Brian Krebs knows what it’s like to face intimidation from hackers. The independent reporter has had a SWAT team called to his house by subjects of his investigations. One sent threats via flowers shaped in a cross, the kind one orders for a funeral. But he’s never been on the wrong end of a record-breaking digital attack like he was this week when an epic amount of traffic – somewhere between 600 gigabits per second and 700Gbps – took his website offline.
Such was the size of the hit, known as a distributed denial of service (DDoS), the security company protecting Krebs’ site – Prolexic, owned by Akamai – could no longer justify supporting KrebsOnSecurity.com. The economics made it infeasible: Akamai had to suck in all that data at a huge cost, and as Krebs wasn’t paying for the service, the firm had to make a call. Krebs doesn’t blame them. “I’m most concerned about not having the attack blow back on my original provider,” he told me. The site is now back up, thanks to Google’s Project Shield service designed to protect human rights activists and journalists from DDoS-powered censorship.
But Krebs isn’t alone in being targeted. He’s one of many victims of the same hacker crew, FORBES understands. The unnamed individual or group has, in the last five days, launched other huge attacks across the internet. French hosting giant OVH said it had been hit by an even greater attack, at more than 1100Gbps, though this was not independently confirmed. Gaming companies, including Blizzard, have been disrupted by sizeable DDoS hits, though the studio behind massively popular shooter Overwatch creator hasn’t clarified just how big its hit was.
How hackers generate such power
FORBES was told by two sources familiar with the attacks that the botnets are made up of tens of thousands of Internet of Things (IoT) devices, including unsecure routers, digital video recorders (DVRs) and connected IP cameras. Such IoT machines have been shown widely vulnerable to simple hacks, meaning the bot masters are easily able to build up vast networks of compromised systems to send extraordinary volumes of traffic to a chosen target. But connected cameras have proven especially attractive to hackers. Founder of OVH, Octave Klaba, said one of the botnets that struck his company consisted of 145,607 cameras and DVRs. Just this summer, a botnet of 25,000 CCTV cameras was used to initiate significant attacks across the world.
The majority of traffic in the latest attacks has come from Asia, in particular China, South Korea, Taiwan and Vietnam, though it’s unclear where the hackers themselves hail from. One source familiar with the attacks said they were being perpetrated either by an individual or a group that’s flexing its muscles and testing its capability.
Find how to protect yourself and your business: http://cyber.aspida.org