600 Gbps DDoS as a democratization of censorship

The famous American journalist Brian Krebs has long been writing on topics of information security, revealing the identities of dark speculators mostly from Eastern Europe. Over the years, Brian had to go through a lot. Angry Ukrainian hacker gathered two Bitcoins on forums to buy heroin and send Krebs by mail , other hackers sent a special forces detachment to the house after a call to the 911 rescue service allegedly from his number, took a $ 20 thousand loan to his name, transferred $ 1000 to his Paypal account from a stolen payment card. Malware authors mention Brian Krebs even in the code of their programs . What to do, these are the costs of a journalist in the field of information security.

Now Krebs has undergone new attacks. This time the attackers organized a powerful 600 Gbps DDoS attack on the KrebsOnSecurity.com website. A few days later, Akamai surrendered. To protect other customers, she put KrebsOnSecurity.com out of her protection.

The attack began on Tuesday evening September 20th. Initially, it did not produce results due to the operational work of Akamai engineers. We managed to filter the traffic, but Akamai experts admitted that this attack turned out to be almost twice as powerful as the largest DDoS that they had seen in life. And, probably, one of the largest in general in the history of the Internet.

September 20 at 20:00 the flow of garbage traffic reached 620 Gbit / s. It is more than enough to put any site. Prior to this, the maximum DDoS attack on Akamai resources was 363 Gbps.
')
DDoS was not organized by the standard method with the amplification of queries through DNS servers. Instead, most of the traffic was data packets generic routing encapsulation (GRE) . GRE communication protocol is used to establish direct P2P connections between network nodes. Such a large amount of traffic surprised specialists - it is not clear how the amplification was performed here. If there was no amplification, it turns out that the attacker used to attack hundreds of thousands of infected machines. This is some kind of a record botnet. Perhaps it consists of IoT devices such as routers, IP cameras and digital set-top boxes (DVRs).

Brian Krebs does not take offense at Akamai. For four years, they many times together with a subsidiary of Prolexic have protected him from DDoS attacks. Just the current DDoS was too big. When it became apparent that the attack would affect other customers, Akamai warned Brian Krebs early on September 21 at 4:00 pm that he had two hours to switch to another network, and at 6:00 pm they would take off the defense.

The company's management later explained that otherwise a reflection of such an attack would have caused them millions of dollars in damage. Probably, the manager has exaggerated a bit, but in fact protection against attacks of this magnitude really costs from $ 100 thousand to $ 150 thousand a year. Krebs has always defended for free.

In order not to let down his host, the journalist asked to redirect all traffic to 127.0.0.1, while he himself tried to use the services of Project Shield , a charity project of Google, designed specifically to protect journalists from DDoS attacks. It turned out that this is an ideal option, so on September 25 the site returned to online and still works without failures.

These events pushed Brian Krebs to philosophical reflections on the essence of Internet censorship. He recalls the famous words of the entrepreneur and libertarian John Gilmore about the impossibility of censoring the Internet. Gilmore said: "The network recognizes censorship as damage and bypasses it." These are magnificent words that life has repeatedly affirmed. Even now in Russia, it is clearly seen how ineffective censorship is on the Internet. Attempts by Roskomnadzor and other censors to block individual resources are perceived by the Network as damage to the integrity of their structure, as an anomaly in normal operation - and suggests ways to bypass this anomaly.

But this principle is valid only in the case of "political" censorship, which is traditionally exercised by governments of different countries, limiting the free access of its citizens to information.

In the case of a DDoS attack, we see another example - an attempt to “shut up” the opponent, to silence him. The state is not involved here. Censorship is realized by the coordinated efforts of many people or bots. In this sense, it can be said that the DDoS attack is a “democratic” version of censorship, when the majority imposes its will on the minority and silences the opponent (of course, such actions have no relation to true democracy).

Brian Krebs believes that at present the most dangerous threat of censorship is not just the toothless attempts of government officials to ban something on the Internet (officials still absolutely do not understand anything in technology and are not able to cause significant damage), namely the actions of experienced professionals. In recent years, the underground hacker community has quietly become a powerful transnational organization, in whose hands enormous computer resources have been concentrated. Under certain conditions, these resources can turn into cyber weapons.

It’s hard to imagine that a government of some country could organize a 600 Gbps DDoS attack, which is incredible. But the transnational hacker community - maybe. In this sense, Brian Krebs speaks of the "democratization of censorship."