Using encryption doesn't automatically protect you from other forms of evidence, such as IP logs.Īs the newscast mentioned, they didn't use proper OpSec (Operational Security), or they might not have been caught. The fact that the messages were encrypted doesn't matter, because apparently there was an obviously clear correlation between user names, IP addresses, and the timing of the attacks. The moral of the story is: do not use your DDoS targets as a C&C server unless you want to be caught. Now, if you see a message from one user sent to 1,000 users (or perhaps another user with 1,000 logged IP addresses), and within seconds those 1,000 IP addresses light up with some sort of DDoS attack (reflection, jumbo packets, whatever), you can be pretty certain who the culprit is. The most likely scenario is that ProtonMail was being used as the Command and Control Server, and the bots were configured to listen for messages from/to certain user names and execute whatever command was found within.
0 kommentar(er)
