| ▲ | A Botnet Accidentally Destroyed I2P(sambent.com) |
| 90 points by Cider9986 7 hours ago | 47 comments |
| |
|
| ▲ | gnabgib 6 hours ago | parent | next [-] |
| This seems to lack the full story, despite the headline.. Krebs' coverage is more in-depth (39 points) https://news.ycombinator.com/item?id=46976825 |
| |
| ▲ | walletdrainer 19 minutes ago | parent [-] | | It’s unfortunate that Krebs has switched to posting AI slop. His latest story is entirely fabricated and LLM generated, the phishing kit he advertises does not even actually exist. | | |
| ▲ | pests 5 minutes ago | parent [-] | | This is so odd. I tried to verify your claim and I give up. It might be but I really hate how information is becoming like this. There is other reporting out there on "Starkiller" (the phishing kit in kerbs most recent post) and I can find other articles on it, but sources seem to be circular. The source mentions Jinkusu forums, which do seem to be real, but any links I find aren't loading for me and still no conclusive findings of Starkiller. |
|
|
|
| ▲ | shevy-java 31 minutes ago | parent | prev | next [-] |
| > The I2P development team responded by shipping version 2.11.0 just six days after the attack began. Not wanting to be overly critical, but any net-infrastructure project kind of has to keep bot-attacks in mind and other attack vectors, in the initial design stage already. Any state-actor (and other actors, though I would assume it is often a state financing the bot network behind-the-scene) can become potentially hostile. |
|
| ▲ | jjmarr 6 hours ago | parent | prev | next [-] |
| From the main article, I2P has 55,000 computers, the botnet tried to add 700,000 infected routers to I2P to use it as a backup command-and-control system. https://news.ycombinator.com/item?id=46976825 This, predictably, broke I2P. |
| |
| ▲ | infogulch 5 hours ago | parent | next [-] | | That's an interesting stress test for I2P. They should try to fix that, the protocol should be resilient to such an event. Even if there are 10x more bad nodes than good nodes (assuming they were noncompliant I2P actors based on that thread) the good nodes should still be able to find each other and continue working. To be fair spam will always be a thorny problem in completely decentralized protocols. | | |
| ▲ | sandworm101 4 hours ago | parent | next [-] | | No. They should not try to survive such attacks. The best defense to a temporary attack is often to pull the plug. Better than than potentially expose users. When there are 10x as many bad nodes as good, the base protection of any anonymity network is likely compromised. Shut down, survive, and return once the attacker has moved on. | | |
| ▲ | conradev 2 hours ago | parent | next [-] | | This is why Tor is centralized, so that they can take action like cutting out malicious nodes if needed. It’s decentralized in the sense that anyone can participate by default. | |
| ▲ | martin-t 4 hours ago | parent | prev [-] | | Why would an attacker move on if it can maintain a successful DoS attack forever? | | |
| ▲ | xmcp123 4 hours ago | parent [-] | | Because botnets are mostly there to make money nowadays. Or owned by state actors. Either way, it’s opportunity cost. |
|
| |
| ▲ | 01HNNWZ0MV43FF 3 hours ago | parent | prev [-] | | Finding good nodes is a thorny problem for human friendship, too! |
| |
| ▲ | Dylan16807 24 minutes ago | parent | prev [-] | | I guess "predictably" is valid but what actually went wrong? After going through multiple sources I can't tell if the botnet nodes were breaking the protocol on purpose, breaking the protocol on accident, or correct implementations that nevertheless overwhelmed something. |
|
|
| ▲ | kace91 6 hours ago | parent | prev | next [-] |
| Man, I feel so out of depth with cybersecurity news. Why does i2p (per the article) expect state sponsored attacks every February? Where are those forming from, what does the regularity achieve? How come the operators of giant (I’m assuming illegal) botnets are available to voice their train of thought in discord? |
| |
| ▲ | WaitWaitWha 4 hours ago | parent | next [-] | | > Why does i2p (per the article) expect state sponsored attacks every February? Because The Invisible Internet Project (I2P) allows government dissidents to communicate without the government oversight. Censorship-resistant, peer-to-peer communication > Where are those forming from, what does the regularity achieve? At least PR China, Iran, Oman, Qatar, and Kuwait. censor communication between dissidents. > How come the operators of giant (I’m assuming illegal) botnets are available to voice their train of thought in discord? How would you identify someone as 'operators of giant botnets' before they identified themselves as 'operators of giant botnets'? please read https://en.wikipedia.org/wiki/I2P | | |
| ▲ | margalabargala 2 hours ago | parent | next [-] | | Sure, but why February and not the other 11 months? | | |
| ▲ | n2d4 39 minutes ago | parent [-] | | Likely it's just a coincidence — there were other Sybil attacks that are not in February too, so the chance that you'd get 3 in Feb isn't all that low. |
| |
| ▲ | Zambyte 3 hours ago | parent | prev [-] | | This answer is missing the key "regularity" part of their questions, which I would love to know more about. | | |
| ▲ | braingravy 3 hours ago | parent [-] | | That’s a great question… Currently we’re in the main Chinese holiday period with the Lunar New Year/Spring Festival/Chinese New Year, so perhaps people traveling back home from foreign lands might use the service more during this time? |
|
| |
| ▲ | OgsyedIE 5 hours ago | parent | prev [-] | | Many state bodies involved in adversarial action have dedicated budgets for offensive cyber-warfare, credential thefts, supply chain compromises and disinformation. If they haven't used all of their budget by the end of the budget period, they'll be allocated a smaller budget for the next budget period. | | |
| ▲ | rollulus 32 minutes ago | parent | next [-] | | Cool theory but that should result in other attacks that peak in February too, can you give examples? | |
