2. Not all DDoS is created equal. I think the element of fear and helplessness upon facing the unknown play a huge role in this setup when methods of attack are not understood. I 100% believe that businesses should invest in their staff for DDoS mitigation before they invest in specific technology. Log monitoring, nginx setup feeding into decent scripting, kernel buffer modification and iptables rules should fend off 90% of most medium-size bots. The game is most likely won in the first 24-72 hours when the attacker pays enough money while renting the botnet and should ROI on that, or move on to another target.

http://resources.mcafee.com/content/NACriminologyReport2009

The statement that “Much of the data are gathered by ultra-secretive government agencies which need to justify their own existence and cyber-security companies which derive commercial benefits from popular anxiety” is not entirely correct. Short on facts? Look at what Project Grey Goose has done and does in OSINT gathering and analysis effort. It’s non-profit, it’s driven by volunteers and it gets better and clearer results on some of the topics. For those who want to read updated information should subscribe to Intelfusion.net FlashTraffic feed.

There’s media hysteria,and there are facts beyond the chewed-to-death-by-media topic of the US electrical grid penetration, or 1 million-a-day direct attacks on Pentagon which I think from the real, well funded and state-backed attacker perspective is kind of ridiculous anyways.

Yes, noone argues that cybercrime is largely driven by financial gain on the first place. However looking at Russian Federation state of the affairs for example I would not dismiss the ties between the RF underground criminal force and the government on top of the financial base.

The realtionship is bidirectional, too long to respond in the post, ranging from “hooking” hackers with the promise of not procecuting them after a breach if they cooperate ( read : work for FSB ), to involving patriotic feelings and propaganda as in case with Georgia CyberWar. “Nashi” is just the ideological driver behind technical skill, nothing more.

Yeah, noone cares for small fish from the state perspective – go hack international small businesses, steal money by cyber extortion via virus or malware, whatever. It does not affect the big picture as long as it works in the interest of the government.
But look at the level of cybercrime prosecution in RF with respect to international activities, it is next to null.
- Look at RBN. Who would have allowed a large rogue ISP to operate largely unsupervised knowing that most of the business is crimeware if no “kick-back” or on-demand services can be used by the other party.
- Look at what is hapenning in RF social networks. It’s literally a testbed for crimeware experiments which will eventually spill into Facebook and others, especially with RF moguls pouring 200 million dollars into development of common search engine between RF social networks and Facebook.
- Look at recent Facebook, Twitter, Google DDoS – what would you do as an attacker if you are given a cart blanche to develop and test attack concepts for future use by someone else without much recourse?
- Search for pay-per-use databases of collected information on individuals for personal dossier creation.

Cyber-armageddon – no. There is not going to be a frontal assault, who needs it if they can own everyone of us individually when the time comes.
I do believe state sponsored cyberwarfare exists and kicking but it is not how media portrays it.

Regarding the point # 2 raised in your post. I usually take care of that by using Patch Management Solution that pre-stage the patches internally (such as WSUS) on the Patch Tuesday, so the down-level streaming to the clients happen internally thus consuming no external bandwidth.

-Rick