Home Security DDoS takes down KrebsOnSecurity site

DDoS takes down KrebsOnSecurity site

There is an old saying about not disturbing a hornet’s nest – unless you want to be bitten. Noted security expert Brian Krebs found that out the hard way.

Krebs is pretty fearless. His investigative journalism, mainly related to security issues, has earned him a lot of respect and friends – and a lot of enemies too. 

His website KrebsOnSecurity is an amazing early source of security news, but it was taken down by a mega-massive 665Gbps Distributed Denial of Service attack that for three days has constantly flooded the Akamai servers – a hosting company that helps protect sites against these types of attacks. It fought valiantly but was forced to remove the site from its systems. The attack was thought to be retribution for revealing details of a DDoS scheme called vDOS for hire.

To gauge the magnitude of the attack, consider that the fastest domestic Internet speeds offered in Australia are 100Mbps (0.125Gbps) and this attack delivered a sustained stream of garbage at 5300 times that. The average website cannot handle huge amounts of page requests – certainly not one funded by a sole author.

How can so much traffic be generated?

According to Akamai, the attack is likely the work of a huge botnet (compromised devices able to be remotely controlled by a command and control server) comprising mainly Internet of Things (IoT) devices like routers. Akamai is trying to “size” it, but early indications are that it could comprise as many as one million IoT devices. Such devices can generate “alerts” [email] or go to a website to report home.

While it has not happened yet, the future portends 21 billion IoT devices by 2020, and the scale of botnets could grow as these devices lack security. Imagine if every smart watch, or smart bulb or camera was compromised!

Back to vDOS. Krebs discovered a DDoS service for hire that had claimed to earn over US$600,000 co-ordinating more than 150,000 DDoS attacks to take websites offline. He named two Israeli men, and it is believed they struck back.

DDoS has become the weapon of choice for angry hackers. If they cannot break into the website to steal data or deface it, they will likely DDoS it for a time. Or if a company wants to cripple a competitor it can pay to launch a DDoS on the website – it happens all too often.

DDoS was initially blamed for the failure of the Australian census, but experts quickly dispelled that “porky” – it is simple to measure Internet traffic. DDoS protection is available from many ISPs that can monitor traffic and rotate the website to other DNS, but it’s a costly service. Akamai was doing DDoS protection for Krebs pro-bono, and it would have cost it a fortune to do so.

Other recent memorable DDoS have included Pokémon Go servers, World of Warcraft Battle.net and even iTWire has suffered – but none have come close to the traffic generated to bring down Krebs site.

LEARN HOW TO BE A SUCCESSFUL MVNO

Did you know: 1 in 10 mobile services in Australia use an MVNO, as more consumers are turning away from the big 3 providers?

The Australian mobile landscape is changing, and you can take advantage of it.

Any business can grow its brand (and revenue) by adding mobile services to their product range.

From telcos to supermarkets, see who’s found success and learn how they did it in the free report ‘Rise of the MVNOs’.

This free report shows you how to become a successful MVNO:

· Track recent MVNO market trends
· See who’s found success with mobile
· Find out the secret to how they did it
· Learn how to launch your own MVNO service

DOWNLOAD NOW!

Ray Shaw

joomla stats

Ray Shaw ray@im.com.au  has a passion for IT ever since building his first computer in 1980. He is a qualified journalist, hosted a consumer IT based radio program on ABC radio for 10 years, has developed world leading software for the events industry and is smart enough to no longer own a retail computer store!