My personal feeling is that we’re taking current infrastructure (back end) stability for granted. I would like to propose a weekly or bi-weekly attack day on Status where we find ways to bring the app and the servers behind it to a halt or completely down. Now is the ideal time to do it since a lot of people internal to the org use it, few from outside do, and we’re in public pre-beta, so things are meant to break with no consequences. I’ve briefly discussed this with @oskarth in Prague but am wondering what others think, how viable this is.
The attacks could be thematic, which would require a bit of preparation and openness from the dev team. For example, it would be hard to simulate an attack in the form of the removal of Status from the app store(s), so such an attack would need to be an organized event - i.e. “Let’s all uninstall Status and try to reinstall it but without using app stores - identify problems, let’s reduce friction” etc. At the same time, another team could be attacking the sites hosting binaries that are alternatives to app stores, so we have a “problem with actually getting Status” type of attack.
Others would have varying degrees of complexity, but I think that’s all things we can work around - maybe those with more planning can be proper events planned a month in advance, giving both the dev team time to prepare, and the attackers time to identify holes through which to nuke the system in a targeted way. Other ideas:
- simulate a destruction of Infura. For this, the communication channel should be opened up somewhat (perhaps a network-wide
/etc/hostsemulator) which would let attackers intercept requests, simulating unavailability of Infura. Result: this would break a whole lot of things.
- simulate a destruction of Etherscan. This would break the wallet.
- spam attack. Self explanatory, it would make communication in the app impossible if the channels were flooded with spam.
- DDoS attack. Related to above, a simple mass spam attack can also DDoS the network. Additionally, the network can be DoSed by just pinging endpoints of any mailserver nodes.
- attack the mailservers. DoS them into misbehaving. This would also break all communication.
- identification and verification of known attack vectors
- threat assessment of attack vectors and realistic prioritization of various outstanding back end issues
- organization-wide increased familiarity with inner workings of the app and its systems
- resilience and increased world-war-three resistance in line with Eth 2.0 overall message
- not patching things as we go, but actually being prepared for when censorship comes. Competition is ramping up.
The attacks could be incentivized with SNT. I feel like this would make incredibly appealing bounties on Gitcoin and would likely make a splash in media (“company pays people to have its servers crashed”), and I feel like we could draw in lots of external contributors that way (i.e. someone who studies our code enough to attack it is a viable external contributor long-term).