Totally unrelated to the article, but I've got to put my good word in for Linode. I've never had such good service from a hosting provider, and frankly for a (currently) tiny account.
I've been running http://wasitup.com on Linode the last months and I've been pleased with their stablity except for a 9 minute network outage earlier today (to their credit they were able to resolve it quickly while communicating the status to us end users). For my opinion on the performance characteristics you'd have to read my article on the matter: http://journal.uggedal.com/vps-performance-comparison
If you go by monthly cost per GB of memory or especially storage, Linode is one of the most expensive options out there (~$60/GB RAM, $1.25/GB storage).
One article I saw implicated a Rackspace server in the attacker's side of event. I presume that meant Slicehost.
If I was breaking into computers "off the clock", I'd probably look to just-a-CC# no-questions-asked hosting providers (probably overseas) as my staging ground. This is something new. Commodity virtualized VPS systems like Slicehost are an awfully convenient way to launder attacks.
It's only been in the last couple years that VM slices have been so quick and easy to buy.
Right, that's why cloud services like EC2 and Rackspace Cloud Servers are being used for stuff like spam. Spammer can just buy a temporary instance for a few cents then take it down. That's also why many "cloud IPs" are being added to some spam blacklists, unfortunately.
End of last year we had someone attacking a clients network using commodity server instances.
If you can figure out a cut-out way to pay for the server time then there isn't much anyone can do to track it without getting on the ground and forcing local police forces into at least trying to make some headway.
So in effect it is kinda the same as it used to be (overseas, no questions providers) but instead of the servers being the overseas bit it is just the payment (and I guess they rely on the fact intrusion is hard to detect, unlike say spam, coupled with the sheer number of people buying instances daily now).
(our stuff led to Eastern Europe so it is unrelated - but the principle is similar).
Except to pay for one of these, you still pay via credit card, paypal, etc. that links to real identifiable info. I was wondering why, if one of the attackers instances were discovered by google, they didn't just hand it over to the authorities and have them get a subpoena for the account info? or maybe they did
[+] [-] donw|16 years ago|reply
[+] [-] axod|16 years ago|reply
[+] [-] rms|16 years ago|reply
[+] [-] mleonhard|16 years ago|reply
[+] [-] uggedal|16 years ago|reply
[+] [-] idlewords|16 years ago|reply
They do have pretty graphs, though!
[+] [-] wheels|16 years ago|reply
[+] [-] staunch|16 years ago|reply
[+] [-] runevault|16 years ago|reply
[+] [-] romland|16 years ago|reply
[+] [-] tptacek|16 years ago|reply
If I was breaking into computers "off the clock", I'd probably look to just-a-CC# no-questions-asked hosting providers (probably overseas) as my staging ground. This is something new. Commodity virtualized VPS systems like Slicehost are an awfully convenient way to launder attacks.
It's only been in the last couple years that VM slices have been so quick and easy to buy.
[+] [-] cmelbye|16 years ago|reply
[+] [-] ErrantX|16 years ago|reply
If you can figure out a cut-out way to pay for the server time then there isn't much anyone can do to track it without getting on the ground and forcing local police forces into at least trying to make some headway.
So in effect it is kinda the same as it used to be (overseas, no questions providers) but instead of the servers being the overseas bit it is just the payment (and I guess they rely on the fact intrusion is hard to detect, unlike say spam, coupled with the sheer number of people buying instances daily now).
(our stuff led to Eastern Europe so it is unrelated - but the principle is similar).
[+] [-] mikeliu|16 years ago|reply
[+] [-] polera|16 years ago|reply