Krebs Is Back Online Thanks To Google's Project Shield

"After the massive 600gbps DDOS attack on KrebsOnSecurity.com that forced Akamai to withdraw their (pro-bono) DDOS protection, krebsonsecurity.com is now back online, hosted by Google," reports Slashdot reader Gumbercules!!.

"I am happy to report that the site is back up -- this time under Project Shield, a free program run by Google to help protect journalists from online censorship," Brian Krebs wrote today, adding "The economics of mitigating large-scale DDoS attacks do not bode well for protecting the individual user, to say nothing of independent journalists...anyone with an axe to grind and the willingness to learn a bit about the technology can become an instant, self-appointed global censor." [T]he Internet can't route around censorship when the censorship is all-pervasive and armed with, for all practical purposes, near-infinite reach and capacity. I call this rather unwelcome and hostile development the "The Democratization of Censorship...." [E]vents of the past week have convinced me that one of the fastest-growing censorship threats on the Internet today comes not from nation-states, but from super-empowered individuals who have been quietly building extremely potent cyber weapons with transnational reach...

Akamai and its sister company Prolexic have stood by me through countless attacks over the past four years. It just so happened that this last siege was nearly twice the size of the next-largest attack they had ever seen before. Once it became evident that the assault was beginning to cause problems for the company's paying customers, they explained that the choice to let my site go was a business decision, pure and simple... In an interview with The Boston Globe, Akamai executives said the attack -- if sustained -- likely would have cost the company millions of dollars.
One site told Krebs that Akamai-style protection would cost him $150,000 a year. "Ask yourself how many independent journalists could possibly afford that kind of protection money?" He suspects the attack was a botnet of enslaved IoT devices -- mainly cameras, DVRs, and routers -- but says the situation is exacerbated by the failure of many ISPs to implement the BCP38 security standard to filter spoofed traffic, "allowing systems on their networks to be leveraged in large-scale DDoS attacks... the biggest offenders will continue to fly under the radar of public attention unless and until more pressure is applied by hardware and software makers, as well as ISPs that are doing the right thing... What appears to be missing is any sense of urgency to address the DDoS threat on a coordinated, global scale."

Re:That is huge..

Seeing as how the attacks occured after he posted a series of articles on Israeli-run company vDOS...and that the traffic was larger than practically any other DDoS attack that's been recorded?

It's pretty obvious who has the money and the motive, Israel. They co-opted one of their own, slimy companies to do their dirty work, if it ever blew up in their faces they could bring charges down on vDOS and deny responsibility. vDOS alone can't generate 600+ gigabits of traffic, that's beyond the capacity of any publicly-known, existing botnet. That sort of traffic is generated by an entire country, not a single company.

I'm sure this will be downvoted to hell for being "anti-Semitic" or some other such nonsense, it's just a simple answer to a simple question. Israel is trying to silence American journalists regarding their "cyberwarfare" efforts and they handed over the task of seeking revenge to vDOS for the sake of plausible deniability.

i read this as....

the hackers saying "challenge accepted".

they turned akamai into mush and destroyed their reputation (why the fuck would anyone choose them for ddos mitigation now?).

with a near-infinite source of greedy, moronic "IoT" manufacturers and the gear they produce, google shall soon fall.

too bad krebs didn't just start posting his blog to facebook instead.

Kudos to google

[QuietLagoon]

I was wondering if one of the big ones would step up to the plate on this one.

.
Funny, I don't know why, but facebook was never one of the ones I thought might do it.

Aaaaand Krebs thrashes more people

[smooth+wombat]

the situation is exacerbated by the failure of many ISPs to implement the BCP38 security standard to filter spoofed traffic,

Nothing like sticking your finger in the eyes of those who keep claiming they need to restrict bandwidth to their paying users while at the same time delivering slow speeds for exorbitant prices.

Apparently those hundreds of millions of free dollars generated every month by Comcast/Verizon/et al can't be used for anything useful such as implementing security filtering to slow/prevent this situation.

Re: Aaaaand Krebs thrashes more people

[spongman]

Google could solve this in a day by flagging its search results page with a "your ISP is supporting cybercrime" warning.

Re:That is huge..

[Dutch+Gun]

Reading further in comments, I saw this comment from Krebs (emphasis mine):

Actually, the intel I’m gathering suggests it’s not routers at issue, but mostly DVRs and some IP cameras.

So, sounds like the Internet of Things is already biting us fairly hard these days. OS makers for computers and phones have made those platforms much harder to compromise than they used to be, and regularly patch known vulnerabilities. But I fear IoT manufacturers are going to make all the same, old mistakes that PCs went though over the past decade or so, instead of gleaming the hard-won knowledge of best security practices.

Re:That is huge..

