A wave of bogus Internet traffic measured at more than 600 gigabits per second, overwhelming the site's web server. That amounted to more than 75 gigabytes of random data being thrown at KrebsOnSecurity every single second, for hours at a time.
It strained the network of Akamai Technologies Inc, Krebs' network provider, to the extent that they were forced to stop hosting. The site was forced offline for more than 24 hours, only recently being able to get back online this week.
KrebsOnSecurity hit with record DDoS attack. Akamai: Someone has a botnet with capabilities we haven't seen before https://t.co/MQketE3nWN
— briankrebs (@briankrebs) September 22, 2016
Despite the shocking scale of this attack, the methods used are actually not an uncommon tool for cybercriminals. Botnets are a large number of compromised computers,which provide anonymity. These botnets are used to deliver distributed denial of service (DDoS) attacks, which basically means flooding a network or web server with so much traffic that it cannot cope and crashes.
if you're trying to access my site right now and getting an error, please just try the https:// version https://t.co/PIwhnFKtcE thanks.
— briankrebs (@briankrebs) September 28, 2016
It's a little like a thousand calls all coming into a call center at once.
Kreb wrote in a blog post describing the attack:
"There is every indication that this attack was launched with the help of a botnet that has enslaved a large number of hacked so-called 'Internet of Things' (IoT) devices — mainly routers, IP cameras and digital video recorders (DVRs) that are exposed to the Internet and protected with weak or hard-coded passwords."
Although just one site, the consequences of such an attack are far-reaching. IoT devices are becoming increasingly popular, from baby monitors and electricity meters, to smart fridges and cars. However, while the interest in smart technology may be high among the public, smart online habits such as using different and complicated passwords to protect each device, are not.
Krebs warns that such attacks are not rare and that today's digital criminals are becoming increasingly dangerous.
"We're at a point where individual 16-year-olds can wield tremendous power. That ought to get a lot of people's attention, but I fear that it won't," Mr. Krebs said.
Also, last week, there was news of a similar attack on a French web host that peaked at a staggering 1.1 terabits per second, more than 60 percent larger. Octave Klaba, the founder and CTO of French hosting firm OVH, first highlighted the assault on Twitter.
Last days, we got lot of huge DDoS. Here, the list of "bigger that 100Gbps" only. You can see the
— Octave Klaba / Oles (@olesovhcom) September 22, 2016
simultaneous DDoS are close to 1Tbps! pic.twitter.com/XmlwAU9JZ6
One of the two stages of the attack peaked at 799Gbps, which if confirmed, would make it the largest ever reported.
OVH has not spoken to the media, but Akamai, the Cambridge-based company that hosted Internet security researcher Brian Krebs' site, has.
Speaking about the massive worldwide digital attack, Josh Shaul, Akamai's vice president of web security, said:
"This is the worst denial-of-service attack we've ever seen."
Shaul added that while Akamai had the technology to fend off the attack, it did not have the resources. Such an assault would have cost "millions" to defend against, and Akamai had been providing security services to Krebs' website free of charge.
Krebs, for his part, says he holds no grudge against Akamai for being dropped.
"Let me be clear: I do not fault Akamai for their decision. I was a pro bono customer from the start, and Akamai and its sister company Prolexic have stood by me through countless attacks over the past four years.
"It just so happened that this last siege was nearly twice the size of the next-largest attack they had ever seen before. Once it became evident that the assault was beginning to cause problems for the company's paying customers, they explained that the choice to let my site go was a business decision, pure and simple."
Krebs suspects that he was targeted because of an expose he wrote earlier in September on vDOS, a company that conducts DDoS attacks on a freelance basis.
"Maybe this was an act of solidarity," generated by allies of vDOS, Krebs suggested.
Whoever is responsible, the extent to which modern society is reliant on technology and the Internet means that cybercrime is likely to increase in number and scope.
Martin McKeay, a member of Akamai's security intelligence team, told Arstechnica, a UK-based IT and technology website:
"Now that we've seen a 600 gig botnet, we have to plan that within one to two years, those are going to become common.
"They may not be every attack, but we will see a dozen of them a quarter, we'll see a couple hundred of them a year. Now that people know those are a possibility, they're going to start pushing in that direction. They're going to make it happen."