[at-fates-hands]

>> Seeing your account, and a number of dissident or activists being attacked from a block of IPs or similar password attempts, probably means the attack is state sponsored.

Used to work at a fairly large global corporation. One day I was chatting up one of the senior sys admins. He was talking about the incredible traffic that bombards their server everyday. I was pretty naive back then and said, "Cmon man, it can't be that much!"

He opened his terminal and ran a simple monitoring tool, then opened one another terminal. In one was the constant traffic to several of their applications that were from a specific block of IP addresses he thought he had traced back to China. The other window was a running queue of mistyped password attempts. It was like clockwork. They'd try three, get kicked out of the system, then in an instant, you'd see a flurry of new IP addresses from the same block, then some more attempts to guess the password. Kicked out, rinse, repeat.

In the span of five minutes, I must have seen two dozen failed attempts to try and do a dictionary password attack on their login page. He guessed it was some kind of a bot that was running the tests considering how mechanical and orderly the attacks were.

It really opened my eyes as to how often and how many businesses these governments go after for intellectual property.