Brian Krebs site hit with 665 Gbps DDoS attack is back. Why the silencing of KrebsOnSecurity opens a troubling chapter for the ‘Net? Let Brian Krebs answer to that with his The Democratization of Censorship article. Here is my short overview of that article showing some of the main points:
John Gilmore, an American entrepreneur and civil libertarian, once famously quipped that “the Internet interprets censorship as damage and routes around it.” The recent events have shown that one of the fastest-growing censorship threats on the Internet today comes not from nation-states, but from super-empowered individuals who have been quietly building extremely potent cyber weapons with transnational reach.The Internet can’t route around censorship when the censorship is all-pervasive and armed with, for all practical purposes, near-infinite reach and capacity. This is called “The Democratization of Censorship.”
Krebs used a DDoS protection provider. That company made a business decision after facing long world’s biggest DDoS attack to terminate the pro bono customer agreement. Now the site is up usingnder Project Shield, a free program run by Google to help protect journalists from online censorship. DDoS attacks are uniquely effective weapons for stomping on free speech because the economics of mitigating large-scale DDoS attacks do not bode well for protecting the individual user or independent journalists. The companies that have capacity to handle attacks like this cost between $150,000 and $200,000 per year.
What exactly was it that generated the record-smashing DDoS of 620 Gbps attack? There is every indication that this attack was launched with the help of a botnet that has enslaved a large number of hacked so-called “Internet of Things,” (IoT) devices. The reality is that there are currently millions — if not tens of millions — of insecure or poorly secured IoT devices that are ripe for being enlisted in these attacks at any given time. The problem of DDoS conscripts goes well beyond the millions of IoT devices that are shipped insecure by default. Many ISPs do nothing to prevent devices being used for attack – best practice BCP38 is designed to filter such spoofed traffic. is rarely followed. To handle those problems, we probably need an industry security association, with published standards that all members adhere.
There was another attack at almost the same time. OVH, a major Web hosting provider based in France, said in a post on Twitter this week that it was recently the victim of an even more massive attack. That attack was launched by a botnet consisting of more than 145,000 compromised IP cameras and DVRs. For more details on this attack read OVH hosting hit by 1Tbps DDoS attack, the largest one ever seen article.
This DDoS attack is a growing threat to free speech and ecommerce. It’s a lot easier to censor the digital media on the Internet than it is to censor printed books and newspapers in the physical world. This kind of attack has also potential to endanger human lives, shut down critical national infrastructure systems, or disrupt national elections. There is big election soon in USA, and let’s see how well they have prepared.
The article also mentions Bruce Schneier’s unusually alarmist column titled, “Someone Is Learning How to Take Down the Internet.” Citing unnamed sources, Schneier warned that there was strong evidence indicating that nation-state actors were actively and aggressively probing the Internet for weak spots that could allow them to bring the entire Web to a virtual standstill.
If you want to worry more, remember that last month a large number of hacking tools used by NSA were leaked to Internet. NSA hushed up zero-day spyware tool losses for three years article says that sources close to the investigation into how NSA surveillance tools and zero-day exploits ended up in the hands of hackers has found that the agency knew about the loss for three years but didn’t want anyone to know. Also just few days ago largest hack ever was revealed: Yahoo says 500 million accounts stolen.
Should you start to worry?