Slashdot Mirror

← Back to Stories (view on slashdot.org)

Akamai Kicked Journalist Brian Krebs' Site Off Its Servers After He Was Hit By a Record Cyberattack (businessinsider.com)

Posted by msmash on from the pushing-the-limits dept.

An anonymous reader writes:Cloud hosting giant Akamai Technologies has dumped journalist Brian Krebs from its servers after his website came under a "record" cyberattack. "It's looking likely that KrebsOnSecurity will be offline for a while," Krebs tweeted Thursday. "Akamai's kicking me off their network tonight." Since Tuesday, Krebs' site has been under sustained distributed denial-of-service (DDoS), a crude method of flooding a website with traffic in order to deny legitimate users from being able to access it. The assault has flooded Krebs' site with more than 620 Gbps per second of traffic -- nearly double what Akamai has seen in the past.

22 of 212 comments (clear)

  1. So basically ... the attack wins? by DavidRawling · · Score: 5, Informative

    Seems to me the attackers win, at least in the short term, because the caching and CDN provider (who I expect was probably contracted and paid, although it's entirely up to Brian how he handles his business affairs, it does seem likely) takes the site off the air anyway. That being the case ... what's the point of having that contracted relationship, if they dump you anyway?

    1. Re: So basically ... the attack wins? by Anonymous Coward · · Score: 5, Informative

      Akamai were providing him service for free up to that point:

      https://twitter.com/briankrebs/status/779111614226239488

      So up to this point they had been eating the cost of hosting him and defending against attacks. This one just got too big for too long.

    2. Re:So basically ... the attack wins? by mwvdlee · · Score: 4, Insightful

      I might be a conspiracy theorist here, but what might Akamai gain by blocking the guy who's taking down one of the largest criminal organizations providing the type of attacks that Akamai is being paid for to prevent?

      --
      Slashdot social media options: AIM, ICQ, Yahoo, Jabber and Mobile Text. Why no MySpace?
    3. Re:So basically ... the attack wins? by DougOtto · · Score: 4, Insightful

      I read somewhere that there was no contract but rather Akamai was providing the service pro-bono.

      If that's the case, and it was starting to impact paying customers, it's an understandable move.

      --
      Solving Unix problems since 1989...
    4. Re:So basically ... the attack wins? by Opportunist · · Score: 5, Insightful

      The reason is irrelevant. The message is clear: You want to silence your opposition? Conduct a DDoS until your enemy's hoster decides that you're more hassle than he is worth.

      --
      We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
    5. Re: So basically ... the attack wins? by Xest · · Score: 5, Insightful

      They weren't hosting him for free, there's no such thing as free.

      They were hosting him because it was good PR for them to be able to say "Yeah, we're capable of holding up this high value target's website just fine regardless of all the attacks he regularly comes under".

      This is a tacit admittance that Akamai's business model has changed from high end bulletproof host to just another host that will not keep your site up in the face of a DDOS. This is rather unfortunate for them, because such low end hosts are widely available, and at a far lower price point.

      I wish them luck with their new model as just another host chasing the low hanging fruit. They've sacrificed an incredibly important unique selling point for them - their reputation as a host that will keep you going no matter what.

    6. Re:So basically ... the attack wins? by Impy+the+Impiuos+Imp · · Score: 4, Funny

      * Largest DDoS attack mitigated to date: 321 Gbps, 71.5 Mpps

      Lol. Looks like we're gonna need a bigger boat.

      --
      (-1: Post disagrees with my already-settled worldview) is not a valid mod option.
    7. Re: So basically ... the attack wins? by Aristos+Mazer · · Score: 4, Insightful

      They are incapable of dealing with the largest DDoS they've ever seen, double the previous record. There is no defense against a DDoS except bandwidth, so there's an upper bound that will take down *any* provider. Akamai is a high-end defender, but in this space, attackers have the clear upper hand.

    8. Re:So basically ... the attack wins? by Anonymous Coward · · Score: 5, Informative

      Before using terms like "shamefully", you really should know all the facts...

      Before everyone beats up on Akamai/Prolexic too much, they were providing me service pro bono. So, as I said, I don't fault them at all.

      — briankrebs (@briankrebs) September 23, 2016

    9. Re:So basically ... the attack wins? by sjames · · Score: 4, Insightful

      Alas, no. That would have been possible in the before time when a T1 was a lot of bandwidth and the threat was a DOS rather than a DDOS.

      In a DDOS, no one host is a big contributor, but there are a lot of hosts. Consider, you have 10,000 hosts (a SMALL attack) fetching valid URLs from your web server and sending them to /dev/null. Now, which of the 10100 hosts fetching pages from you do you want shot down? Keep in mind, your objective includes not letting the attacker win. To add to the "fun", those 10,000 hosts will rotate out and be replaced by others in a much larger pool fairly frequently.

  2. Akami folded, Kerbs is down by sinij · · Score: 4, Interesting

    From Kerbs on Security site:"The attack began around 8 p.m. ET on Sept. 20, and initial reports put it at approximately 665 Gigabits of traffic per second." .

    Akami were handling it as of yesterday, but it seems that they decided it was too expensive to stand by their client while he is under attack.

    Maybe a coincidence, but this started to happen after Kerbs exposed anti-DDoS 'protection' firm BackConnect use of BGP hijacking.

