
Empty DDoS Threats: Meet the Armada Collective - shade23
https://blog.cloudflare.com/empty-ddos-threats-meet-the-armada-collective/
======
cft
Cloudflare publishes these marketing articles, spinning them as "helpful" for
the community. The biggest community help Cloudflare could provide is kicking
booters [1] from their network. They won't however, since it needs to protect
the booters for Cloudflare's business to prosper.

1\.
[http://whois.domaintools.com/booter.xyz](http://whois.domaintools.com/booter.xyz)

(Repeat this whois search for the top 10 booters found in Google)

~~~
buro9
I work for CloudFlare, just an engineer and not a lawyer, etc. This is my
opinion but I recognise I work here and am a dumb person from a legal
perspective.

One of the things that CloudFlare cares about is due process. That has been
blogged about too: [https://blog.cloudflare.com/fighting-back-
responsibly/](https://blog.cloudflare.com/fighting-back-responsibly/)

If CloudFlare were to subjectively decide to remove websites or DNS zones, due
process goes out of the window as we'd be able to just do whatever we pleased
to whomever.

We (collective HN readers, etc) cannot wish to restrict and prevent overreach
if we indulge in the very same action by subjectively removing/blocking
access. Either a company follows due process, or it does not.

Due process is extremely valuable to a society, relying on a transparent
system that has an appeals process should be important to everyone... the
legal system gives this, and it's value is so great to society in restricting
overreach, that as individuals and as the wider company we have embraced due
process, and rejected the things that would weaken it... our own actions.

If you wish to have booters or whomever else removed, please present our legal
team with a valid legal request.

~~~
cft
Indeed, it is the purpose of a court to follow due process, but not of a
private entity. From CloudFlare's business standpoint, your decision makers
should seriously weigh the reputation damage that this (perfectly legal)
"willful negligence" attitude provides: a marketing director of your
competitor pointed out that "CouldFlare is protecting most booters" in a phone
call with me.

~~~
DanielDent
Do I want to see booters online? Of course not.

But if CloudFlare were to shut them down without due process, that would
damage their credibility - to the point where I would feel uncomfortable doing
business with them.

I'm sure there's a group of people where CloudFlare's stance is damaging to
their reputation.

But there's also a group of people where any other stance would damage
CloudFlare's reputation.

Think also from the customer standpoint: people who need DDoS protection are
people who are having their site shutdown without due process (by criminals
who launch DoS attacks). When the company you hire to fix the problem becomes
part of the problem, it's not good - and they would be part of the problem if
they offered a 'send us an email and we shut down our users' denial of service
attack vector.

~~~
kbuck
Either way, CloudFlare is a part of the problem. They're either protecting
booter services (thus necessitating your use of DDoS protection in the first
place) or terminating the booter sites without "due process".

It's relevant to mention that CloudFlare already does terminate a class of
sites without "due process": malware hosts. What makes malware hosts that much
worse than booters? Answer: CloudFlare's IPs can get blacklisted for it.

~~~
stcredzero
Is it of comparable difficulty to reliably empirically establish 1) malware
hosting and 2) operating a booter site?

~~~
kbuck
I'd say yes: if you visit a purported malware URL and you are served malware,
then it is a malware site. If you visit a purported booter site URL and it
advertises booter services, then it is a booter. If the booter sites start
trying to hide their identity, fine, I can see not removing that without
proof. That will also severely injure the booter's signup rate, though.

------
Aelinsaar
It's always shocking to me, that people who can rise to a position where they
can make the call to pay a ransom, can be this incredibly
gullible/stupid/naive!

~~~
takeda
This is more complex. $4k is not really that much for a company to spend. If
you were wrong, well you lost someone's conference trip, if you were right you
saved company much more.

Anyway, I hate this CloudFlare articles, it's clever marketing. Essentially
they say that if you would use their service you could call bluff, and save
that $4k, while they also contribute to the problem by protecting all DDoS for
pay services.

~~~
Aelinsaar
If you're wrong, you're potentially spending $4K to mark yourself as an
especially likely target for someone who doesn't even have the resources to
attack you. It's not JUST risk mitigation, it's also about furthering this
ridiculous economy that's been springing up since the first XDCC bots were
born.

------
davepeck
My company received one of these threats last week. We took it seriously,
despite our suspicion it was an empty copycat threat.

------
gesman
Why redact bitcoin address that was used for threats?

Let crowd do analysis on address that belongs to criminal.

