Slashdot Mirror
Massive Mirai Botnet Hides Its Control Servers On Tor (bleepingcomputer.com)
"Following a failed takedown attempt, changes made to the Mirai malware variant responsible for building one of today's biggest botnets of IoT devices will make it incredibly harder for authorities and security firms to shut it down," reports Bleeping Computer. An anonymous reader writes: Level3 and others" have been very close to taking down one of the biggest Mirai botnets around, the same one that attempted to knock the Internet offline in Liberia, and also hijacked 900,000 routers from German ISP Deutsche Telekom.The botnet narrowly escaped due to the fact that its maintainer, a hacker known as BestBuy, had implemented a domain-generation algorithm to generate random domain names where he hosted his servers.
Currently, to avoid further takedown attempts from similar security firms, BestBuy has started moving the botnet's command and control servers to Tor. "It's all good now. We don't need to pay thousands to ISPs and hosting. All we need is one strong server," the hacker said. "Try to shut down .onion 'domains' over Tor," he boasted, knowing that nobody can.
Currently, to avoid further takedown attempts from similar security firms, BestBuy has started moving the botnet's command and control servers to Tor. "It's all good now. We don't need to pay thousands to ISPs and hosting. All we need is one strong server," the hacker said. "Try to shut down .onion 'domains' over Tor," he boasted, knowing that nobody can.
This kind of thing should be punishable by death. No, I'm not kidding. Death, or 20 years with no chance of parole.
When one or two dickheads with a botnet can knock an entire country offline, there should be severe repercussions. That's terrorism by any definition.
And worse yet, these things will only get more powerful...how long until the US is seriously plagued by one or more of them fucking up the economy, crippling emergency services and police response, interfering with hospitals, and hampering commerce in general?
Most of you reading this would lose your jobs if the net was crippled for a month or two by one of these fucking botnets, and what happens when 5 or 10 of 50 players, some funded at the state level, all get involved?
Now the death penalty or 20 years hard time doesn't sound so outrageous, does it?
Just cruising through this digital world at 33 1/3 rpm...
So we ban routers? After all a big chunk of that botnet consisted of hacked DT routers, and those are "things" too. Instead of outlawing the IoT, we should refrain from casually using the term IoT. To some it means sensor networks, to some it means autonomous machine to machine interactions, to some it means connected smart home devices like toasters, light bulbs and IP cameras, but others would exclude the cameras from that list.
So when another bone-shatteringly ignorant reporter mentions "botnet of IoT devices", smack him around the head with a large trout until he mentions which devices were actually compromised. Types and brands of devices, devices running a certain kind of OS or firmware, or using a specific iOt platform / board / chip. And if you tell us that the IoT is a stupid idea, please enlighten us and let us know which "things" should be kept off the internet.
If construction was anything like programming, an incorrectly fitted lock would bring down the entire building...
It's time for consumer firewalls to be "block all by default" in all directions, not just WAN-to-LAN.
If you want to allow your thermostat to talk to a specific external host then punch a very narrow hole in the firewall to allow it.
Heck, I would go so far as to put everything on the LAN side in its own DMZ. If you want your PC to talk to your media player, punch a specific hole in the firewall.
This will require industry cooperation:
* Protocols will have to be developed so "punching holes in firewalls" becomes super-easy for the consumer
* ISPs will have to start telling customers "if bad things come out of your network, we WILL cut you off. If you use one of these new routers, it's much less likely that bad things will come out of your network."
Knowledge is how to play a game, intelligence is how to win, wisdom is knowing what game to play.
Force all their internet through a proxy that routes everything to goatse for the next 20 years to life.
I can almost hear them screaming:
"My eyes, they burn, kill me now, please kill me now."
Knowledge is how to play a game, intelligence is how to win, wisdom is knowing what game to play.
Not a problem. They don't stop people from breaking into your house, or committing crimes, so they just give a false sense of security.
"Transparent" is a shit show that trades on every stereotype going. A man in drag is NOT a transsexual.
Why not ban crappy routers? It gets p0wned, it gets fried. Spend more on a better one next time.
"Transparent" is a shit show that trades on every stereotype going. A man in drag is NOT a transsexual.
You didn't even read the blurb, did you? 900,000 routers. Should we ban routers now?
Absolutely yes. Any router that is easily p0wned should be banned. How could you be against that?
"Transparent" is a shit show that trades on every stereotype going. A man in drag is NOT a transsexual.
