-
I'm no longer at Cloudflare, and the DDoS engineers there have shared a few things... but the software we made is running as it should and it's all ticking along nicely with no issue. Bear in mind it all coped perfectly whilst other wars were on, and whilst the Hong Kong protests happened, etc. So the DDoS engineers protecting large swathes of the internet are merely reporting a bigger number on their screen of "concurrent active attacks" and still nothing gets through.
But... the private and encrypted non-work IRC networks... those are busier 😁 Also a lot of fun.
From direct experience and knowledge of some individuals working on state things... this is very very true.
A lot of state sponsored activity is outsourced to third parties to create a plausible air gap between the activity and the state in question. The third parties are given a lot of freedom to do things that states couldn't legally do.
If I actually met anyone for a beer any time soon I'd share some of this stuff, but it's not for posting on the public internet.
The gist: The gov do not have the best tools, people, skills, abilities here... but they do have deep pockets and the ability to turn the other way... so the people they hire are the infosec people who walk a very very fine line between landing themselves in jail, working at high tech startups, and speaking at defcon.