| ▲ | kace91 5 hours ago | parent | prev [-] | | Oh ffs. Whenever I think my opinion on the state of the world can’t get any lower, things somehow manage to get dumber. | | |
| ▲ | bryanrasmussen 5 hours ago | parent [-] | | I mean this is a common pattern in many large organizations, governmental and non, if you didn't use your budget it means we can save money, yayyyy! I hadn't really considered it would apply to state-backed hacking but makes sense. |
|
|
|
|
| ▲ | charcircuit 2 hours ago | parent | prev | next [-] |
| >hostile nodes >they accidentally disrupted I2P while attempting to use the network as backup command-and-control infrastructure So were they hostile or were they using it normally? |
|
| ▲ | pmontra 2 hours ago | parent | prev | next [-] |
| This seems to be a better post about what happened, from the same site https://www.sambent.com/i2p-2-11-0-ships-post-quantum-crypto... |
| |
| ▲ | nneonneo 2 hours ago | parent | next [-] | | Those are some weird-ass visualizations. I can only assume they were AI-generated. | |
| ▲ | KennyBlanken an hour ago | parent | prev [-] | | I'll save everyone else a click: AI slop text coupled with the strangest, most pointless visualizations I've ever seen. |
|
|
| ▲ | rollulus 23 minutes ago | parent | prev | next [-] |
| This article (with high slop vibes) and another article on their site (linked in the comments) seem to suggest that post quantum encryption mitigated the Sybil attack, without explanation. I fail to understand how the two are even related. |
|
| ▲ | hoppp 3 hours ago | parent | prev | next [-] |
| Isn't I2P java? The botnet uses java? I thought python or C is preferred for that kinda stuff |
| |
| ▲ | rippeltippel an hour ago | parent | next [-] | | Communication between bots use network protocols, it doesn't matter in which language those protocols are implemented. | |
| ▲ | mhitza 3 hours ago | parent | prev | next [-] | | The official router implementation is Java. i2pd is an alternative written in C++. Once established communication can transparently be processed through a socks proxy, or integration with SAM or similar https://i2p.net/en/docs/api/samv3/ | |
| ▲ | monero-xmr 3 hours ago | parent | prev [-] | | Computers are so fast it doesn’t matter |
|
|
| ▲ | illusive4080 5 hours ago | parent | prev | next [-] |
| Why does Discord allow a server for a botnet owner? |
| |
| ▲ | samus an hour ago | parent | next [-] | | Why wouldn't they? There are Discord servers about anything you can imagine and also what you can't or don't want to image. As long as they don't start disrupting their infra Discord couldn't care less. Also, how would you even go about classifying them as botnet operators? | |
| ▲ | chmod775 4 hours ago | parent | prev | next [-] | | There's servers where they just hang out, but which themselves are legitimate. Cybersecurity related ones etc. You can ban them and they'll just switch to another account within a minute. Occasionally discord or a server owner does, but everyone knows its pointless. There's probably other servers that are mostly used by cybercriminals, maybe command-and-control backups, and security researchers may stumble upon these when taking some malware apart, join them, and end up getting in contact with the owner. In general I don't think law enforcement wants discord to take these down or ban them. These guys would have no problem to just make some IRC servers or whatever to hang out on instead, which would be much harder to surveil for law enforcement - compared to discord just forwarding them everything said by those accounts and on those servers. | |
| ▲ | xmcp123 3 hours ago | parent | prev | next [-] | | Ever tried to ban a botnet owner from a service they want to use? It’s basically impossible. They have money, IPs, identities, anything you could possibly want to evade. | | |
| ▲ | bee_rider 2 hours ago | parent | next [-] | | It would be pretty funny if the age verification stuff blocked some of these folks. | | |
| ▲ | Aurornis an hour ago | parent [-] | | Discord age verification is only for content filters, adult-themed servers, and a few other features. They aren’t requiring age verification for everyone to join servers and chat. The headlines and panic really got away from the actual story. |
| |
| ▲ | Cider9986 3 hours ago | parent | prev | next [-] | | They are rich in regard to the tools needed to abuse services haha. | |
| ▲ | charcircuit 2 hours ago | parent | prev [-] | | If you just look at the messages in those kinds of discords. It's blatant. They aren't even trying to hide it. |
| |
| ▲ | ddtaylor 5 hours ago | parent | prev | next [-] | | Discord has a lot of terrible servers. This is one of the reasons they were not trusted when they came out and wanted to do identity verification. They already have a lot of information yet fail to do meaningful enforcement at scale. | | |
| ▲ | Aurornis an hour ago | parent [-] | | Only a couple years ago the outrage was that Discord was too eagerly banning servers and users. I know several people whose Discord accounts were banned because they participated in a server that later had some talk of illegal activities in one of the channels. There are similar stories all over Reddit. |
| |
| ▲ | bawolff 3 hours ago | parent | prev | next [-] | | I imagine because banning these things is both whack-a-mole and like finding a needle in a hay stack. | |
| ▲ | fragmede 5 hours ago | parent | prev | next [-] | | botnet owners don't typically come forwards and say they are trying to run a botnet, so there may be some difficulty in detecting them there. | |
| ▲ | fragmede 5 hours ago | parent | prev [-] | | botnet owners dying typically come forwards and say they are trying to run a botnet, so there may be some difficulty there. |
|
|
| ▲ | Cider9986 3 hours ago | parent | prev | next [-] |
| The video seems to be a bit more in-depth. |
|
| ▲ | richardfey 4 hours ago | parent | prev | next [-] |
| I wonder how cjdns would have handled this |
|
| ▲ | cookiengineer 2 hours ago | parent | prev [-] |
| This was one of the worst writeups I ever read. Even a LinkedIn Premium post would have had more technical details, lol |
