Investigative journalist warns against ‘censorship’ via DDoS attacks
Security researcher and investigative journalist Brian Krebs has warned in a blog post about censorship resulting from major DDoS attacks. Krebs’ blog was hit by a major ddos attack last week, after which his hosting party stopped hosting the site.
The researcher writes that he equates DDO attacks with censorship, because it is expensive to defend against them as a small party. By this he means, among other things, journalists. After the major ddos on his blog, his hosting provider Akamai claimed it would cost millions to protect his site against such major attacks. Until the attacks, the company did this for free, but this was no longer possible due to the high costs. Since then, Google has taken over hosting the KrebsOnSecurity blog under the “Project Shield.” With this the company wants to protect independent news sites.
Krebs reports in his blog post that he has been toying with the idea of setting up a non-profit organization for some time, which should assist internet journalists to protect themselves against DDO attacks. In his post, Krebs also references an article by cryptographer Bruce Schneier, in which he describes indications that a nation state actor is testing ways to “shut down” the internet. Schneier relies on anonymous sources within companies that provide critical internet services. According to them, there are more and more DDoS attacks aimed at testing the defense measures of these companies.
The attack on Brian Krebs’ site wasn’t the only major ddos to take place last week. For example, Octave Klaba, founder of the large hosting company OVH, know that several ddos attacks had been carried out on his service, which together reached almost 1Tbit/s. In later tweets, he assumed that it was a botnet consisting of about 145,000 IP cameras and digital video recorders. It is unclear on what he bases this conclusion. The attack on the Krebs site also seemed to have been carried out by such a botnet and reached about 620 Gbit/s at its peak.
According to Krebs, these types of attacks should be seen as a signal to the Internet community that action is needed against these practices. However, he expects this to happen only after an attack that endangers lives, disrupts critical infrastructure or affects elections. He suggests that some sort of ‘internet industry association’ is needed to prevent the sale of Internet-of-things devices with insecure settings, such as pre-programmed passwords. There should also be opportunities to get ISPs to implement secure best practices. He is referring to BCP38, which serves to filter internet traffic to reduce the power of DDoS attacks.