From the main article, I2P has 55,000 computers, the botnet tried to add 700,000 infected routers to I2P to use it as a backup command-and-control system.
That's an interesting stress test for I2P. They should try to fix that, the protocol should be resilient to such an event. Even if there are 10x more bad nodes than good nodes (assuming they were noncompliant I2P actors based on that thread) the good nodes should still be able to find each other and continue working. To be fair spam will always be a thorny problem in completely decentralized protocols.
No. They should not try to survive such attacks. The best defense to a temporary attack is often to pull the plug. Better than than potentially expose users. When there are 10x as many bad nodes as good, the base protection of any anonymity network is likely compromised. Shut down, survive, and return once the attacker has moved on.
This is why Tor is centralized, so that they can take action like cutting out malicious nodes if needed. It’s decentralized in the sense that anyone can participate by default.
> Why does i2p (per the article) expect state sponsored attacks every February?
Because The Invisible Internet Project (I2P) allows government dissidents to communicate without the government oversight. Censorship-resistant, peer-to-peer communication
> Where are those forming from, what does the regularity achieve?
At least PR China, Iran, Oman, Qatar, and Kuwait. censor communication between dissidents.
> How come the operators of giant (I’m assuming illegal) botnets are available to voice their train of thought in discord?
How would you identify someone as 'operators of giant botnets' before they identified themselves as 'operators of giant botnets'?
That’s a great question… Currently we’re in the main Chinese holiday period with the Lunar New Year/Spring Festival/Chinese New Year, so perhaps people traveling back home from foreign lands might use the service more during this time?
Many state bodies involved in adversarial action have dedicated budgets for offensive cyber-warfare, credential thefts, supply chain compromises and disinformation. If they haven't used all of their budget by the end of the budget period, they'll be allocated a smaller budget for the next budget period.
I mean this is a common pattern in many large organizations, governmental and non, if you didn't use your budget it means we can save money, yayyyy! I hadn't really considered it would apply to state-backed hacking but makes sense.
The official router implementation is Java. i2pd is an alternative written in C++.
Once established communication can transparently be processed through a socks proxy, or integration with SAM or similar https://i2p.net/en/docs/api/samv3/
Discord has a lot of terrible servers. This is one of the reasons they were not trusted when they came out and wanted to do identity verification. They already have a lot of information yet fail to do meaningful enforcement at scale.
There's servers where they just hang out, but which themselves are legitimate. Cybersecurity related ones etc. You can ban them and they'll just switch to another account within a minute. Occasionally discord or a server owner does, but everyone knows its pointless. There's probably other servers that are mostly used by cybercriminals, maybe command-and-control backups, and security researchers may stumble upon these when taking some malware apart, join them, and end up getting in contact with the owner.
In general I don't think law enforcement wants discord to take these down or ban them. These guys would have no problem to just make some IRC servers or whatever to hang out on instead, which would be much harder to surveil for law enforcement - compared to discord just forwarding them everything said by those accounts and on those servers.
https://news.ycombinator.com/item?id=46976825
This, predictably, broke I2P.
Either way, it’s opportunity cost.
>they accidentally disrupted I2P while attempting to use the network as backup command-and-control infrastructure
So were they hostile or were they using it normally?
Why does i2p (per the article) expect state sponsored attacks every February? Where are those forming from, what does the regularity achieve?
How come the operators of giant (I’m assuming illegal) botnets are available to voice their train of thought in discord?
Because The Invisible Internet Project (I2P) allows government dissidents to communicate without the government oversight. Censorship-resistant, peer-to-peer communication
> Where are those forming from, what does the regularity achieve?
At least PR China, Iran, Oman, Qatar, and Kuwait. censor communication between dissidents.
> How come the operators of giant (I’m assuming illegal) botnets are available to voice their train of thought in discord?
How would you identify someone as 'operators of giant botnets' before they identified themselves as 'operators of giant botnets'?
please read https://en.wikipedia.org/wiki/I2P
Once established communication can transparently be processed through a socks proxy, or integration with SAM or similar https://i2p.net/en/docs/api/samv3/
It’s basically impossible. They have money, IPs, identities, anything you could possibly want to evade.
In general I don't think law enforcement wants discord to take these down or ban them. These guys would have no problem to just make some IRC servers or whatever to hang out on instead, which would be much harder to surveil for law enforcement - compared to discord just forwarding them everything said by those accounts and on those servers.