As “P4x,” Alejandro Caceres single-handedly disrupted the internet of an entire country. Then he tried to show the US military how it can—and should—adopt his methods.
Vigilante hacker attacks foreign nation internet infrastructure on behalf of the U.S. without the U.S.'s consent and wants to encourage the U.S. to perform more similar cyber attacks, but witout the approval of the chain of command, without thinking of the repercussions on international relations.
I don't know, but this doesn't sond likea good idea.
I don’t see the point in attacking North Korea when Lazarus et al are well known to do their digital wetwork via diaspora, so DDoS’ing a nation is effectively carpet bombing citizenry for government actions when you should be taking a scapular approach to threat actor countermeasures.
Seems like this person has anger blinders permanently affixed to their head and is only concerned with vamping up their own “hacker cred” to put weight behind selling their basic ass web vulnerability scanner.
Yeah good point on the anger glasses. He sounds like an agressive type of dude. Says he worked for Blackwater? The mercenaries company known for their crimes against humanity in Iraq, if I'm not mistaken? What normal person would want to work there?
DDoS’ing a nation is effectively carpet bombing citizenry for government actions when you should be taking a scapular approach to threat actor countermeasures.
my understanding is that the only NK citizens that have access to the actual internet is microscopic and concentrated in information warfare / scams.
Are you laboring under the false impression that the average citizens of North Korea have, forget regular, but ANY access to the internet? Carpet bombing doesn't work if you're already a ghost.
It sounds like a Hollywood movie. "Hacker tattoos"? Single person took on an entire country? I dunno, something about this is off, like it's too juicy of a story for Wired to scrutinize it properly and there's really more (or less) to the story.
Yeah, especially since the NSA or FBI or CIA has never accepted the dude's methods. And he's the only one giving his own testimoy about all of this. It's weird.
Something tells me the last thing the world needs from a cybersecurity standpoint is a leaner, meaner Pentagon that can launch cyberattacks faster than they can assess the likely impact
In the article it states the average lead time for a Pentagon-organized cyberattack is six months.
The main point of the article is that this guy is basically trying to push the Pentagon to be more like him, a guy who took personal offense when a North Korean hacker tried to drive-by hack him then took the entire country offline without first considering whether or not they might retaliate against an actual lone wolf attacker, or whether this is a rational response as an individual to the existence of organized nation-state attackers.
Basically, he's lucky the Pentagon took an interest in him. The article points out that the officials he shared his attack with were well aware the main reason they couldn't do something similar is literally just bureaucracy. He's not offering anything new on a technical level, he just wants the Pentagon to shoot from the hip more often and worry less about the consequences of their actions.
TBH, probably everybody in the world would prefer the slower, less aggressive Pentagon we have now rather than one that goes around picking fights with every nation-state and group that pisses it off for like, any reason.
DPRK has a reputation for using assassination and kidnapping on foreign soil. It’s probably not as bad as taking on a Mexican drug cartel, organized crime, or Donald Trump, but it’s still something I’d probably want to keep on the DL.
Nowhere did I imply that the DPRK’s practices justify the attack - that’s left to individuals to think about for themselves. I was saying that their tendency to engage in covert ops against individuals outside of their own borders means that, if I were the hacker, I wouldn’t want my name publicly known. The same goes for the US - even more so. I would expect that someone who managed to disable significant parts of the US internet infrastructure not to then immediately publish their identity.