I've got a theory that DDOS services need to "demonstrate" their abilities to the black market, to prove that they're legitimate. Blender is an ideal target: high profile, with enough technical expertise to post and publish the details of the DDOS.
Its not that anyone "wanted" to hurt Blender per se. Its that the DDOS service / black hat group wants to publicly demonstrate themselves and advertise their services.
At least, that's my running theory why otherwise "innocent" projects (like Blender) get attacked like this. Anyone have any other theories why Blender could be targeted?
I haven't heard that Blender has made any real enemies. Neither is likely they'd be able to pay a lot of ransom (they're pretty well funded for a FOSS project, but not in the range that would make them the most attractive ransom target).
My then-company's site was
once threatened for the princely sum of one Bitcoin, back when they were $5,000. Blender has that much to pay in ransom, if they capitulated.
One hole in that theory is that Blender didn’t explicitly mention what DDoS-mitigation service they’re using, so no particular service is getting any advertising/exposure benefit from the attack.
> Sort of like Vader showing off the Death Star on Alderaan.
Grand Moff Tarkin showing off the Death Star to Vader (and everyone else).
But yes, I get your point, even if you misremembered the movie slightly :-). Episode 4 was very intriguing because Grand Moff Tarkin (and the Emperor) are the only two people in Episode4/5/6 that Vader listens to.
I know that there's plenty of Disney spinoffs at this point, but more spinoffs that analyze Grand Moff Tarkin would be a good thing.
While technically correct, I wish everyone would stop calling DDoS attacks "cyberattack". When I saw the headline I envisioned a supply-chain attack and was half-expecting that I'd need to reinstall my machine and rotate all credentials.
In 99% of cases, a DDoS is much less concerning than most other kinds of attacks.
Availability. The third portion of the cyber security triad. Confidentiality, integrity, availability.
If you cannot get to your stuff, or you stuff is harder to get to, then there has been a form of compromise in your service. Is it sexy like wannacry or technically advanced? No. But like most things IT, most of the time it is not.
As stated, technically correct. But availability of a relatively non-critical service being compromised is an entirely different story than integrity of their software being compromised. One is a no-op, the other is a potential all-hands-on-deck situation for anyone using the software.
The headline allows for both possibilities. See the example I posted in a sibling post: A headline of "terrorists strike railway station" would make most people imagine a bloodbath with dozens dead, while still being accurate if all that happened was that some ecoanarchists set a trash can on fire and forced an evacuation.
It's technically correct, as I acknowledge. But would a headline saying "terrorists strike railway station" make you think of a bloodbath with dozens dead, or some ecoanarchists setting a trash can on fire and forcing an evacuation?
Especially since the Blender website being down has very limited effects on users who already have the software, or are getting it from their operating system's distribution channel.
> Jha and White co-founded a company called ProTraf Solutions, which provided anti-DDoS services to Minecraft servers. Nothing wrong with that, of course. But in order to create new customers, the pair started targeting websites with DDoS attacks and then either tried to extort money to call off the attacks or offered services which they claimed could defend the sites.
Its not that anyone "wanted" to hurt Blender per se. Its that the DDOS service / black hat group wants to publicly demonstrate themselves and advertise their services.
At least, that's my running theory why otherwise "innocent" projects (like Blender) get attacked like this. Anyone have any other theories why Blender could be targeted?