A discussion about internet censorship has begun after internet security blogger KrebsonSecurity was taken offline by a massive DDoS attack. The blog was allegedly targeted due to its reporting on a pair of Israeli hackers who ran vDos – a DDoS-for-hire service.
The initial attack began by throwing 140Gbps of junk data at the KrebsonSecurity server; most of which was stopped by Akamai’s DDoS protection service. This amount was eventually ramped up to 620Gbps of data; which was easily twice the amount that Akamai had ever seen in the past.
This DDoS attack was so effective that Akamai had to remove its protection for Krebs, or risk having the attack affect its other customers as well. Brian Krebs, the owner of the site, does not hold a grudge as his protection was being extended pro bono; and he wasn’t actually paying for it. Ultimately, Krebs was forced to take his site offline to survive the attack.
What is concerning is that the DDoS attack used millions of unsecured devices from the Internet-of-Things. This is a result of a lack of effort put into securing the number of devices like webcams and smoke alarms that connect to the internet and provide online services. These devices are often left with their default passwords; and are easily hacked by cybercriminals.
For now, KrebsonSecurity has returned thanks to Google’s Project Shield. The service is a free offering that protects journalists from DDoS attacks that would take them down. It was originally designed to deal with the possibility of nation states trying to censor the press; but it looks like the threat of censorship is no longer confined to the work of governments.