BrianKrebsOct 10, 2024

Since Sept 2016, when krebsonsecurity.com was hit w/ something close to a world record DDoS from Mirai, my site has been behind Google Shield, a free program that Google offers to journalists, news outlets and human rights groups that might otherwise be DDoSsed into silence in one form or another. On the one hand, I don't have as much visibility into who's attacking me or when, because I mostly never notice any disruption. But when I do hear from the Shield team about an attack, it's usually something interesting (e.g. https://krebsonsecurity.com/2021/09/krebsonsecurity-hit-by-huge-new-iot-botnet-meris/)

Anyway, Google said today it is expanding the Shield offering to include "organizations representing marginalized groups and non-profit organizations supporting the arts and sciences."

https://cloud.google.com/blog/products/identity-security/project-shield-expands-free-ddos-protection

I gave Google this feedback long ago, but I'll add it here b/c it should be the default if you're on Shield and also using other Google services (Gmail, etc): If you or your organization is eligible for this free protection, it probably also means you are a giant target. IMHO, turning on Advanced Protection for Google Accounts should be automatic for Shield users.

KrebsOnSecurity Hit By Huge New IoT Botnet “Meris” – Krebs on Security

Show threadBrianKrebsOct 10, 2024

BTW I have no idea how much Google has spent protecting just my site over the past 8 years, but it has to be a LOT. The economics of defending dinky sites like mine don't scale very well and sometimes require some fairly custom solutions. I just remember after I exited Akamai's protective harbor and started casting about for pricing on DDoS protection, the figures I was quoted were more than I made in a year, and could expand dramatically depending on how evil the adversary wanted to be.

I wrote about this in more detail not long after I put the site behind Shield.

https://krebsonsecurity.com/2017/02/how-google-took-on-mirai-krebsonsecurity/

How Google Took on Mirai, KrebsOnSecurity – Krebs on Security

Show threadBrianKrebsOct 11, 2024

Dammit, I've gone to archive.org today like I do almost every day, and twice forgot they are still down. Like pouring yourself a bowl of cereal and realizing you have no milk.

Seems like they'd easily qualify for Shield, no?

Show threadStanislav OchotnickýOct 11, 2024

@briankrebs is there any article or research into reasons behind attacking sites like that? Nation states trying to prevent access? (seems too short term to be worth it). Script kiddies? (I took down a non profit helping people yay?).

I can sort of understand kind of protest by ddosing some oil company or whatever. But internet archive, Wikipedia or what have you ?

Show threadRastal
@drizzy @briankrebs sometimes it is for no other reason than hacking for the lulz, no further thought process necessary.
Oct 12, 2024 at 12:41pmWeb