Digital attack on journalist raises specter of online censorship

When cybersecurity journalist Brian Krebs exposes internet crime rings or digital fraudsters, retaliation often follows. And it's not for the faint of heart.

Mr. Krebs's adversaries have threatened him physically, assaulted his blog with cyberattacks, tried to frame him for selling drugs, and even faked an emergency at his home address so that heavily armed police surrounded his house. The former Washington Post reporter has made so many enemies that he reportedly writes with a loaded shotgun by his side.

But what happened this month after he reported on an Israeli operation that carries out online attacks for a fee sent shockwaves across the internet.

Last week, Krebs's site was hit with a distributed denial of service, or DDoS, attack bigger than anything the internet has seen. The attack was so big even Akamai Technologies, which handles DDoS mitigation for some of the largest companies on the internet, unhitched him from its network.

DDoS attacks direct so much traffic toward an internet address that legitimate visitors can't reach the website. In such attacks, adversaries commandeer networks of thousands of previously compromised computers, or botnets, to dispatch malicious traffic.

While the scope of the online assault was enough to knock Krebs's blog offline for several days, it also revealed the growing strength of DDoS attacks and the relative ease with which anyone can unleash these digital weapons to censor journalists, activists, and critics.

Now that more and more devices are connected to the internet, attackers have access to millions of ordinary objects – home routers or connected digital video records – that have with poor or nonexistent security measures. 

"On the internet, anyone with an axe to grind and the willingness to learn a bit about the technology can become an instant, self-appointed global censor," wrote Krebs following the attack. "I sincerely hope we can address this problem before it’s too late."

Krebs did find a solution that enabled him to keep publishing on the web. Earlier this year, Jigsaw, the advanced research outfit created by Google, opened a service known as Project Shield to news organizations, human rights groups, and investigative reporters that need protection from DDoS attacks.

Project Shield was quick to come to Krebs's aid and bring it under its umbrella of DDoS protections. The project currently protects more than 100 sites operated by journalists, activists, and political groups, according to a recent Wired article on the effort.

"When we talk about organizing the world's information and making it available and useful ... you have to make sure that once people have access to the information, it doesn’t get DDoS attacked, it doesn’t get compromised, it doesn’t get censored in a politically motivated way," Jigsaw president Jared Cohen told Wired.

Many larger news sites and commercial websites have DDoS protection, such as what Akamai provided Krebs as a pro bono service. But smaller blogs or activist websites around the world can't afford such services that can cost between $150,000 and $200,000 per year.

"Ask yourself how many independent journalists could possibly afford that kind of protection money?" Krebs recently wrote.

Krebs says he believes the recent attack on his site was in retaliation for his coverage of the Israeli DDoS provider. He says the service has been responsible for a majority of the DDoS assaults launched over the past several years, according to Krebs. After his article, Israeli police arrested two men connected with the operation. Both of them are presently free on a $10,000 bond.

"This attack was the largest against a single targeted entity that we’ve seen," said Andy Ellis, chief security officer at Akamai. In light of its scale, he says, other organizations should consider the Krebs attack as a new baseline for future DDoS assaults.

Average DDoS attacks involve traffic volumes of less than 100 Gigabits per second (Gbps). This one, he says, hit 600 Gbps a second.

"Generally, attacks of this size require a large infrastructure," Mr. Ellis said. "This adversary has certainly demonstrated a greater capacity than previous adversaries."