Software Integrity Blog


Security journalist silenced by IoT-based DDoS attack

Last week security reporter Brian Krebs suffered the largest DDoS attack in history, and lost his internet protection company and, briefly, no one had access to his site.

As of Monday morning, is back up, this time using the DDoS protection service provided by Google. Krebs said his previous protection company, Akami, with its Prolexic technology, informed him last Wednesday he had two hours to transition his site to another protection network. The attack occurred at 8 p.m. ET on Sept. 20, and initial reports put it at approximately 665 Gigabits of traffic per second and it was starting to cost them a fair amount of money to mitigate. Early analysis suggests that the individuals responsible may have leveraged flaws within devices used for the Internet of Things (IoT) to mount such a robust and sustained attack on his website.

“Let me be clear: I do not fault Akamai for their decision,” Krebs wrote.

“I was a pro bono customer from the start, and Akamai and its sister company Prolexic have stood by me through countless attacks over the past four years. It just so happened that this last siege was nearly twice the size of the next-largest attack they had ever seen before. Once it became evident that the assault was beginning to cause problems for the company’s paying customers, they explained that the choice to let my site go was a business decision, pure and simple.”

Krebs started his independent blog after being laid off from the Washington Post.

Project Shield is a free program run by Google to help protect journalists from online censorship, says Krebs.

What happened to him is no different than what some governments do to dissidents. In this case, Krebs’ DDoS attack may be related to content or individuals he’s written about. KrebsOnSecurity primarily covers online criminal organizations and is perhaps best known for its exclusive reporting on the Target data breach.


More by this author