_______ __ _______
| | |.---.-..----.| |--..-----..----. | | |.-----..--.--.--..-----.
| || _ || __|| < | -__|| _| | || -__|| | | ||__ --|
|___|___||___._||____||__|__||_____||__| |__|____||_____||________||_____|
on Gopher (inofficial)
HTML Visit Hacker News on the Web
COMMENT PAGE FOR:
HTML A Botnet Accidentally Destroyed I2P
Roark66 wrote 12 hours 35 min ago:
Is there a shittier summary anywhere, please? Or did the author reached
the peak of enshittification?
Honestly, did the bot implementation have bugs or was it a proper
implementation that crashed the network due to sheer numbers?
Also, how does changing the encryption standard affect anything if the
bots tried to integrate correctly with the network?
Is the problem "fixed" or is it not? Elsewhere I found large number if
botnet devs got pissed off with this botnet operator and 600k nodes
went offline. Might this have much more to do with the situation
getting better than simply changing encryption?
Also, was there any suggestion a quantum breaking attack was attempted?
No. So why put the emphasis on "post quantum" in this article?
Bad. Very bad.
nigger238 wrote 10 hours 51 min ago:
Sam Bent has turned full influencer
rollulus wrote 14 hours 7 min ago:
This article (with high slop vibes) and another article on their site
(linked in the comments) seem to suggest that post quantum encryption
mitigated the Sybil attack, without explanation. I fail to understand
how the two are even related.
shevy-java wrote 14 hours 15 min ago:
> The I2P development team responded by shipping version 2.11.0 just
six days after the attack began.
Not wanting to be overly critical, but any net-infrastructure project
kind of has to keep bot-attacks in mind and other attack vectors, in
the initial design stage already. Any state-actor (and other actors,
though I would assume it is often a state financing the bot network
behind-the-scene) can become potentially hostile.
charcircuit wrote 15 hours 34 min ago:
>hostile nodes
>they accidentally disrupted I2P while attempting to use the network as
backup command-and-control infrastructure
So were they hostile or were they using it normally?
pmontra wrote 15 hours 39 min ago:
This seems to be a better post about what happened, from the same site
HTML [1]: https://www.sambent.com/i2p-2-11-0-ships-post-quantum-crypto-a...
KennyBlanken wrote 15 hours 10 min ago:
I'll save everyone else a click: AI slop text coupled with the
strangest, most pointless visualizations I've ever seen.
SV_BubbleTime wrote 13 hours 23 min ago:
Speak for yourself!
I didnât really understand the link between Alice and Bob until I
saw a green floaty dot go through a pile of spaghetti with the word
compromise beneath it.
nneonneo wrote 15 hours 17 min ago:
Those are some weird-ass visualizations. I can only assume they were
AI-generated.
cookiengineer wrote 16 hours 13 min ago:
This was one of the worst writeups I ever read. Even a LinkedIn Premium
post would have had more technical details, lol
Cider9986 wrote 16 hours 34 min ago:
The video seems to be a bit more in-depth.
fuzzfactor wrote 7 hours 52 min ago:
A bit of a tangent, but if I had a beard like that I would be making
a lot more videos :)
hoppp wrote 17 hours 11 min ago:
Isn't I2P java? The botnet uses java? I thought python or C is
preferred for that kinda stuff
rippeltippel wrote 15 hours 2 min ago:
Communication between bots use network protocols, it doesn't matter
in which language those protocols are implemented.
monero-xmr wrote 16 hours 29 min ago:
Computers are so fast it doesnât matter
fuzzfactor wrote 7 hours 55 min ago:
Not my downvote, but which computers would that be?
More people than just myself might want one.
flipped wrote 12 hours 13 min ago:
"Since the abstraction layers have quadrupled, let's not just care
about the actual performance anymore!"
mhitza wrote 16 hours 46 min ago:
The official router implementation is Java. i2pd is an alternative
written in C++.
