Akamai Boots Popular Security Site KrebsOnSecurity With Little Notice Following Record-Breaking DDoS Attack
Today the bad guys have won. Not the war, mind you, but a skirmish with renowned security journalist Brian Krebs, author of The New York Times bestseller "Spam Nation," a former writer for the The Washington Post, and owner of KrebsOnSecurity, a popular security blog that's no longer live after cloud service provider Akamai gave Krebs just 2 hours to pack his things and leave.
Of course, there's more to the story than that. Akamai isn't some evil company secretly working for the bad guys (we hope not, anyway). But it was providing free service to Krebs for his blog. You get what you pay for. In this case, Krebs wasn't paying a dime, so Akamai decided enough was enough when Krebs found himself the victim of an extended Distributed Denial of Service (DDoS) attack.
The DDoS attack appears to be related to a KrebsOnSecurity article that called out vDOS, a lucrative website run by a pair of Israeli cybercriminals, Itay Huri and Yarden Bidani, who offered to overwhelm websites with traffic for money. Their identities became known because vDOS itself was hacked, revealing information about tens of thousands of paying customers and their targets. KrebsOnSecurity obtained a copy of the database and posted the identities of the site's owners around the same time the United States Federal Bureau of Investigation (FBI) coordinated with local authorities to arrest the two men.
Seemingly in retaliation, KrebsOnSecurity has been the target of a massive and ongoing DDoS attack. The attack brought a record 620 gigabits per second of traffic to the site, the largest Akamai has ever had to defend against. Prior to this recent barrage, the biggest DDoS attack Akamai defended was 336Gbps, which took place earlier this year.
Krebs seems to be taking things in stride and made a point on Twitter to remind everyone that Akamai was providing him with free service. It should also be noted that when extreme network compromises like this happen, that it's not uncommon for hosting and ISP partners to take swift measures to protect the rest of the customers in their network and hosting environment.
Before everyone beats up on Akamai/Prolexic too much, they were providing me service pro bono. So, as I said, I don't fault them at all.— briankrebs (@briankrebs) September 23, 2016
That's a valid point, though Krebs also revealed that Akamai only gave him two hours notice, which is why he didn't mention the pro bono status from the outset. With limited time to get things in order, Krebs said he was "more concerned with making sure my hosting provider wasn't going to go down."
According to ArsTechnica, Krebs considered ponying up for DDoS mitigation service, but for the type of protection he'd need against high-bandwidth attacks, the cost would be between $100,000 to $200,000 per year. That's a hefty sum, so when Prolexic (now owned by Akamai) offered him free service four years ago, he willingly accepted. Now that relationship has come to an end and it has some frightening implications.
If a DDoS attack of this scale is now possible, what's to stop cybercriminals from targeting other services and demanding a ransom? Krebs isn't the only one running a popular blog who can't afford to pay six digits for protection. And with the Internet of Things putting more and more gadgets online, high-bandwidth attacks are only going to grow in size.
So yes, the bad guys won this battle, but let's hope they don't win the war.