BrianKrebsOct 10, 2024

Since Sept 2016, when krebsonsecurity.com was hit w/ something close to a world record DDoS from Mirai, my site has been behind Google Shield, a free program that Google offers to journalists, news outlets and human rights groups that might otherwise be DDoSsed into silence in one form or another. On the one hand, I don't have as much visibility into who's attacking me or when, because I mostly never notice any disruption. But when I do hear from the Shield team about an attack, it's usually something interesting (e.g. https://krebsonsecurity.com/2021/09/krebsonsecurity-hit-by-huge-new-iot-botnet-meris/)

Anyway, Google said today it is expanding the Shield offering to include "organizations representing marginalized groups and non-profit organizations supporting the arts and sciences."

https://cloud.google.com/blog/products/identity-security/project-shield-expands-free-ddos-protection

I gave Google this feedback long ago, but I'll add it here b/c it should be the default if you're on Shield and also using other Google services (Gmail, etc): If you or your organization is eligible for this free protection, it probably also means you are a giant target. IMHO, turning on Advanced Protection for Google Accounts should be automatic for Shield users.

KrebsOnSecurity Hit By Huge New IoT Botnet “Meris” – Krebs on Security

Show threadBrianKrebs

BTW I have no idea how much Google has spent protecting just my site over the past 8 years, but it has to be a LOT. The economics of defending dinky sites like mine don't scale very well and sometimes require some fairly custom solutions. I just remember after I exited Akamai's protective harbor and started casting about for pricing on DDoS protection, the figures I was quoted were more than I made in a year, and could expand dramatically depending on how evil the adversary wanted to be.

I wrote about this in more detail not long after I put the site behind Shield.

https://krebsonsecurity.com/2017/02/how-google-took-on-mirai-krebsonsecurity/

How Google Took on Mirai, KrebsOnSecurity – Krebs on Security

Oct 10, 2024 at 7:53pmWeb
Show threadBrianKrebsOct 11, 2024

Dammit, I've gone to archive.org today like I do almost every day, and twice forgot they are still down. Like pouring yourself a bowl of cereal and realizing you have no milk.

Seems like they'd easily qualify for Shield, no?

Show threadArch Oct 11, 2024
@briankrebs I know for a fact they've worked with Cloudflare in the past, wonder what's happening behind the scenes right now though
Show threadStanislav OchotnickýOct 11, 2024

@briankrebs is there any article or research into reasons behind attacking sites like that? Nation states trying to prevent access? (seems too short term to be worth it). Script kiddies? (I took down a non profit helping people yay?).

I can sort of understand kind of protest by ddosing some oil company or whatever. But internet archive, Wikipedia or what have you ?

Show threadRastalOct 12, 2024
@drizzy @briankrebs sometimes it is for no other reason than hacking for the lulz, no further thought process necessary.
Show threadhal8999Oct 11, 2024

@briankrebs I dunno, there are subtitues for milk. Try orange juice or apple juice.

For archive.org? What's the substitute? Google no longer allows viewing of cached results.

Show threadJason Parker (he/they)Oct 12, 2024

@hal8999 OJ cereal? You're a monster.

*adds OJ cereal to things to try*

Show threadhal8999Oct 14, 2024

@north Desperate times require desperate measures.

Especially those times when the hotel continental breakfast serves 3-hour-old milk in a pitcher next to the coffee machine.

Show threadAlun JonesOct 12, 2024
@briankrebs I've seen a bug bounty hacker upset that they can't use the Wayback Machine - generally I recommend against hackers upsetting other, better, hackers.
Show threadThomas EdwardsOct 12, 2024
@briankrebs “Generally, we do not consider using Cloud storage. First of all, we have done the calculations and it is VERY much more expensive per petabyte than the owned datacenter model”. I understand their concern for frugality, but Total Cost of Ownership also needs to take into acccount active security features. https://blog.archive.org/2016/10/25/20000-hard-drives-on-a-mission/
20,000 Hard Drives on a Mission | Internet Archive Blogs

Show threadJason Parker (he/they)Oct 12, 2024

@briankrebs Big same.

https://ꩰ.com/@north/113290244158523373

Jason Parker (he/they) (@north@ꩰ.com)

I just tried to load an archive.org link, which failed because of the DDoS. Then I thought "oh, I bet the Internet Archive has a copy!". Oh...

ꩰ -- IDN testing
Show threadṫẎℭỚ◎ᾔ ṫ◎ℳOct 12, 2024
@briankrebs Hi Brian, Did you see this 404 Media report yet on #verizon ?🤔 #infosec
Show threadnixCraft 🐧Oct 10, 2024
@briankrebs Does Google provide you with some graphs or details about each attack? I remember reading about Akamai dropping you to stabilize their network. I am just glad Google is protecting your blog.
Show threadBrianKrebsOct 10, 2024
@nixCraft Kind of sort of, but not really. I mean, I just don't check is the honest answer. And I'm super grateful that it's something that no longer burns up a lot of my time and resources.
Show threadfeistel Oct 10, 2024
@briankrebs I wish we had a better answer than "transfer lots of money to ISPs," but I'm glad Google sees the value in shielding independent journalists from the racket.