John Naughton writes: Brian Krebs is one of the unsung heroes of tech journalism. He’s a former reporter for the Washington Post who decided to focus on cybercrime after his home network was hijacked by Chinese hackers in 2001. Since then, he has become one of the world’s foremost investigators of online crime. In the process, he has become an expert on the activities of the cybercrime groups that operate in eastern Europe and which have stolen millions of dollars from small- to medium-size businesses through online banking fraud. His reporting has identified the crooks behind specific scams and even led to the arrest of some of them.
Krebs runs a blog – Krebs on Security – which is a must-read for anyone interested in these matters. Sometimes, one fears for his safety, because he must have accumulated so many enemies in the dark underbelly of the net. And last Tuesday one of them struck back.
The attack began at 8pm US eastern time, when his site was suddenly hit by a distributed denial of service (DDoS) attack. This is a digital assault in which a computer server is swamped by trivial requests that make it impossible to serve legitimate ones. The attack is called a distributed one because the noxious pings come not from one location, but from computers located all over the world that have earlier been hacked and organised into a “botnet”, which can then direct thousands or millions of requests at a targeted server in order to bring it down. Think of it as a gigantic swarm of electronic hornets overwhelming a wildebeest.
DDoS attacks are a routine weapon in the cybercriminal’s armoury. They are regularly used, for example, to blackmail companies, which then pay a ransom to have the hornets called off. They’re a useful tool because it’s very difficult to pinpoint the individuals or groups that have assembled a particular botnet army. And in the past Krebs has had to deal with DDoS attacks that were probably launched by people who were not amused by the accuracy of his investigative reporting.
Last Tuesday’s attack was different, however – in two respects. The first was its sheer scale. It got so bad that even Akamai, the huge content delivery network that handles 15-30% of all web traffic, had to tell Krebs that it couldn’t continue to carry his blog because the attack was beginning to affect all its other customers. So he asked them to redirect all traffic heading for krebsonsecurity.com to the internet’s equivalent of a black hole. This meant that his site effectively disappeared from the web: a courageous and independent voice had been silenced. [Continue reading…]