Tag Archives: DDoS

Spreading the DDoS Disease and Selling the Cure

October 19, 2016

Earlier this month a hacker released the source code for Mirai, a malware strain that was used to launch a historically large 620 Gbps denial-of-service attack against this site in September. That attack came in apparent retribution for a story here which directly preceded the arrest of two Israeli men for allegedly running an online attack for hire service called vDOS. Turns out, the site where the Mirai source code was leaked had some very interesting things in common with the place vDOS called home.

Source Code for IoT Botnet ‘Mirai’ Released

October 1, 2016

The source code that powers the “Internet of Things” (IoT) botnet responsible for launching the historically large distributed denial-of-service (DDoS) attack against KrebsOnSecurity last month has been publicly released, virtually guaranteeing that the Internet will soon be flooded with attacks from many new botnets powered by insecure routers, IP cameras, DVRs and other easily hackable IoT devices.

The Democratization of Censorship

September 25, 2016

John Gilmore, an American entrepreneur and civil libertarian, once famously quipped that “the Internet interprets censorship as damage and routes around it”. This notion undoubtedly rings true for those who see national governments as the principal threats to free speech.

However, events of the past week have convinced me that one of the fastest-growing censorship threats on the Internet today comes not from nation-states, but from super-empowered individuals who have been quietly building extremely powerful cyber weapons with transnational reach.

KrebsOnSecurity Hit With Record DDoS

September 21, 2016

On Tuesday evening, KrebsOnSecurity.com was the target of an extremely large and unusual distributed denial-of-service (DDoS) attack designed to knock the site offline. The attack did not succeed thanks to the hard work of the engineers at Akamai, the company that protects my site from such digital sieges. But according to Akamai, it was nearly double the size of the largest attack they’ve seen previously, and was among the biggest assaults the Internet has ever witnessed.

Hackers Target Anti-DDoS Firm Staminus

March 11, 2016

Staminus Communications Inc., a California-based Internet hosting provider that specializes in protecting customers from massive “distributed denial of service” (DDoS) attacks aimed at knocking sites offline, has itself apparently been massively hacked. Staminus’s entire network was down for more than 20 hours until Thursday evening, leaving customers to vent their rage on the company’s Facebook and Twitter pages. In the midst of the outage, someone posted online download links for what appear to be Staminus’s customer credentials, support tickets, credit card numbers and other sensitive data.

Conversations with a Bulletproof Hoster

May 20, 2013

Criminal commerce on the Internet would mostly grind to a halt were it not for the protection offered by so-called “bulletproof hosting” providers — the online equivalent of offshore havens where shady dealings go ignored. Last month I had an opportunity to interview a provider of bulletproof services for one of the Web’s most notorious cybercrime forums, and who appears to have been at least partly responsible for launching what’s been called the largest cyber attack the Internet has ever seen.

Triple DDoS vs. KrebsOnSecurity

August 8, 2012

During the last week of July, a series of steadily escalating cyber attacks directed at my Web site and hosting provider prevented many readers from being able to reach the site or read the content via RSS. Sorry about that. What follows is a post-mortem on those digital sieges, which featured a mix of new and old-but-effective attack methods.

Top Spam Botnet, “Grum,” Unplugged

July 19, 2012

Roughly five years after it burst onto the malware scene, the notorious Grum spam botnet has been disconnected from the Internet. Grum has consistently been among the top three biggest sources of junk email, a crime machine capable of blasting 18 billion messages per day and responsible for sending about one-third of all spam.