Result ? Among others the DMCA. Various individuals were sued into bankruptcy by the music industry, just to show people what the risks were (remember single mother Jammie Thomas ? See: https://en.wikipedia.org/wiki/...) . Some were driven to suicide (see https://en.wikipedia.org/wiki/... ).
What shouty nerds tend to forget is that (like it or not) they are part of a society that can (and does) sets certain limits on their behaviour. Which can be enforced. With or without their consent.
Tor routers can be a force for the good (avoiding censorship, protecting human rights activists, protecting investigative journalists) but they really _can_ be eradicated, given sufficient incentive.
Just outlaw the servers, force ISP's to scan all Internet traffic for TOR servers, log any connections and isolate / report them as soon as they're detected. Send a SWAT team to visit anyone who connects to a TOR server to seize their computers pending investigation. Set penalties sufficiently high to pay for all that and publicly sue a few tens of offenders into bankruptcy.
Should cow 99% of all TOR users, right? The 1% who aren't cowed are probably up to no good anyway.
A bit like China. Not pretty, and people won't like it, but it really can be enforced.
The detection and tracking part is already in place. Just consider the raft of deep-packet inspection routers that has been installed already (see https://en.wikipedia.org/wiki/... ).
I'm not saying I'd like to see something like that (I wouldn't). All I'm saying is that stupid and venal abusers like this a**hole botnet operator make it that much more likely that something like that will occur. Whether we realise it or not. To the detriment of us all.
The "Internet of Things" was a stupid idea, so why not just ban it once and for all?
Overall, I think the idea is sound, although the lighting example you gave is a silly consequence of marketing gone awry.
A good example of IoT would be if your household appliances worked in concert with the Electric Company so power generation could match expected usage and the consumer could operate their devices when power was cheapest.
Unfortunately, the implementation of these devices so far has been horribly botched. Anything network-facing should be build with security in mind first, and functionality to follow. That's not what happens. Marketing sells features, not bugs, so what gets implemented is the bare minimum functionality that was sold, and security be damned.
It's "pwned," you idiot! You sound like a damn fool when you say it wrong.
Beware of the Leopard.
Why not ban crappy routers?
Because banning stuff is idiotic public policy. If the market decides what consumers get, you end up with America. If the government decides, you end up with North Korea. Unless a product violates specific enumerated criteria like using lead paint, the government should stay out of it. If you let the government control router specs, you are going to have the NSA in your bedroom.
So, any site that handles email without a "postmaster" or which has a "do-not-reply" address should be booted off the Internet?
The network itself may have a pretty good track record of never totally falling over, but there is no guarantee at any given moment that there will be connectivity where you are, right now. Networks and entire countries can be cut off, and an emergency responder had best assume in a SHTF scenario that data service will be intermittent to completely unavailable. What happened to the radios in the cars? Those won't just stop working (unless it's an EMP attack, but what good is a network connection if all your gear is bricked?) and were the state of the art not that long ago. If they don't want to maintain a radio network in addition to the Internet-reliant communications, then they're going to have to pass out handhelds when it happens. If they aren't keeping any backup plan in place at all, they're complete idiots because this doesn't require buying more gear, it just means maintaining the gear they owned before. (Or someone higher up forced them to do so, for self-serving and/or malicious purposes.)
The internet being unavailable should not be a life-threatening emergency, except possibly to the degree that hospitals will be unable to access patient files who are there for treatment after whatever actually went wrong that day. Even that could be avoided if hospitals all had to mirror the host every so often, but any /. reader will know how incompetent healthcare IT has proven to be.
How is the Riemann zeta function like Trump rallies? Both have an endless number of trivial zeros.
We already have time-of-day electrical pricing to shift demand, without needing any IoT crap, and it works just fine.
"Transparent" is a shit show that trades on every stereotype going. A man in drag is NOT a transsexual.
And you look like a damn fool for not knowing the original spelling way back when. Bite me.
"Transparent" is a shit show that trades on every stereotype going. A man in drag is NOT a transsexual.
The various government levels do in fact decide what consumers get. Or would you rather not have standards for manufacturing and operating airplanes, cars, trains, drinking water systems, food safety, etc? That's 3rd world, not America.
Same thing with consumer protection laws, other laws, the courts, etc. Or would you rather your local 3rd-world warlord dictate the law according to their whim?
BTW - the FCC already dictates router specs.
"Transparent" is a shit show that trades on every stereotype going. A man in drag is NOT a transsexual.