Once established communication can transparently be processed through
a socks proxy, or integration with SAM or similar
HTML [1]: https://i2p.net/en/docs/api/samv3/
richardfey wrote 17 hours 30 min ago:
I wonder how cjdns would have handled this
illusive4080 wrote 18 hours 50 min ago:
Why does Discord allow a server for a botnet owner?
Ekaros wrote 11 hours 23 min ago:
A MAU is a MAU... They likely use relatively little computing
capability while making numbers look really good...
samus wrote 15 hours 1 min ago:
Why wouldn't they? There are Discord servers about anything you can
imagine and also what you can't or don't want to image. As long as
they don't start disrupting their infra Discord couldn't care less.
Also, how would you even go about classifying them as botnet
operators?
bawolff wrote 17 hours 4 min ago:
I imagine because banning these things is both whack-a-mole and like
finding a needle in a hay stack.
xmcp123 wrote 17 hours 14 min ago:
Ever tried to ban a botnet owner from a service they want to use?
Itâs basically impossible. They have money, IPs, identities,
anything you could possibly want to evade.
bee_rider wrote 15 hours 35 min ago:
It would be pretty funny if the age verification stuff blocked some
of these folks.
Aurornis wrote 14 hours 51 min ago:
Discord age verification is only for content filters,
adult-themed servers, and a few other features.
They arenât requiring age verification for everyone to join
servers and chat. The headlines and panic really got away from
the actual story.
charcircuit wrote 15 hours 36 min ago:
If you just look at the messages in those kinds of discords. It's
blatant. They aren't even trying to hide it.
Cider9986 wrote 16 hours 35 min ago:
They are rich in regard to the tools needed to abuse services haha.
chmod775 wrote 18 hours 6 min ago:
There's servers where they just hang out, but which themselves are
legitimate. Cybersecurity related ones etc. You can ban them and
they'll just switch to another account within a minute. Occasionally
discord or a server owner does, but everyone knows its pointless.
There's probably other servers that are mostly used by
cybercriminals, maybe command-and-control backups, and security
researchers may stumble upon these when taking some malware apart,
join them, and end up getting in contact with the owner.
In general I don't think law enforcement wants discord to take these
down or ban them. These guys would have no problem to just make some
IRC servers or whatever to hang out on instead, which would be much
harder to surveil for law enforcement - compared to discord just
forwarding them everything said by those accounts and on those
servers.
ddtaylor wrote 18 hours 30 min ago:
Discord has a lot of terrible servers. This is one of the reasons
they were not trusted when they came out and wanted to do identity
verification. They already have a lot of information yet fail to do
meaningful enforcement at scale.
Aurornis wrote 14 hours 48 min ago:
Only a couple years ago the outrage was that Discord was too
eagerly banning servers and users.
I know several people whose Discord accounts were banned because
they participated in a server that later had some talk of illegal
activities in one of the channels. There are similar stories all
over Reddit.
nigger238 wrote 10 hours 53 min ago:
Two things can be true at once. They can ban normal things too
much and ban bad things too little.
zamadatix wrote 11 hours 24 min ago:
If a Walmart has ~100 people in it and wants to get rid of 4
shoplifters but really sucks at selecting them well then the
likely result is 4 normal people are very upset while all of the
shoplifters are still there.
In the same scenario, even if Walmart is right about who they
ejected 75% of the time then they still have ~1 shoplifter
remaining and ~1 very upset person.
Even in an ideal world where Walmart is right about ejection 100%
of the time it doesn't mean they start receiving 0 new
shoplifters either, it just means the number of people wrongly
made upset is 0.
Discord's problem (on both ends) lies in lack of depth in
investigating bans. It takes resources to review when someone
shouldn't be banned and it takes resources to make sure you ban
everybody. Putting too low of resources into banning just means
that both sides of the scale manage to get tipped in the wring
direction at the same time.
fragmede wrote 18 hours 39 min ago:
botnet owners don't typically come forwards and say they are trying
to run a botnet, so there may be some difficulty in detecting them
there.
fragmede wrote 18 hours 40 min ago:
botnet owners dying typically come forwards and say they are trying
to run a botnet, so there may be some difficulty there.
jjmarr wrote 19 hours 16 min ago:
From the main article, I2P has 55,000 computers, the botnet tried to
add 700,000 infected routers to I2P to use it as a backup
command-and-control system. [1] This, predictably, broke I2P.
