KrebsOnSecurity is back online after Google’s Project Shield stepped in to offer DDoS mitigation services.
KrebsOnSecurity, the website belonging to security researcher and blogger Brian Krebs, was last week targeted with what is thought to be the biggest DDoS attack ever seen. At its peak the attack registered 620 Gbps, nearly double the peak rate of the previous biggest attack that Akamai Technologies had recorded.
Akamai had successfully fought off the attack to keep the site online, but eventually pulled its support, which it had been providing to KrebsOnSecurity on a pro bono basis. Although Akamai didn’t respond to Infosecurity Magazine’s request for comment, the company told the Boston Globe that it was a financial decision to stop protecting the site.
“This is the worst denial-of-service attack we’ve ever seen,” said Josh Shaul, Akamai’s vice-president of web security, adding that defending the site from the attack would likely have cost it “millions of dollars.”
“We made a business decision to no longer keep this customer on our platform and prioritize our resources on our paying customers,” added Akamai spokesman Jeff Young.
Krebs explained on his blog that he doesn’t blame Akamai for withdrawing its protection. “I do not fault Akamai for their decision. I was a pro bono customer from the start, and Akamai and its sister company Prolexic have stood by me through countless attacks over the past four years.”
“It just so happened that this last siege was nearly twice the size of the next-largest attack they had ever seen before. Once it became evident that the assault was beginning to cause problems for the company’s paying customers, they explained that the choice to let my site go was a business decision, pure and simple,” Krebs wrote.
He added that in speaking to other DDoS mitigation firms he had been told that similar levels of protection would cost between $150,000 and $200,000 per year.
Now however, Google has stepped in to offer DDoS mitigation through its Project Shield initiative. Project Shield is a free service that Google set up to protect independent news, human rights, and election monitoring websites from attacks that would otherwise knock them offline.
The Project Shield website says it will offer protection “no matter the size of your website or the size of the attack.” Infosecurity Magazine has reached out to Google for confirmation that it will keep protecting KrebsOnSecurity even if an attack of this magnitude is sustained, but has yet to receive a response.