Terabyte DDoS achieved

cswuqssw8aas4ebVergangene Woche hatte ein dicker DDoS die Website von InfoSec-Journalist Brian Krebs abgeschossen, woraufhin sein ihn sein CDN-Provider Akamai rausgeschmissen hatte. Seitdem wird seine Site von Google Shield ausgeliefert, derzeit wieder arschlahm und offenbar nach wie vor unter heftigem Traffic-Beschuss. Der DDoS auf Krebs hatte stattliche „620 Gigabit pro Sekunde – knapp doppelt so viel Traffic wie beim bisher schlimmsten von Akamai beobachteten Angriff.“ Hacker nutzen dazu vor allem unsichere Internet-of-Things-Devices, vor allem Kameras.

Octave Klaba vom französischen ISP dazu so: LOL!

- „we got 2 huge multi DDoS: 1156Gbps then 901Gbps“
- „Last days, we got lot of huge DDoS. Here, the list of "bigger that 100Gbps" only. You can see the simultaneous DDoS are close to 1Tbps!“
- „This botnet with 145607 cameras/dvr (1-30Mbps per IP) is able to send >1.5Tbps DDoS. Type: tcp/ack, tcp/ack+psh, tcp/syn.“

Das gruselige: DDoS-Attacken von über 300Gbps wurden bis vor kurzem noch „state-sponsored Attacks“ zugerechnet. 2016 sind Botnetze, die solchen Fake-Traffic erzeugen können, weitgehend demokratisiert und stellen laut Krebs eine Gefahr für die Meinungsfreiheit im Netz dar. Eins der Lieblingsziele dieser Angriffe sind übrigens Gaming-Sites. Go figure.

the massive 620 Gbps attack that hit my site this week was an apparent retaliation for a story I wrote exposing two Israeli men who were arrested shortly after that story ran for allegedly operating vDOS — until recently the most popular DDoS-for-hire network. The traffic hurled at my site in that massive attack included the text string “freeapplej4ck,” a reference to the hacker nickname used by one of vDOS’s alleged co-founders.

Most of the time, ne’er-do-wells like Applej4ck and others are content to use their huge DDoS armies to attack gaming sites and services. But the crooks maintaining these large crime machines haven’t just been targeting gaming sites. OVH, a major Web hosting provider based in France, said in a post on Twitter this week that it was recently the victim of an even more massive attack than hit my site. According to a Tweet from OVH founder Octave Klaba, that attack was launched by a botnet consisting of more than 145,000 compromised IP cameras and DVRs.

I don’t know what it will take to wake the larger Internet community out of its slumber to address this growing threat to free speech and ecommerce. My guess is it will take an attack that endangers human lives, shuts down critical national infrastructure systems, or disrupts national elections.

But what we’re allowing by our inaction is for individual actors to build the instrumentality of tyranny. And to be clear, these weapons can be wielded by anyone — with any motivation — who’s willing to expend a modicum of time and effort to learn the most basic principles of its operation.