> On 9 Dec 2015, at 17:44, Keith Mitchell <[email protected]> wrote: > > On 12/09/2015 07:37 AM, Pete Stevens wrote: >> Either way, it's a gentle push to suggest that if some accurate and >> helpful information could be released to the community / public, it >> might be helpful to do so sooner rather than later to counter >> misinformation that is already out in the public domain. > > Indeed, in the absence of detailed public statements, analyzable data > would be a good thing. What's baffling me about these attacks is the > motivation - it's very much the season for online shopping extortion > attacks, and what happened to the root last week suggests there's a lot > of DDoS generally going on right now, but its not clear what's to be > gained from taking out academic infrastructure. I hope it's not some > deadline-shy undergrad using a booter site to avoid their assessments > ("the DoS ate my homework"...), but sadly such things are not > inconceivable these days.
It seems very likely to me that in cases such as this there are sensitivities around the disclosure of any specifics around the attack, esp. when the attack may still be considered ongoing, mitigations are being deployed, or there is a non-negligible risk of the attack resuming. Being at a university, I know that university IT dept contacts have been kept in the loop with periodic updates, which is very welcome. So it may be that some details are published in due course, but I fully understand why that is not the case yet. The only problem then of course is, as Pete implies, the age old issue of nature abhorring a vacuum, and junk rumours / stories emerging and being published in various press outlets. It’s a tricky balance. Tim