    1. Re: Akami folded, Kerbs is down by Anonymous Coward · · Score: 4, Interesting

      It's more than likely that BackConnect has DDoS'ers on staff...a quick look at their employees and their past guarantees it.

      The ultimate business model! DDoS a site, then come to them saying you'll help.

    2. Re:Akami folded, Kerbs is down by Sarten-X · · Score: 4, Informative

      too expensive to stand by their client

      He wasn't their (paying) client. He is a benefit to the infosec society, and was provided pro bono service in appreciation of and to assist his work.

      This attack probably cost Akamai a significant amount of money, so it's reasonable that they'd cut it off for a while.

      --
      You do not have a moral or legal right to do absolutely anything you want.
  3. Not a surprise by Anonymous Coward · · Score: 4, Insightful

    Akamai has a fiduciary responsibility to others on their network to ensure that they are not impacted by a single user. They were providing the service for free to Brian Krebs, he stated this. I do not work for Akamai(one of their competitors actually) but this is very, very common in this space.

  4. So long... by Daetrin · · Score: 4, Insightful

    So they booted him off because he was costing them a ton of money and wasn't paying anything. (I guess they were providing him service as a charity?)

    But does that mean that they'll kick their paying customers off as well if the costs of defending them against attacks exceed the revenue they're getting from that specific customer? If so that would mean you could put Akamai out of business just by targeting one customer at a time, moving on to a new one as each one was evicted from the service.

    --
    This Space Intentionally Left Blank
  5. Pro Bono by hodagacz · · Score: 5, Insightful

    I don't blame Akamai at all and it sounds like Krebs doesn't either. There were a ridiculous amount of resources used on the attack and that shit gets expensive to block.

    1. Re: Pro Bono by I4ko · · Score: 4, Insightful

      Are you serious? Blocking traffic at high packet rate is expensive - CPU cycles, even with null routing even with FPGAs. It gets expensive as electrical cost at this level - extra heating, extra cooling, extra power. Even if your upstream has provided you with a blacklist community in their BGP announce policy, that traffic is blocked by something. Spend too many CPU cycles on blocking traffic, you miss on a few routing table updates, the tables expire and all that is there behind that router is gone. Your upstream may not like that. This is 650Gbps, think about that for a second - if this is TCP handshake you are looking at something like 20Gpps. Let that sink for a second, actually no, let it sink for a minute.

      If I was in Akamai's shoes that is what I would have done - get it off the network for a while, let anger, hot waves, hormones, or whatever other human emotion is fueling it cool off for a while. (And btw, never get a connected car because of this, especially one you need to start with your cellphone)

      Short of dropping the network completely off the BGP table in order to stop this at the source or the closest network to the source that speaks BGP cost will always be accrued. And it doesn't help that these days most network aggregate announces to /17 or /16 and don't accept/transmit to peers smaller ones. If I was Akamai I would ask that he moves his DNS to one special /16 that I keep unannounced, but that is a whole lot of IP space wasted. Even if Akamai has agreements to be able to keep /24 granularity of announces to all their peers, and have Krebs's site in some of their big pops where there are larger blocks, it takes time to move other customers out of that block and into other blocks, so they can drop the block off the network for a while without affecting others, even though most of the traffic will reach Akamai's upstreams (from the traffic point of view).

      Been there, done that 12-14 years ago. Much hasn't changed, only the numbers - 65 to 650 Mbps back then, 650Gbps now.
      Oh, I miss the days when someone on a 19.9Kbps modem could generate a 2+Mbps flood due to ppp compression.

  6. Re: 620 Gbps per second by Sneeka2 · · Score: 5, Funny

    Yup. Twice the redundancy per second per second.

    --
    Bitten Apples are still better than dirty Windows...
  7. Idiots by edibobb · · Score: 5, Informative

    Akamai is throwing away a great marketing opportunity and turning it into a huge negative. Why would I move to Akamai, knowing that they'll kick me off their network if I ever have trouble? They're throwing away their primary competitive advantage with one stupid decision.

  8. This is what happens. . . by smooth+wombat · · Score: 4, Interesting

    when you're honest. Krebs doesn't pull his punches and the whiners of the world (i.e. those he lambasted for having low quality products or game play) don't like it and now they're being petulant two year olds.

    Just goes to show the mentality of supposed adults. Especially the cowards who sit behind a keyboard and try to destroy the work of others because they didn't get their lollipop.

    --
    We will bankrupt ourselves in the vain search for absolute security. -- Dwight D. Eisenhower
  9. Re:This is a very real threat to free speech. by Anonymous Coward · · Score: 4, Insightful

    The reason that this DDos is able to generate so much force is they aren't just using malware-infected PCs. They are also using security cameras and other devices that connect to the internet. Thanks to all the companies who don't give two shits about securing their devices.

  10. This was one hell of an attack by Anonymous Coward · · Score: 4, Interesting

    From the right up on it, it was peaking at 665 gigabits/sec and was leveraging a massive botnet trying to make direct connections instead of using DNS reflection. They kept his site up during this and numerous other large scale attacks. Claiming that Akamai isn't a "bullet proof" host because they decided their support cost and impact to their customers outweighed the free-marketing/goodwill is just asinine. You're the same entitled person that uses free web services and then b*tches when they start charging or go under aren't you?