There is an old saying about not disturbing a hornet’s nest – unless you want to be bitten. Noted security expert Brian Krebs found that out the hard way.
Krebs is pretty fearless – his investigative journalism mainly related to security issues has earned him a lot of respect and friends – and a lot of enemies too. The DDoS attack was thought to be retribution for revealing details of a DDoS scheme called vDOS for hire.
His website KrebsOnSecurity is an amazing early source of security news, but it was taken down by a mega-massive 665Gbps Distributed Denial of Service attack that for three days has constantly flooded the Akamai servers - a hosting company that helps protect sites against these types of attacks. It fought valiantly but was forced to remove the site from its systems.
To gauge the magnitude of the attack, consider that the fastest domestic Internet speeds offered in Australia are 100Mbps (0.125Gbps) and this attack delivered a sustained stream of garbage at 5300 times that. The average website cannot handle huge amounts of page requests – certainly not one funded by a sole author.
{loadposition ray}
How can so much traffic be generated?
According to Akamai, the attack is likely the work of a huge botnet (compromised devices able to be remotely controlled by a command and control server) comprising mainly Internet of Things (IoT) devices like routers. Akamai is trying to “size” it, but early indications are that it could comprise as many as one million IoT devices. Such devices can generate “alerts” [email] or go to a website to report home.
While it has not happened yet, the future portends 21 billion IoT devices by 2020, and the scale of botnets could grow as these devices lack security. Imagine if every smart watch, or smart bulb or camera was compromised!
Back to vDOS. Krebs discovered a DDoS service for hire that had claimed to earn over US$600 coordinating more than 150,000 DDoS attacks to take websites offline. He named two Israeli men, and it is believed they struck back.
DDoS has become the weapon of choice for angry hackers. If they cannot break into the website to steal data or deface it, they will likely DDoS it for a time. Or if a company wants to cripple a competitor it can pay to launch a DDoS on the website – it happens all too often.
DDoS was initially blamed for the failure of the Australian Census, but experts quickly dispelled that “porky” – it is simple to measure internet traffic. DDoS protection is available from many ISPs that can monitor traffic and rotate the website to other DNS, but it’s a costly service. Akamai was doing DDoS protection for Krebs pro-bono, and it would have cost it a fortune to do so.
Other recent memorable DDoS have included Pokémon Go servers, World of Warcraft Battle.net and even iTWire has suffered – but none have come close to the traffic generated to bring down Krebs site.