Hacker News new | comments | show | ask | jobs | submit login

Um, no. The reason they DDoS financial institutions is so they have a chance to cash out the stolen goods immediately. Stolen financial data has an expiration date and the DDoS extends that just long enough for it to be useful.

DDoS'ing github because you trojaned a source tree calls attention to the fact that you did it. Only the dumbest of all hackers would do such a thing and that is almost certainly NOT what is happening here. When you trojan a source tree, it only becomes useful after your intended victim downloads and installs it, which can take months or even years.

If you DDOS GitHub as a whole, how does that call attention to the one project a bad guy has trojaned?

If the project has mostly "commercial" developers then chances are they work on it during the week. DDOS GitHub during the week and let off for the weekend. That gives a few days worth for your trojan to be downloaded by the unsuspecting. People will also have tired hearing about the "github news" so new news about trojaning will take a little longer to disperse.


That's completely unnecessary and potentially risky for the attacker. Your theory is not based in reality. DOES NOT MAKE SENSE.


But... what commercial projects can possibly be on GitHub that worth this trouble? Facebook's C++ compiler? ....

If there is such commercial product, it would have been self-hosted. Not GitHub.


Here are some random ones off the top of my head. I'm happy to accept that you can't think of any value of these to bad guys, but the bad guys are not limited by your or my imagination.

MongoDB and all the drivers https://github.com/mongodb

Mixpanel analytics libraries https://github.com/mixpanel

Sencha Javascript libraries https://github.com/senchalabs

Yahoo YUI and various other JS related gunk https://github.com/yahoo

Shopify ecommerce libraries https://github.com/Shopify

Engine Yard tools & utils https://github.com/engineyard


Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | DMCA | Apply to YC | Contact