[ArmoredDragon]

I kind of doubt that the Israeli government was involved in a company whose main customers are common internet trolls that want to (for a fee) knock video game streamers offline for 5 minutes to cause them to lose an arena match in world of warcraft. Seriously, that's the biggest revenue driver for a company like vDOS.

The fact that it was located in Israel is likely coincidence, more than anything. It wouldn't surprise me if a collection people who offer these "booter" services didn't like the thought that somebody could possibly expose them, which is bad for their business, and they simply retaliated. Perhaps to send a message of "leave us alone"? Who knows. People have done worse to krebs for exposing illegal activity, like mailing drugs to his address and then reporting him to police, or SWATing him. Oh, and did I mention, these are also tactics that trolls have used against world of warcraft streamers?

The fact that you're turning this into a big government conspiracy just because of the fact that it's in Israel is possibly anti-semetic however, as I doubt you'd make a similar claim if the company operated in Nicuragua for example.

Better be friendly to Google?

Google's Project Shield is excellent, and will save a lot of independent journalists.

However, we probably need an alternative Project Shield for journalists that discuss topics Google wouldn't want to support (or be safe supporting).

This will be what happens

[Pinky's+Brain]

All those people who agitate against an improved internet because they fear nebulous control and because it wouldn't be "trust" based are creating a situation where the real internet will become a bunch of centrally managed corporate networks which CAN block DDOS's. Whereas the open internet build on broken by design protocols and broken by design inter-connection contracts will wither and die.

The current internet isn't build on trust, it's build on quicksand. The current internet is inherently untrustworthy, you'd have to be insane to maintain it's build on trust.

We need a new internet fast, one build to be able to prevent DDOS's by design. Inter-connection contracts which require proper ingress filtering at customer edges and on request blocking at sources of malicious traffic, including large ranges if necessary. Any ISP which can't handle that can stay on the old "trust" based internet, the broken one. It will happen, either fully controlled by corporations, or in a community with an explicit social contract.

Re:This will be what happens

[l0n3s0m3phr34k]

"build on broken by design protocols" Seriously? The Internet is NOT broken-by-design in any way. The original scope of the design did not include the system ever being an open-to-the-public system that supports a large portion of today's civilization. It was never, in it's original scope, designed to have public web servers, financial transactions, video streaming, or such. The original purpose of ARPANET, that eventually metamorphosed into the current internet, was "to exploit new computer technologies to meet the needs of military command and control against nuclear threats, achieve survivable control of US nuclear forces, and improve military tactical and management decision making". The entire thing wasn't designed to allow non-trusted actors on it in the first place.

The design is solid. Your claim is like driving your car into a lake and then claiming the car is "broken by design" because it doesn't properly function as a water-going vehicle. Or that humans are "broken by design" because we can't breath a methane atmosphere.

Re:I know I'm too cynical

[Wizy]

If you read the comments from yesterday's article you will notice someone asking about project shield and Bruce Perens noticing it. He then reached out to Google on Krebs behalf.

Re:How does "Joe" know?

[Pinky's+Brain]

Then your ISP should block them off from the internet.

Re:site still down?

[choprboy]

Shouldn't the IP address be set to one of the attacking IP addresses, so the person/ISP with the compromised device has to deal with all that traffic? Collect the attacking IP addresses, find which ISP is the source of biggest share of them, and redirect the entire attack back at them.

And which one of the estimated 200,000 attacking IPs would you target with this? How would the ISP responsible for that IP know that the one IP was part of the problem when being hit with a DDOS from 199,999 other IPs not under their control? The correct response to criminal activity is not to continue the criminal activity.

Due to the fact that many of the nets abuse handling channels are ineffective (roughly half take no observable action in my experience), perhaps a more effective long term solution would be for the major CDNs, Google, Facebook, etc., to get together and work on notifying end users more directly. In this case, the CDNs/etc. could implement a shared/dynamic blocking list for those 200k IPs such that no content would be delivered, only an error message indicating that their equipment is compromised. The end user would still be free to use the internet and transmit traffic, but their favorite sites would be useless until they clean their equipment/submit a removal request. This provides direct pressure on the end user creating the problem, and by extension their ISP thru support desk calls, to clean up the compromised systems.

Akamai should go broke? For a non-customer?

[raymorris]

"Business decision" meaning "we decided we don't want to go out of business". 600+ Gbps was enough to cause real stress on Akamai's network, so that their customers, who pay the bills, started to be affected. Increasing their costs while reducing their revenue due to losing customers is a recipe for Akamai to go bankrupt.

If Kreb's had been paying Akamai a retainer they would have some responsibility to provide services to him, if they were able to do so. They have no responsibility to put themselves out of business on a charity case.