You still need to remove the routers from the network, the sooner the better. It can take years for a lawsuit involving bad construction to work it's way through the courts.
"Transparent" is a shit show that trades on every stereotype going. A man in drag is NOT a transsexual.
Decades ago some cities had houses with 2 electric meters.
One fed the hot water heater (the kind with a tank) but the power company would turn off the electricity for, say, 15 minutes at a time on a "rolling" basis during peak usage. In exchange, the "hot water heater" electricity rate was lower than the regular rate.
Since hot water stays hot for a long time, you wouldn't notice it unless everyone in your house was taking a long shower at the same time the power was cut.
Oh, and since this was decades ago, it was in a time when the power grid was managed almost completely by "analog" devices, including "analog computers."
Knowledge is how to play a game, intelligence is how to win, wisdom is knowing what game to play.
One of my jobs in the past, was crisis potential utilization.
we didn't generate a crisis. But we noted where potential problems existed, then take actions 3 steps removed to influence other pieces to get closer. Say you find a mop closet storing petrol, ether etc. having people work there who are inclined to be lazy & not be thorough or safe is a good start. having it appear as a convenient spot to smoke is a good next step. Whatever happens next, the only real job is to clean up the situation, discredit all people close to the event, then institute sweeping changes, programs, new groups to deal w/ problems.
for the TL; DR; crowd, don't worry about it, everything is fine go back to your food trough & watch more cat videos.
for the rest of us, the title says it all. This will be the opening gambit in a new war. Not the watershed moment, but a very good one for historians to hang their hats on.
Why not ban crappy routers?
Because banning stuff is idiotic public policy. If the market decides what consumers get, you end up with America. If the government decides, you end up with North Korea. Unless a product violates specific enumerated criteria like using lead paint, the government should stay out of it. If you let the government control router specs, you are going to have the NSA in your bedroom.
I already have a Nightly Snoring Asshole in my bedroom...
Silence is a state of mime.
Trivial.
You don't really believe HTTPS is secure, do you?
“He’s not deformed, he’s just drunk!”
1) No botnet actually hijacked 900k CPEs of DT, at the moment there are rougly between 10k-40k zyxel ones across the world. The outages were caused by the increased 7547 scan traffic crashing routers of other vendors.
2) Zyxel SOAP RCE probes died down rapidly past 2 weeks. There is still some traffic (wget vizxv.pw/a if you're curious, note that you need actual wget user-agent), but the botnet is relatively small at this point.
3) As for general IoT botnets using telnet, running a simple cowrie honeypot will tell you that C&C method of current largest botnet is not Tor based, but bittorrent DHT based. The codebase appears to be unrelated to mirai, too.
All of the above can be fact checked using pretty simple tools - for TR-069 exploit simply listen with netcat, for telnet/ssh bruteforce use cowrie. Botnet size can be gauged accurately by sampling scan probes (mirai codebase sends 160 probes/s).
Think of all the US job that could be created in making CCTV, toasters, ovens, refrigerators, cars, outdoor and sports equipment that needs to connect to the a cloud, local subscription services or needs ongoing support fees.
Thats trendy new inner city "internet" jobs in the USA supporting US device and products.
Its not the fault of the small US start ups teams trying to get their products and rental services online.
To fix the IoT networks just get the vast majority of AV brands to test local networks and every device on it, modem and everything behind it.
If the device responds to admin, pass or password or some other weak junk US consumer grade crypto then the AV software should tell the user every scan.
The user can then alter the default password to something stronger or ask the brand for support or an upgrade.
AV brands could then keep lists of devices and good brands that are secure or that will always report back weak junk settings.
Domestic spying is now "Benign Information Gathering"
Time of day pricing shifts demand. The IoT portion is what allows us to shift use. I can't run home from the office at 3pm to start the clothes dryer because power suddenly gets cheap. But it could start itself based on current prices. Historically our use shifting was crude. Middle of the night was cheaper so just put stuff on a delay. But with the advent of renewables the curve is much more complicated.
It's "pwned," you idiot! You sound like a damn fool when you say it wrong.
Guess the GP didn't drink his Pwn Tang this morning.
This space unintentionally left blank.
Sorry. Should have been her, not his. Didn't catch the error in time.
This space unintentionally left blank.
"Any router that is easily p0wned should be banned."
This isn't necessarily known until the vulnerability is found, are routers to be banned on the basis of whether they have the latest firmware update? If you ban a router that doesn't have the latest firmware update then it's potentially much harder to then download the firmware update.
