Sunday, September 25, 2016

The Silencing of KrebsOnSecurity

On Techmeme earlier, "Brian Krebs' site hit by record 620Gbps sustained DDos attack, nearly twice as big as any previous attack seen by Akamai..."

Up now, "The Democratization of Censorship: As insecure IoT devices make large-scale DDoS attacks more potent, the Internet community should work to adopt standards and tools to prevent these attacks..."

And at Ars Technica, "Why the silencing of KrebsOnSecurity opens a troubling chapter for the ‘Net":
For the better part of a day, KrebsOnSecurity, arguably the world's most intrepid source of security news, has been silenced, presumably by a handful of individuals who didn't like a recent series of exposés reporter Brian Krebs wrote. The incident, and the record-breaking data assault that brought it on, open a troubling new chapter in the short history of the Internet.

The crippling distributed denial-of-service attacks started shortly after Krebs published stories stemming from the hack of a DDoS-for-hire service known as vDOS. The first article analyzed leaked data that identified some of the previously anonymous people closely tied to vDOS. It documented how they took in more than $600,000 in two years by knocking other sites offline. A few days later, Krebs ran a follow-up piece detailing the arrests of two men who allegedly ran the service. A third post in the series is here.

On Thursday morning, exactly two weeks after Krebs published his first post, he reported that a sustained attack was bombarding his site with as much as 620 gigabits per second of junk data. That staggering amount of data is among the biggest ever recorded. Krebs was able to stay online thanks to the generosity of Akamai, a network provider that supplied DDoS mitigation services to him for free. The attack showed no signs of waning as the day wore on. Some indications suggest it may have grown stronger. At 4 pm, Akamai gave Krebs two hours' notice that it would no longer assume the considerable cost of defending KrebsOnSecurity. Krebs opted to shut down the site to prevent collateral damage hitting his service provider and its customers.

"It's hard to imagine a stronger form of censorship than these DDoS attacks because if nobody wants to take you on then that's pretty effective censorship," Krebs told Ars on Friday. "I've had a couple of big companies offer and then think better of offering to help me. That's been frustrating."

Until recently, a DDoS attack in excess of 600Gb was nearly impossible for all but the most sophisticated and powerful actors to carry out. In 2013, attacks against anti-spam organization Spamhaus generated headlines because the 300Gb torrents were coming uncomfortably close to Internet-threatening size. The assault against KrebsOnSecurity represents a much greater threat for at least two reasons. First, it's twice the size. Second and more significant, unlike the Spamhaus attacks, the staggering volume of bandwidth doesn't rely on misconfigured domain name system servers which, in the big picture, can be remedied with relative ease...
Pretty amazing.

Keep reading.