HTML [1]: https://news.ycombinator.com/item?id=46976825
Dylan16807 wrote 14 hours 8 min ago:
I guess "predictably" is valid but what actually went wrong? After
going through multiple sources I can't tell if the botnet nodes were
breaking the protocol on purpose, breaking the protocol on accident,
or correct implementations that nevertheless overwhelmed something.
infogulch wrote 18 hours 25 min ago:
That's an interesting stress test for I2P. They should try to fix
that, the protocol should be resilient to such an event. Even if
there are 10x more bad nodes than good nodes (assuming they were
noncompliant I2P actors based on that thread) the good nodes should
still be able to find each other and continue working. To be fair
spam will always be a thorny problem in completely decentralized
protocols.
embedding-shape wrote 11 hours 30 min ago:
> Even if there are 10x more bad nodes than good nodes [...] the
good nodes should still be able to find each other
What network, distributed or decentralized, can survive such an
event? Most of the protocols break down once you hit some N%
threshold of the network being bad nodes, asking it to survive
1000%+ bad nodes when others usually is something like "When at
least half the nodes are good". Are there existing
decentralized/distributed protocols that would survive a 1000%
attack of bad nodes?
01HNNWZ0MV43FF wrote 16 hours 21 min ago:
Finding good nodes is a thorny problem for human friendship, too!
seertaak wrote 11 hours 26 min ago:
Funny and excellent comment!
kkfx wrote 13 hours 28 min ago:
That's why the Web of Trust, or classic GNUPG key signing parties
are a forgotten/ignored must have. Anyone can change and go rouge
of course, but it's statistically less likely.
kbrkbr wrote 11 hours 34 min ago:
If I understand gp correctly, the web of trust comes after
finding these human nodes, and will not help you in the
process.
kkfx wrote 11 hours 6 min ago:
It doesn't work for I2P due to its design, but for things
like Nostr, it works well. Essentially, the goal is to build
up a list of "known" reliable relays over time, while
simultaneously blacklisting anyone who joins and proves to be
unreliable relying on the statistic that collaborative
individuals outnumber hostile ones in any sufficiently large
cohort.
Of course, it's far from being 100% effective, but it
mitigates the issue significantly.
nigger238 wrote 10 hours 57 min ago:
Hostile entities generally have a lot of money they can use
to perform a Sybil attack.
kkfx wrote 10 hours 4 min ago:
Sure, but can't break the trusted part of the network who
can remain operational in that case, even if not really
anonymous anymore.
sandworm101 wrote 17 hours 56 min ago:
No. They should not try to survive such attacks. The best defense
to a temporary attack is often to pull the plug. Better than than
potentially expose users. When there are 10x as many bad nodes as
good, the base protection of any anonymity network is likely
compromised. Shut down, survive, and return once the attacker has
moved on.
conradev wrote 15 hours 16 min ago:
This is why Tor is centralized, so that they can take action like
cutting out malicious nodes if needed. Itâs decentralized in
the sense that anyone can participate by default.
notpushkin wrote 13 hours 33 min ago:
> so that they can take action like cutting out malicious nodes
if needed
How does that work?
cyphar wrote 12 hours 58 min ago:
While anyone can run a Tor node and register it as available,
the tags that Tor relays get assigned and the list of relays
is controlled by 9 consensus servers[1] that are run by
different members the Tor project (in different countries).
They can thus easily block nodes.
[1]
HTML [1]: https://consensus-health.torproject.org/
flipped wrote 12 hours 24 min ago:
It's 10, not 9. And there are severe problems with having a
total of 10 DA be the essential source of truth for whole
network. It would be trivial to DDoS the DAs and bring down
the Tor network or at the very least, disrupt it: [1] .
It's the only complaint I have of the current state of Tor.
Anyone should be able to run directory authority,
regardless if you trust the operator or not (same as normal
relays).
