Krebs on Security, the security blog run by Brian Krebs, has been taken down for most of last week because of a suspected revenge cyberattack. The website is now back online with help from Google's Project Shield.
The attack on Krebs' blog is widely believed to be in retaliation for previous blog posts that exposed two major cyberattack sellers, leading to their subsequent arrests. Krebs himself believes that it was perpetrated by allies of vDOS, one of the companies he exposed selling cyberattack services. It was carried out by launching a distributed denial-of-service (DDoS), within a scale that engineers consider as the worst in internet history so far.
The attack reached 620 Gbps in size and has effectively crippled the website, keeping it off the internet in the process. It also took several forms such as SYN Floods, GET Floods, ACK Floods, POST Floods and GRE Protocol Floods. Krebs' own inbox and Skype accounts were systematically targeted with subscriptions and requests.
The attack has prompted Akamai Technologies to drop support for Krebs on Security. The company has been protecting the blog against such kind of DDoS attack for free. While its engineers were able to counter the attack, the disruption reportedly proved too costly.
In an interview with the Boston Globe, Akamai claimed it stands to lose millions if the blog, which has been moored within its network, continues to attract similar attacks thereafter. It stressed that while the company has the technology to protect the website, it cannot afford to shoulder the breadth of resources needed to consistently fend-off assaults of such scale.
Krebs, for his part, said that he did not blame Akamai for its decision, although he noted that the company only gave him two hours to migrate his entire website off its network.
"I was a pro bono customer from the start, and Akamai and its sister company Prolexic have stood by me through countless attacks over the past four years," Krebs said in a blog post. "Once it became evident that the assault was beginning to cause problems for the company's paying customers, they explained that the choice to let my site go was a business decision, pure and simple."
Krebs on Security is now using Google's Project Shield, a free program being offered by Google in order to protect news outlets and journalists from censorship. Whether the initiative's technology could effectively protect Krebs on Security remains to be seen.
Google has explained that Project Shield is capable of Advanced DDoS protection through a multi-layer defense system against DDoS attacks. The service is also free and unlimited regardless of the size of a website.