What would an ISP do, disconnect all of it's customers the moment a vulnerability is found in their routers? Doesn't seem like a good idea to me.
If the vulnerability is in a IOT-device then how does the user know when said device is banned, are they supposed to check a register of thousands of banned devices every day?
Waterfox - a Firefox fork with legacy extension support, security updates and better privacy by default.
* hurt the Tor network itself, which in the short term does more harm than good
The goalpost is moving. Assisting the destruction of the 'net is going to leave Tor more vulnerable than they have ever been. My money is on someone identifying BestBuy, he has accumulated too many enemies.
Mielipiteet omiani - Opinions personal, facts suspect.
Maybe the guy will turn some of those hacked devices into TOR nodes and actually do some good for the world.
The "internet of Things" was a stupid idea, so why not just ban it once and for all?
What makes you say that?
Or create a separate internet just for people who want such stupidity as turning on their lights without getting off the couch.
Oh right. Ignorance made you say that.
The world would be a better place either way.
False. Maybe look at what IoT actually is in the grand scheme of things instead of just assuming it's your internet connected kettle and shitty lights that change colour before you talk about banning something.
We already have time-of-day electrical pricing to shift demand, without needing any IoT crap, and it works just fine.
Er no. No it doesn't. It barely works. Fine is not a metric anyone in the energy providing industry would use right now.
That sounds more like isolating them rather than banning them (maybe you mean ban as in "banned from a discussion board" rather than "banned from sales"). That would be fine.
The other day I got a notification from the domain registrar that also hosts email for my domain: "Account X on your domain has been used to send loads of spam through our SMTP server, so we are suspending your access to that server until you resolve the problem". Bad news, but good that they actually monitor this server and notify owners of compromised accounts. Turns out one account was using a rather weak password; I changed it and was back in business. I would be ok with ISPs doing something similar, cutting off (or severely limiting outbound traffic of) known compromised subscribers.
What I would really like to see is a good, very restrictive but easy to configure firewall for home use.
If construction was anything like programming, an incorrectly fitted lock would bring down the entire building...
let us know which "things" should be kept off the internet.
To prevent Mirai, things with default passwords. Any (accessible) Linux device with a common user/password will be infected within minutes of being connected to the Internet.
Even worse. Anybody can make a fake
“He’s not deformed, he’s just drunk!”
Let's look at one example - remote managing of a tank farm. It's been proven that all you need to do to take the complex over is a device plugged into the local network. Since there's nobody around to see suspicious activity (and don't start with the whole IP TV cameras bs - even if you saw someone doing something, the response time would be a lot longer than someone on site, so inherently not a deterrent.) So, take control of one of the pumps, fill up a tanker, disconnect and drive off. All the remote location would see is that one pump is down, schedule a maintenance call.
It's the same with home monitoring systems. You know that if you break in you have a delay during which the owner is supposed to enter a code, and only then is an alert sent to the monitoring station, who then has to call the home to verify that it wasn't a false alarm before calling the police (municipalities got fed up with responding to false alarms, so big fines, disconnects, and refusals to respond to ANY call from the monitoring company ensured compliance). So you have a couple of minutes before the cops are notified. There are videos of people stealing the whole camera setup, including the dvr connected to the internet. Even a dog is a better deterrent, because the cops take time to get there once the local monitoring company calls them, and it's not a high-priority call because the cops know that the thieves will be gone by the time they get there, and no lives are in danger. In two minutes, they've got your big screen tv removed from the wall mount and they're gone, leaving behind a damaged door and wall. With a dog, you're more likely to still have your tv, your door and wall.
Nothing replaces a set of ears and eyeballs on the ground. Plus, a human can call the police directly, and the cops will respond quicker, not only because of the lack of time wasted by the monitoring company, but because there's a person potentially at risk.
Just ask the London police how ineffective their CCTV cameras and 2-way speakers are in stopping a crime in progress.
"Transparent" is a shit show that trades on every stereotype going. A man in drag is NOT a transsexual.
Well, maybe you don't have electrical meters that allow for it, and offer it as a customer option, like we do here. A reduced rate all summer and whenever the outside temperature is above -12C, and a (much) higher rate when the outside temperature goes below -12C. People shift doing their laundry (hot water, electric dryer) to take advantage of off-peak rates. After all, who wants to pay double or more when they can delay it until the daytime when it gets warm enough for the rate to go down?
