undefined | Better HN

0 pointsviraptor5y ago0 comments

Are you really saying that feds DDoS hosting providers and actively hack control panels for lateral access? More than once? Have you got any documented cases of this happening? Because it really sounds... Unlikely.

0 comments

6 comments · 3 top-level

matheusmoreira5y ago· 2 in thread

Why not? They're not above sending literal malware to people's computers in order to compromise them:

https://en.wikipedia.org/wiki/Network_Investigative_Techniqu...

https://www.eff.org/pages/playpen-cases-frequently-asked-que...

A DoS attack is nothing to these people. The only difference between them and cybercriminals is the fact the law legitimizes their work.

viraptorOP5y ago

That's not a documented case of DDoSing a company to get location.

matheusmoreira5y ago

They're examples of a US federal agency using malware to compromise the computer systems of suspects and collect evidence to use against them. If they're willing to exploit vulnerabilities in order to break into computers, surely they won't balk at denial of service attacks. They even let the suspect go free in order to avoid revealing the vulnerability they exploited.

kevingadd5y ago· 1 in thread

Hitting a hosting provider (indirectly) with a ddos for a few minutes doesn't sound that difficult to do, and could easily pass as a routing glitch or something like that. If it's the only way to track down the server it seems reasonable that it would get a rubber stamp approval. After all, who's going to be able to prove the feds did it?

viraptorOP5y ago

You too have the capability to do it - should we some it's you? I din't disagree it's viable. Just that the parent said "when feds do it", that's a big leap from "it's possible". How do you know feds do it?

mschuster915y ago

> and actively hack control panels for lateral access

I would definitely see this under the umbrella of various secret agencies, especially those with an "offensive" position in cyber-warfare.

You won't ever see any of this documented due to the "parallel construction" method. And for what it's worth, almost all of the Wikipedia content on that one (https://en.wikipedia.org/wiki/Parallel_construction) deals with DEA usage of this.

Besides, the general way of "hacking services to distribute malware" has already been done, most famously in 2013 when the feds burned a Firefox 0-day to unmask a child porn ring: https://krebsonsecurity.com/2013/08/firefox-zero-day-used-in...

j / k navigate · click thread line to collapse

0 comments

6 comments · 3 top-level

matheusmoreira5y ago· 2 in thread

Why not? They're not above sending literal malware to people's computers in order to compromise them:

https://en.wikipedia.org/wiki/Network_Investigative_Techniqu...

https://www.eff.org/pages/playpen-cases-frequently-asked-que...

A DoS attack is nothing to these people. The only difference between them and cybercriminals is the fact the law legitimizes their work.

viraptorOP5y ago

That's not a documented case of DDoSing a company to get location.

matheusmoreira5y ago

kevingadd5y ago· 1 in thread

viraptorOP5y ago

mschuster915y ago

> and actively hack control panels for lateral access

I would definitely see this under the umbrella of various secret agencies, especially those with an "offensive" position in cyber-warfare.

j / k navigate · click thread line to collapse