HTML [1]: https://arxiv.org/abs/2509.10755
nigger238 wrote 10 hours 56 min ago:
Anyone can. The DA code is open source and is used
whenever you run a testnet. You can also run a DA on the
mainnet - how do you think the 10 primary DAs exist?
They're not 10 computers owned by a single organization -
they're 10 mutually trusting individuals. However, most
of the network won't trust you.
martin-t wrote 17 hours 26 min ago:
Why would an attacker move on if it can maintain a successful DoS
attack forever?
flipped wrote 12 hours 20 min ago:
The mentioned botnet didn't intentionally take down I2P. It's
run by bunch of kids who don't know what they're doing.
xmcp123 wrote 17 hours 17 min ago:
Because botnets are mostly there to make money nowadays. Or
owned by state actors.
Either way, itâs opportunity cost.
kace91 wrote 19 hours 19 min ago:
Man, I feel so out of depth with cybersecurity news.
Why does i2p (per the article) expect state sponsored attacks every
February? Where are those forming from, what does the regularity
achieve?
How come the operators of giant (Iâm assuming illegal) botnets are
available to voice their train of thought in discord?
WaitWaitWha wrote 17 hours 37 min ago:
> Why does i2p (per the article) expect state sponsored attacks
every February?
Because The Invisible Internet Project (I2P) allows government
dissidents to communicate without the government oversight.
Censorship-resistant, peer-to-peer communication
> Where are those forming from, what does the regularity achieve?
At least PR China, Iran, Oman, Qatar, and Kuwait. censor
communication between dissidents.
> How come the operators of giant (Iâm assuming illegal) botnets
are available to voice their train of thought in discord?
How would you identify someone as 'operators of giant botnets' before
they identified themselves as 'operators of giant botnets'?
please read
HTML [1]: https://en.wikipedia.org/wiki/I2P
margalabargala wrote 16 hours 12 min ago:
Sure, but why February and not the other 11 months?
n2d4 wrote 14 hours 23 min ago:
Likely it's just a coincidence â there were other Sybil attacks
that are not in February too, so the chance that you'd get 3 in
Feb isn't all that low.
Zambyte wrote 17 hours 14 min ago:
This answer is missing the key "regularity" part of their
questions, which I would love to know more about.
braingravy wrote 16 hours 26 min ago:
Thatâs a great question⦠Currently weâre in the main
Chinese holiday period with the Lunar New Year/Spring
Festival/Chinese New Year, so perhaps people traveling back home
from foreign lands might use the service more during this time?
OgsyedIE wrote 19 hours 3 min ago:
Many state bodies involved in adversarial action have dedicated
budgets for offensive cyber-warfare, credential thefts, supply chain
compromises and disinformation. If they haven't used all of their
budget by the end of the budget period, they'll be allocated a
smaller budget for the next budget period.
rollulus wrote 14 hours 16 min ago:
Cool theory but that should result in other attacks that peak in
February too, can you give examples?
kace91 wrote 18 hours 46 min ago:
Oh ffs. Whenever I think my opinion on the state of the world
canât get any lower, things somehow manage to get dumber.
flipped wrote 12 hours 18 min ago:
State sponsored cyber attacks are news to you? It's been a thing
since more than 2 decades now.
kace91 wrote 9 hours 41 min ago:
Not the attacks themselves, I would expect that kind or
sabotage that actively provokes negative outcomes in peopleâs
lives to have a more respectful/competent reasoning behind than
âmeh thereâs a few leftovers and we had to do somethingâ
nigger238 wrote 10 hours 54 min ago:
doing a cyber attack to use up your budget is news
bryanrasmussen wrote 18 hours 25 min ago:
I mean this is a common pattern in many large organizations,
governmental and non, if you didn't use your budget it means we
can save money, yayyyy! I hadn't really considered it would apply
to state-backed hacking but makes sense.
gnabgib wrote 19 hours 45 min ago:
This seems to lack the full story, despite the headline.. Krebs'
coverage is more in-depth (39 points)
HTML [1]: https://news.ycombinator.com/item?id=46976825
DIR <- back to front page