By the same token, people lower the heat at night because it saves $$$ if you're on the dual-energy rate plan. Maybe you just need to get to where we were 2-3 decades ago.
"Transparent" is a shit show that trades on every stereotype going. A man in drag is NOT a transsexual.
If the product is known to have more holes than a slice of swiss cheese, why not an outright ban? Once manufacturers learn the hard way that customers are going to avoid their crappier products and demand refunds, they'll either get out of the business or fix the problems in future products. Either way, problem solved.
That's supposed to be how the invisible hand of the market is supposed to work.
"Transparent" is a shit show that trades on every stereotype going. A man in drag is NOT a transsexual.
You clapped your hands, which is why it was called "The Clapper." :-)
"Transparent" is a shit show that trades on every stereotype going. A man in drag is NOT a transsexual.
Even better? How about Pwn Tang provided in their own tea bags? The ultimate gamer geek victory drink. :D
(And yes, I am aware I am totally murdering the rules of sentence structure and punctuation this morning. But as we say in the Duchy of Don't Give a Shit though; at least when we are posting first thing in our waking day while still working on that first cup of coffee, "Frankly my dears, I don't give a shit.") ;)
This space unintentionally left blank.
Please get at least basic facts right in stories: It crashed these routers, but it did not get in, as the vulnerability exploited was not present. A DoS vulnerability remained unfortunately, and the port the service was running on was globally reachable. Bad, but not nearly as bad as being vulnerable to "hijacking".
Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
Indeed. Tor is not the problem here. Anybody running a bot-net can already implement command-insertion in such a way that a command can be sent to any member-note and then gets distributed. That is basically untraceable if cover-traffic is also added. It takes a tiny bit more effort in implementing this though.
Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
Simply requires the cooperation of all ISP's. Law enforcement and spies have fought tooth and nail to maintain their right to collect "meta data". Nothing is more meta than identifying which two parties are talking to each other.
No matter what kind of encryption used you can characterize streams by various types of signature. Second ISP's could be compelled to implement IP packet tracking at the protocol level to pad something like a serial number to every stream but strip it out before delivery. Finally one can also always introduce lag.
So to track who is talking to any server you characterize the stream. Then through a command and control server of their own introduce various inconspicuous amounts of lag at all ISP's for all the streams that match the characterization signature. Add in a binary search and you can track any connection back to it's source in under a minute. It also can also identify all proxies within it's borders and the order they are used according to the lag propagation. Even using a neighbors WIFI will not necessarily hide you.
Well, maybe you don't have electrical meters that allow for it, and offer it as a customer option, like we do here.
Oh no we most definitely do. Variable pricing, peak / off peak times, on / off peak circuits. We got all that. It is barely working. The change it has made on the broad industry has been minute at best because it is behavioural and ultimately still manual. People don't dedicate a lot of time for minimal savings and cry for regulation when the expenses become too high. A true smart grid can offer so much more which is primarily why it is industry driven as a solution to the very real problems they are facing.
That's the dumbest idea I've heard yet for a solution to this. You can't ban something from the internet on an application basis, (and yes, IoT is just another application as far as the internet is concerned) otherwise that sets a precedent for banning practically anything that governments or whoever doesn't like. The MPAA for example would be able to justify banning things like youtube and bittorrent.
The "internet of Things" was a stupid idea, so why not just ban it once and for all? Or create a separate internet just for people who want such stupidity as turning on their lights without getting off the couch. The world would be a better place either way.
are you trolling or serious as I'm not sure? Just because you don't see the appeal of something isn't a reason, it is an opinion, and doesn't help much anyway since if you need enough sec news you'd see smart things are a very small portion of that iot botnet numbers. Iirc webcams where one of the biggest in the latest analysis. The actual issue is many vendors have no incentive to secure their products. I don't mean they are not properly hardened I mean they don't do ANYTHING to even try to.
The vendors need ot be given incentive to want to invest time and money on it or fear it'll fuck with their bottom line. Secondly consumers need to be given incentive to both care as the issue does affect them, although they link in chain as ignorant enablers albeit not the direct cause and help them to put demand on vendors to meet that rather than make the customers liable instead of the companies which is doomed to fail too never mind unfair. Consumer pressure to meet a requirement etc works in other industries. Hard to know what to do as it is multiaspect issue and not straightforward but sort of good suggestion I read from commenter on Schneier's blog a while back would possibly work which was to notify owners and hold them legally liable for what the devices are used for if they repeatedly ignore or ignore after time period of first confirmed notification and force consumers to demand vendors of webcams, most provided by isp routers and other stuff to secure their stuff.
