Home Security DDoS takes down KrebsOnSecurity site

There is an old saying about not disturbing a hornet’s nest – unless you want to be bitten. Noted security expert Brian Krebs found that out the hard way.

Krebs is pretty fearless. His investigative journalism, mainly related to security issues, has earned him a lot of respect and friends – and a lot of enemies too. 

His website KrebsOnSecurity is an amazing early source of security news, but it was taken down by a mega-massive 665Gbps Distributed Denial of Service attack that for three days has constantly flooded the Akamai servers – a hosting company that helps protect sites against these types of attacks. It fought valiantly but was forced to remove the site from its systems. The attack was thought to be retribution for revealing details of a DDoS scheme called vDOS for hire.

To gauge the magnitude of the attack, consider that the fastest domestic Internet speeds offered in Australia are 100Mbps (0.125Gbps) and this attack delivered a sustained stream of garbage at 5300 times that. The average website cannot handle huge amounts of page requests – certainly not one funded by a sole author.

How can so much traffic be generated?

According to Akamai, the attack is likely the work of a huge botnet (compromised devices able to be remotely controlled by a command and control server) comprising mainly Internet of Things (IoT) devices like routers. Akamai is trying to “size” it, but early indications are that it could comprise as many as one million IoT devices. Such devices can generate “alerts” [email] or go to a website to report home.

While it has not happened yet, the future portends 21 billion IoT devices by 2020, and the scale of botnets could grow as these devices lack security. Imagine if every smart watch, or smart bulb or camera was compromised!

Back to vDOS. Krebs discovered a DDoS service for hire that had claimed to earn over US$600,000 co-ordinating more than 150,000 DDoS attacks to take websites offline. He named two Israeli men, and it is believed they struck back.

DDoS has become the weapon of choice for angry hackers. If they cannot break into the website to steal data or deface it, they will likely DDoS it for a time. Or if a company wants to cripple a competitor it can pay to launch a DDoS on the website – it happens all too often.

DDoS was initially blamed for the failure of the Australian census, but experts quickly dispelled that “porky” – it is simple to measure Internet traffic. DDoS protection is available from many ISPs that can monitor traffic and rotate the website to other DNS, but it’s a costly service. Akamai was doing DDoS protection for Krebs pro-bono, and it would have cost it a fortune to do so.

Other recent memorable DDoS have included Pokémon Go servers, World of Warcraft Battle.net and even iTWire has suffered – but none have come close to the traffic generated to bring down Krebs site.

LEARN NBN TRICKS AND TRAPS WITH FREE NBN SURVIVAL GUIDE

Did you know: Key business communication services may not work on the NBN?

Would your office survive without a phone, fax or email?

Avoid disruption and despair for your business.

Learn the NBN tricks and traps with your FREE 10-page NBN Business Survival Guide

The NBN Business Survival Guide answers your key questions:

· When can I get NBN?
· Will my business phones work?
· Will fax & EFTPOS be affected?
· How much will NBN cost?
· When should I start preparing?

DOWNLOAD NOW!

Ray Shaw

joomla stats

Ray Shaw ray@im.com.au  has a passion for IT ever since building his first computer in 1980. He is a qualified journalist, hosted a consumer IT based radio program on ABC radio for 10 years, has developed world leading software for the events industry and is smart enough to no longer own a retail computer store!

 

 

 

 

Connect

Join the iTWire Community and be part of the latest news, invites to exclusive events, whitepapers and educational materials and oppertunities.
Why do I want to receive this daily update?
  • The latest features from iTWire
  • Free whitepaper downloads
  • Industry opportunities