaningful comparison I've read is from Bill Bryson in A Short History of Nearly Everything. In it, he notes that there are 1M seconds in 11 days but 1B seconds takes 32 years.

I've always disliked the "it's like X amount of [resolution] video!!" Are we talking a UHD 4K Bluray? or 4K Netflix? or 4K YouTube? Bitrate is all that matters.

Because every single nation would have to sign on to it allowing said agency to ignore sovereignty of each nation to come in and do their policing.

You'd also need to have every country not actively involved in these types of schemes yet we know some governments are directly benefiting from the scams/theft their citizens are perpetrating.

You'd also need to have every country think the things you want to police against are wrong. Again, we know that's just not true.

International DDoS busts and arrests do happen all the time.

Law enforcement takes time. The perpetrators of these attacks aren't hanging out in the open with their full names shielded only by the hope that their country won't extradite for political favor.

By the time the perpetrators are identified and a case is built, getting them charged isn't bottlenecked on the lack of an international agency. Any international law enforcement agency would be beholden to each country's own political wills and ideals, meaning any "teeth" they had would be no more effective than what we currenly have for extraditing people or cooperating with foreign police organizations.

The international organisation for stopping wars, human trafficking, money laundering, drug distribution etc. however capable they might be, haven't managed to stamp out any of those things.

I'd say a putative UN NetWatch would suffer from the same issues of funding and corruption and politics, but still we might have something better than this wild west lawlessness.

> international law enforcement agency

You mean Team America, World Police?

Besides the fact that not much happens in the international public sector, law enforcement is more about deterrence than prevention. Criminals aren't deterred by law enforcement, so the bad actors never stop. Human nature's a bitch.

If they did focus on prevention instead, most of this could be... prevented. Create a treaty that mandates how critical infrastructure technology is created/sold. Consumer routers will stop being shit at security, and home devices are slowed-down in upstream spamming. That's a good chunk of the denial-of-service market gone, with no need to police the world.

...but the criminals are smart and intentionally avoid attacking the powerful, so nobody cares. Same reason organized crime still exists. It's poor people caught up in gang violence and crime, not rich people, so it persists.

It's national interest of China and Russia to see the West to fail. Why would they co-operate? They are willing to murder people, West and their own, so "law" enforcement means a bit different in international context.

Since this is a distributed attack, I'm not really sure how that enforcement would look like? Am I missing something, are all these bots/zombies easily selectable and blockable?

Because countries benefit from conducting cyber warfare, the most publicised of are north Korea and Russia which have large state sponsored hacking groups.

If we were all running IPv6, we could just block this crap.

But here we are in 2025 still running IPv4 with CGNAT, so we can't.

the real reason why these are a problem in the first place is because of cgnat and transit providers not implementing flowspec.

but these bad actors are not possible to track down in the first place since internet is unfortunately decentralized and things as simple as transactions submitted to bitcoin or etherium blockchain can be used as c&c

Perhaps because, in many cases, the very governments responsible for enforcing it include the bad actors themselves.

Who is going to elect and oversee them? I don't want to be governed by China or Russia.

Who would they take orders from?

How would you even enforce this if the offending country doesn't agree?

many countries sponsor these attackers

do you really think for example America would allow say Chinese prosecutors to arrest Americans on American soil and take them abroad to sentence them in a court that America has no influence over and then throw them in a prison which America doesn’t control?

I'm sure you could come up with at least few ideas why it hasn't happened

Because it's not technicaly possible, I mean we're on HN, we all know how internet works.

What countries do you think these bad actors reside? Russia, China, Iran, and NK will wipe their ass with any law enforcement request.

Those exist but they might have a different idea of what makes an actor bad than you and I. Just look at what happened to Julian Assange.

Legal systems are so convoluted and so colossally heterogenous - also very protective of their ways - around the globe that miniscule collaborations require grandiose efforts to initiate and maintain. No chance these fast paced adversaries will be caught by the interplay of several dozens of reluctant dinosaur legal systems.

Tangential: once I was targeted by a pretty primitive scam. More than 10 years ago (after someone I love was naive and inexperienced, having a medium amount stolen in a sensitive and stressful time of this person's life). I recognised fast and having time and will I sarted to play along, pretending I bite the bait. Collecting info while acting. In parallel trying to connect local and international authorities to report an ongoing scam effort. I believe I tried 4 organizations in 3 different countries apparently involved, I believe one was dedicated to online scams, also trying to warn Western Union, they are about to be used for scam. I even went personally to a police station locally to get some advice on how to assist catching the criminals. Since all I encountered insisted to report my damages, so they could start an investigation on an actual loss happened, I furiously gave up and decided whenever I will be having financial trouble I will invest my efforts in scamming others. No-one cares catching those in act! So the thugs can be incredibly bold and dumb, like the one I encountered, it is no effort doing better.

America gonna allow someone else to regulate them?

I mean, America can’t do anything about scam phone calls aimed at seniors who forge caller ID of local hospitals.

nope, there's really no cost to it - they've been hitting with attacks double or even triple the size towards random minecraft hosts for months now.

You are assuming that DDoS is signal. It's not, it's the noise.

The idea of DDoS for hire is to bury your own tracks in as much network requests as possible, so that the other side is overwhelmed processing (or even storing) that dataset and won't find out what the real target was.

That's literally the strategy of APT28/29.

It's just a couple of local Aussie nerds beefing again. Simmo broke up with Jonno's sister via IM, so feelings were hurt.

we were getting hit with attacks like this daily at some point and were forced to use cloudflare magic transit it's pretty random and you shouldn't read too deep into it as nearly every anti-ddos solution, host and isp has been hit with this botnet by now.

Why wouldn't microsoft advertise this though? If they had the ability to take the attack and others might not, then it'll result in more customers for them.

it's an open secret at that point and the attacks are far larger than that are causing congestion world-wide from the time they wake up to the time they go to sleep.

Anthropic agent went a little haywire on the tool use

Yes.

Only way is to secure your IoT devices/routers/cameras/etc.

My Hue lights and vacuums would like a word!

Those redirects would crash Azure, i'm betting a grand

It's basically an ad.

Switched above. Thanks!

We really shouldn’t - this seems like perhaps one of the worst ideas one could propose in an era of rising authoritarian rule. Seems like a bad time to be putting silly restrictions on how folks route their traffic.

Making them illegal seems far-fetched, but at this point something like email blacklists but for web services is becoming inevitable.

At the moment, that's what Cloudflare is doing. They're just not obvious enough, leading to people on forums (and here) asking "why do I constantly need to fill out captchas to enter websites".

breaking the law by using wireguard to access my home network, hmm, great idea.

...and suddenly no one is allowed to VPN back through their home router.