Security man Krebs' website DDoS was powered by hacked Internet of Things botnet

Solarquest

Moderator
Thread author
Verified
Staff Member
Malware Hunter
Well-known
Jul 22, 2014
2,525
Internet of Amazingly Insecure Tat? That's the one
The huge distributed denial of service (DDoS) attack which wiped security journalist Brian Krebs' website from the internet came from a million-device-strong Internet of Things botnet.

"Attack appears to include numerous IoT devices, including security cameras. Still itemizing them," an Akamai spokesman told El Reg by email.

The attack "included substantial shaped traffic (traffic directly controlled by that botnet operator), rather than merely reflected, amplified unshaped traffic," he added.

Krebs' website was taken down at his request after it had been receiving up to 620Gbps of malicious traffic. He thinks he was targeted because he is currently researching DDoS gangs.

Two people were recently arrested in connection with recent DDoS attacks, which may have been one outcome of Krebs' sleuthing, as he notes here.

DDoS mitigation firm Akamai, which had Krebs as a pro bono customer, struggled to cope with the volume of incoming requests and gave him two hours' notice of being kicked off their system.

The journalist – who said "I don't fault them [Akamai] at all" – asked his hosting provider to redirect his website to 127.0.0.1 to sinkhole all the malicious traffic, a move which KO'd his website, too.

Google later stepped in to provide DDoS mitigation through its Project Shield service, meaning Krebs' website is back up again.

Krebs said, on his blog, that the sort of DDoS mitigation protection Akamai gave him (until deciding not to) would cost between $150,000 and $200,000 per annum.

“Preliminary analysis of the attack traffic suggests that perhaps the biggest chunk of the attack came in the form of traffic designed to look like it was generic routing encapsulation (GRE) data packets, a communication protocol used to establish a direct, point-to-point connection between network nodes,” he added.

A story by Network World quoted Dave Lewis, Akamai's “global security advocate” as saying: “It’s possible they are faking it or it’s possible it’s a camera that was doing these attacks.” ®
 

jamescv7

Level 85
Verified
Honorary Member
Mar 15, 2011
13,070
Expect that, in searching for truth and take down the known proprietors; revenge is already there.

Interesting since IoT attacks are indeed powerful because fewer information can retrieved to provide cure.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top