According to reports, last week an unknown party has hacked and taken offline the website of security writer Brian Krebs in what seems the biggest DDoS attack online ever.
Security Writer Faces Biggest Hacker Attack
Engadget reports that a massive distributed denial of service (DDoS) attack consisting of 620 Gbps of non-stop data has been targeting the Krebs' website as revenge for exposing by him of two major sellers of cyberattack tools. The two hackers exposed have since been arrested.
Krebs has been able to get back online only after taking advantage of the Project Shield provided by Google. Project Shield protects journalists against such censorship campaigns of denial of service attacks.
Akmai, Krebs' previous anti-DDoS provider, had to drop him because a sustained attack on that level would have cost the company "millions," according to The Boston Globe.
Security experts believe that the campaign directed against Krebs, while being very intense, might not have required an elaborate effort. Krebs himself believes that the hackers took advantage of a botnet made up of compromised Internet of Things devices like security cameras, home internet routers and DVRs.
The known security vulnerability of many of the IoS devices is the fact that they have poor or even unchangeable passwords. According to Forbes, Krebs isn't alone in being targeted. There are many victims of the same unnamed hacker crew, including French hosting giant OVH. A post on Twitter explains how the French web host has been attacked recently by using similar tactics.
Another possibility is that the hackers used spoofing, a hacking technique that magnifies attacks by tricking computers and devices into sending reply messages to the victim. But no matter the hacking technique employed, the incident shows the dangers to free speech.
It's relatively common to face a censorship campaign, and the cost of defending against that campaign can be prohibitive. According to one anti-DDoS service, an Akamai-level defense would cost Krebs over $150,000 per year. For a small-scale news outfit is almost impossible to afford that kind of protection.