You'd need to do similar like open vendors to legal challenges ffrom consumers if they don't try to secure their product properly (or at all). Another issue is the isp's don't give a shit as they gain from the increased traffic thus they have been sitting on their hands in many cases and it has been pointed out more than once by industry people so you need to deal with that too. Same goes for governments who also don't necessarily want to find a "fix" for things than can be utilised by them should they ever wish to. Complex issue like I say, understand now? Alternately we could just ban every iot device like you suggest including routers although it means no more reading oversimplified comments from clueless people so there is some merits to that.
Elsewhere I mentioned other IoT product that are flawed, such as DVR video security systems with remote monitoring (thieves will be gone before the cops get there), remotely-administered fuel pumps (already hacked), and a few other things. IoT is fundamentally flawed.
"Transparent" is a shit show that trades on every stereotype going. A man in drag is NOT a transsexual.
Elsewhere I mentioned other IoT product that are flawed, such as DVR video security systems with remote monitoring (thieves will be gone before the cops get there), remotely-administered fuel pumps (already hacked), and a few other things. IoT is fundamentally flawed.
Don't get me wrong I totally agree they are flawed, and for all my sarcasm my own opinion is very similar but that doesn't mean there isn't value in it for others. I personally feel most of those things add more problems than they solve and are net connected for the wrong reason.Jjust connecting things to the net that don't need to be, and where the wireless is necessary and you need smart versions keep it on intranet would work for most the applications. However my feelings wont ever fix the issue, just like complaining about carbon emissions from planes doesn't do anything to stop people taking flights.
...." and I have a big "ohhhh" moment and then it makes sense. Some IoT may be a godsend for niche uses, people with a disability and so on and really be more than just because we can kind of things. Sure we can spot the flaws in "some" applications but there will be valid uses too. An of the none essential use people still have a choice and we can't dictate that. What does indeed need fixing is the actual issue though, sadly it will likely come to severe shtf time before sensible action is taken (note the sensible as I'm sure there will be bad "fixes" before the issue is resolved. UK government is rather fond of that approach).
Sometimes I've complained about shit being silly until someone has corrected me on "our business uses that silly functionality for
So your plan is to pay a homeless person minimum wage to sit and keep an eye on your TV. Sounds much more expensive than just having insurance and buying another TV. Maybe investigate training the dog to call the cops.
Never said that, so don't put words in my mouth. A dog on the premises is cheaper and better, and works for table scraps and dog food. Also, dogs can hear someone before you can, and can tell just by the sound of their walk if it's a friend or not - and growl accordingly as required.
Place I was working at, they had 2 German Shepherds that roamed the premises at night. A former employee broke in to rob the place, they let him get in, no problem. Then they made sure he didn't leave unto someone showed up.
IoT security systems wouldn't have been nearly as effective. The guy would have walked away instead of getting 2 black eyes - I mean slipped and hurt himself.
"Transparent" is a shit show that trades on every stereotype going. A man in drag is NOT a transsexual.
I think we can specify an enumerated criteria as not persistently sending out harmful/malicious traffic to the public internet. I don't care if YOUR network gets hacked, but when your network attacks my network, it's my problem. At that point, I think you can justify some intervention (not necessarily government, maybe ISP, but something). If a PBX (private telephone exchange) got hacked and started making hundreds of calls to 911, you can bet people would get on that rapidly, instead of the nonchalant attitude about routers being hacked.
I realize my definition might be too broad or vague for your comfort, but once an actual attack begins, the traffic pattern, profile, or signature will be apparent. Then go to the ISPs and say, "This is coming from your network. Stop it." Make the ISP own it. That includes making sure ISPs block traffic attempting to leave their network that claims to be from outside their network. Not sure if consequence is lawsuit by the victim of the attack, the government cutting off the ISP that doesn't make a good faith effort to shut it down, or something else. However, I'm pretty sure it would be better than what we have now.
Neither countries look like good options at this moment. Besides, you might want to consider the little grey area in between North Korea and the US?
That includes making sure ISPs block traffic attempting to leave their network that claims to be from outside their network.
How would that work? Most of the big ISPs are transit providers, they can't block that traffic at the border. I suppose they could block it at the home portion of the network, but that would cause them to have to process rules on massive amounts of traffic, making the routers 10x the price, over the entire network.
APK likes to ask for responses to the same things over and over. Maybe he just likes the responses?