Re: Debian Server Compromise -- A Fire Drill ??
On Fri, 05 Dec 2003 at 00:48 GMT, email@example.com penned:
> the question i keep arriving at is who benefits from the publicity
> surrounding this? there's got to be a reason why no calling card was
> left, i.e., the caller has a vested interest in not claiming credit,
> which would tend to suggest a contract job. as to the issue of whether
> the attacker had previous knowledge of the debian servers, only a fool
> wouldn't do everything to acquaint him/herself with the environment
> where they plan to engage in mischief.
Maybe someone just wanted to test their abilities against what should be
a fairly locked-down system?
> given the regular stream of ridiculous garbage coming from redmond
> about linux, while new holes are found in their os and apps on an
> almost weekly basis, this seems like the next stage in the campaign to
> buttress the losses they've been taking all the while linux has found
> favor. apart from the money issue, linux, and particularly debian,
> represents the absolute opposite to their culture. this distro, as a
> product of volunteerism on the part of people who have nothing to gain
> apart from their own satisfaction in making the thing work, represents
> a huge philosophical challenge to those who view the world in terms of
> how much they can extract from it.
I find this to be unlikely. I mean, look at the risk vs. reward.
Reward: they cause a very temporary disruption to some trusted sources
and cause some folks to maybe worry about how secure linux might be.
Risk: getting caught funding black hats against the competition.
This just doesn't sound like good business to me.