Brian Krebs’s KrebsOnSecurity.com website has been knocked offline after Akamai Technologies stopped protecting it from a sustained DDoS attack that has been hitting the site since Tuesday.
Yesterday Infosecurity Magazine reported on the DDoS attack, which is thought to be one of the biggest ever recorded. Krebs himself said the site only remained online thanks to the work of Akamai engineers. Now however, Krebs’s site has gone offline after Akamai withdrew its protection.
“It's looking likely that KrebsOnSecurity will be offline for a while. Akamai's kicking me off their network tonight,” he tweeted.
It has not yet been revealed why Akamai removed KrebsOnSecurity from its network, but Krebs did confirm that Akamai was offering DDoS protection on a pro bono basis, and this huge, sustained attack was likely to be costing the company a lot of money. There is no evidence to suggest Akamai was struggling to defend the website.
“I can't really fault Akamai for their decision. I likely cost them a ton of money today,” he wrote, followed by, “Before everyone beats up on Akamai/Prolexic too much, they were providing me service pro bono. So, as I said, I don't fault them at all.”
The DDoS attack is one of the biggest Akamai has ever recorded, peaking at 620 Gbps, nearly double the previous record of 363 Gbps. Data found within the DDoS packets suggest the attack was connected to Krebs’ work bringing down DDoS-for-hire service vDos.
Akamai’s Second Quarter 2016 State of the Internet Security Report revealed a 129% increase in DDoS attacks in Q2 2016 from the same quarter a year earlier. It was this quarter that saw the previous biggest DDoS attack, while a further 12 attacks exceeding 100 Gbps and two clocking in at over 300 Gbps were recorded.
Infosecurity Magazine has reached out to Akamai but has yet to receive a reply.
At the time of writing KrebsOnSecurity remains offline, but a web archive of the site is available here.