Security blogger Krebs says IoT DDoS attack was payback for a blog

Similar attacks may be a nation calibrating how strong core internet defenses really are

Security blogger Brian Krebs says a massive distributed denial-of-service attack that took down his Web site last week was likely the consequences for his outing of two Israelis who ran a DDoS-for-hire business.

+More on Network World: The IoT is uranium+

The pair, whom he identifies as Itay Huri and Yarden Bidani, both 18, were arrested in Israel at the request of the FBI six days after Krebs posted his blog and are now under house arrest.

He thinks this blog posted Sept. 16 irked them or their confederates to retaliate with the attack against Krebs’s site using a botnet of hundreds of thousands or perhaps a million hijacked internet of things devices, mainly cameras, routers and DVRs.

He says the attack include the text string “freeapplej4ck,” an apparent reference to one of the two arrested Israelis who goes by the hacker name Applej4ck.

Huri and Bidani ran vDOS, a business that sold subscriptions to a DDoS attack platform for between $20 and $200 per month.

If Krebs’s suspicions are true, it means that malicious actors with relatively modest means can summon up giant botnets comprised of IoT devices and deliver unheard of volumes of DDoS traffic.

A similar attack against the French hosting provider OVH topped out at 1.5TBps using an army of bots. “This botnet with 145607 cameras/dvr (1-30Mbps per IP) is able to send >1.5Tbps DDoS,” according to a tweet by Octave Klaba, the founder of OVH.

The attacks are apparently continuing, Klaba tweeted today: “+6857 new cameras participated in the DDoS last 48H.”

bruce schneier Wikipedia

Bruce Schneier

Earlier this month, security expert Bruce Schneier warned in a blog that unknown parties seem to be systematically testing how resilient key internet infrastructure is to DDoS attacks. He says his information comes from companies that provide the infrastructure, but that he couldn’t name because they spoke to him under conditions of anonymity.

The attacks seem carefully measured to reach a certain volume of traffic, then stop. Later, they resume at the same level of intensity and gradually increase, which is indicative of attempts to quantify just what it would take to break each victim’s network, Schneier says.

The unknown attackers throw different types of attacks against the networks they are testing, he says, to evaluate what tools the victims have and how effective they are.

He says he doesn’t know who is behind these probing attacks, but speculates it is a nation and a large one at that, but probably not an activist or researcher or even criminals. He mentions Russia and China.

“It feels like a nation's military cybercommand trying to calibrate its weaponry in the case of cyberwar. It reminds me of the US's Cold War program of flying high-altitude planes over the Soviet Union to force their air-defense systems to turn on, to map their capabilities,” Schneier writes.

Join the CSO newsletter!

Error: Please check your email address.

More about FBIWikipedia

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Tim Greene

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place